Jump to content


Visiting Expert
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by quietman7

  1. That's good news. I quoted your statement and reposted it at Bleeping computer and Microsoft Answers.
  2. The detection has also been reported at BleepingComputer and at Microsoft Answers forum
  3. Installed the new version today and one of the first things I noted was the About button was no longer there. So I headed over to the blog and read...New: Emsisoft Anti-Malware 12 – Keeping you safe from ransomware where I found Christian had provided the answer a few days ago in the comments section. I personally like the new design and use of the product logo to provide version info especially since it is available no matter what menu tab you are looking at. Great job as always Emsisoft Team.
  4. AdwCleaner is a portable adware cleaner that is designed to search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware as well as related services, registry entries (values, keys), files, folders and potentially unwanted extensions. When first run AdwCleaner includes options under the tabs to show what was found and to allow disabling detections you want to keep since not all detections are necessarily bad. AdwCleaner will clean Chrome and Firefox extensions and Add-ons. If you find a false positive, you can uncheck elements in both Chrome and Firefox sections. In some cases AdwCleaner may detect items related to legitimate programs...just ignore such detections. The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If in doubt about a particular detection, a Google search should be performed to gather additional information before removal or ask a malware removal expert for assistance. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
  5. You have to be careful when conducting searches on the Internet as there is a lot of misinformation out there. Scammers take advantage of uninformed folks and entice them into downloading junk software using gimmicks, false claims and other deceptive advertising. When performing search queries, always check multiple sources to confirm the information provided is consistent and essentially the same. Many site rating vendors (i.e. McAfee SiteAdvisor, WOT) use a system of volunteer testers that continually patrol the Internet to browse sites, download files, and submit informmation. All the results are documented and supplemented with feedback from users, Web site owners, and analysis from their own employees. The advising site vendor then summarizes the results sometimes into a color-coded red, yellow and green ratings scale to help inform Web users as to the safety of each tested site. While these tools are useful, they are not foolproof and sometimes may provide misleading ratings. Just because you visit a risky site does not automatically mean the site is bad or that your system has been infected by going there. Thus, the use of such rating sites does not always guarantee an accurate rating of the results they provide. I do not put much trust in any of these site rating vendors. They are not foolproof, sometimes provide misleading ratings and can provide a false sense of security to those who rely on them.
  6. I never used that option but good to know it is there. Odd that this only started happening a few days ago and the responsible guarantined itemed was there for almost a year. Anyway, this issue has been resolved. Thank you GT500 for your assistance and looking into this matter. EAM support is the best.
  7. I repeated the same procedure on my Desktop. Same result...no more alerts.
  8. I cleaned out the entire quarantine history from both ESET and EAM on my laptop, rebooted and then updated EAM. This time it created a single tmp0000000 file after installing which I opened when all complete. It was 0 bytes and contained no info. There was no detecton alert by ESET. I double-checked with a context menu scan from both EAM and ESET which did not find anything. Doing that appears to have solved the issue on this laptop...I will do the same on my Desktop later this afternoon. However, it would be interesting to know why these temp files apparently recreated/imported the Destruko info contained in that old notepad .txt file which prompted the Generic.ScriptWorm.BCA56FBF (B) and VBS/AutoRun.BT alerts.
  9. What I don't understand is how these temp files are recreating/importing the exact same Destruko info that was contained in a notepad .txt file removed over a year ago. That action appears to explain why they keep being detected by both ESET and EAM.
  10. This is odd. I just checked through all of EAM's Quarantine history and noted two similiar "Generic.ScriptWorm.BCA56FBF (B)" detections from last year on .txt files in one of my malware removal folders with notes related to DESTRUKTO. That folder contains notes for hundreds of malware infections. Only the DESTRUKTO.txt file was detected. I just submitted that one too. Edit: The more I thought about the contents of the temp files I posted above, the more that info looked familiar. I temporarily paused EAM and restored the DESTRUKTO.txt file that was removed from my notes last year and sure enough, it contained the same exact information....word for word. I enabled EAM again and that .txt file was immediately detected as Generic.ScriptWorm.BCA56FBF (B).
  11. All these temp files placed in quarantine were detected as VBS/AutoRun.BT worm by ESET. However, if I open one in notepad and actually save it with a txt file extension, EAM does detect it as "Generic.ScriptWorm.BCA56FBF (B)" and sends them to quarantine. If I disable ESET, EAM detects them after it has updated itself when choosing scan from the context menu. Scan start: 4/9/2015 10:11:23 AM C:\Windows\Temp\tmp00002bc9\tmp00000002 detected: Generic.ScriptWorm.BCA56FBF (B)I just submitted one named tmp00000004.txt and the same renamed as detection.txt via EAM's submit file in the Quarantine list. As I said, they only appear when EAM is installing an update and according to ESET, they are created by a2service.exe. Is EAM unpacking some archive when doing that?If one of your developers says the files are created by EAM and a malware analysts confirms it is a real worm...there appears to be a conflict in the findings. I just tried that and it contains information about....Virus Destruktibo (DESTRUKTO)...with removal instructions.In fact every such temp file contain the same exact contents when I open them.
  12. I just did another EAM update to test and monitor the process. The temp files are created during the install phase at the very end of updating. At that point ESET is detecting and removing them. Only a renamed tmp00000000 0 byte file is left in the folder. Edit: Although these files are immediately removed, EAM indicates the database has been successfully updated.
  13. Looks like more than ESET are detecting them. VirusTotal results: tmp00000004 tmp00000002 Jotti Virusscan tmp00000002
  14. No they did not. As I understand it from reading topics at their forum, they typically do not respond back to such reports. As of this morning, I am still getting alerts when the temp files are created. Excluding the a2service.exe in ESET does not help.
  15. Thanks GT500...I figured as much but wanted to be sure your team was aware. I will get samples out to ESET today.
  16. After the lastest update I started to get reppeated detection alerts for VBS/AutoRun.BT. I opened the log file for more information and it appears to be detecting EAM's a2service.exe I thought I would let you know in case others start reporting this. I tried to report the detection at the ESET forum but unforutunately was unable to create an account there and register.
  • Create New...