Jump to content

CelticCoder

Member
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About CelticCoder

  • Rank
    Member
  • Birthday July 3

Profile Information

  • Gender
    Male
  • Location
    Dublin, Ireland
  1. Hi Arthur, I ran EmsiClean and then after the first reboot I ran it again to see what it might show. I have attached the log. However, I think that the message is a false positive as it came up again when I checked after the next reboot. At that stage I reinstalled Emsisoft successfully Thanks for your help! You can close this ticket. Kind Regards, Liam EmsiClean_2020.12.10_11.37.01.txt
  2. Hi Support, This issue started with the uninstall of a problematic Windows Update (KB4586878). I resolved the problem with the DNS, but then Emsisoft started giving problems. I uninstalled the software but an attempted reinstall gave the "A version of this software is already installed" error. As per this article: https://help.emsisoft.com/en/1787/how-do-i-completely-uninstall-an-emsisoft-product/ I ran EmsiClean and attached the log. Emsisoft version: 2020.12.1.10579. Device details: Name: DESKTOP-SNF8BOK OS: Microsoft Windows 10 Pro 10.0.18363 (64-bit) Laptop: Acer NC-E1-571
  3. Hi Arthur, That's a very clear explanation! Thanks very much! Regards, Liam
  4. Yes, the issue is addressed. My only question is why this is logged on a daily basis? Is Emsisoft attempting this code injection into a system process each time that it runs? Thanks, by the way, for the prompt response!
  5. I see that the following comment addresses the issue: https://support.emsisoft.com/topic/29131-code-integrity-determined-that-the-page-hashes-of-an-image-file-are-not-valid-a2hooks64dll/?do=findComment&comment=181892
  6. Hi Emsisoft Support, Event viewer has the following entry for each day for the past several months. Since it is an "Information" error, I had missed it previously. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 08/02/2019 10:19:23 Event ID: 6281 Task Category: System Integrity Level: Information Keywords: Audit Failure User: N/A Computer: new-PC Description: Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to un
  7. Hi Kevin, Thanks for the help, much appreciated! Regards, Liam.
  8. Hi Kevin, I have attached the "Fixlog.txt" file. Thanks! Liam. Fixlog.txt
  9. Hi Kevin, Apologies for the delay in responding to your last post! I have attached two scans from EEK. The first (scan_170529-113754.txt) is the standard scan and the second (scan_170529-114608) is a direct access rootkit scan. Also attached is the FRST.txt and the Addition.txt. Interestingly, there are an "A" and "Z" users created yesterday: ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-28 23:24 - 2017-05-28 23:24 - 00522681 _____ C:\Users\Akwnl\debate-phenomena-civilizati
  10. Hi Kevin, Thanks for creating the fixlist! I have attached the output. However, it seems that these users / files have already been deleted and new ones have been created. I am going to uninstall Cybereason Ransomfree as it seems to be the culprit for these "random" users / files (see attached). As noted by Fabian on the Bleeping Computer site (https://www.bleepingcomputer.com/news/security/ransomfree-is-the-latest-app-that-tries-to-stop-ransomware-infections-on-windows/), the methodology used by Cybereason is flawed. Another reason to uninstall. Thanks! Liam. Fixlog.txt
  11. Hi Kevin, You mentioned that the logs look OK. However, is there any cause for concern about the new users and folders / files created on "2017-05-17 18:05" as noted in the FRST.txt file? ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-18 15:50 - 2017-05-18 15:51 - 00000000 ____D C:\FRST 2017-05-18 15:39 - 2017-05-18 15:49 - 00000000 ____D C:\EEK 2017-05-18 15:14 - 2017-05-18 15:51 - 00000000 ____D C:\Users\new\Downloads\Emsisoft Support 2017-05-18 09:15 - 2017-05-18 09:15 - 00
  12. Note: At the beginning of the START HERE thread, it mentions that the scans should be done with all browsers closed. However, this instruction is not repeated later in the thread when the details are given about running the scans. Should this instruction be included again at that point to alert users to the requirement?
  13. Hi Emsisoft Support, I use an Asus laptop (Windows 7 x64 SP1) and a recent Emsisoft Anti-Malware alert as given in the attached screen shot shows the following message: I use PatchMyPC (https://patchmypc.net/supported-products-free-updater) for updating selected applications on my laptop when new versions become available. However, the "C:\PatchMyPCUpdates\" folder does not seem to exist. Did Emsisoft remove this folder or is this a false positive? I have attached the screen shot and the Emsisoft Emergency Kit log (scan_170518-154302.txt) from the "C:\EEK\Reports" folder
  14. Hi Kevin, Thanks again for all your help and the explanation! Thanks! Liam.
  15. Hi Kevin, Thanks again for your help, much appreciated! I have a few final questions: - The "Delfix" program above removes all restore points and creates a new one called "End of disinfection". Is there any point then in doing a disable/enable of System Restore? - Emsisoft Anti-Malware had initially flagged that "newdev.dll" was infected. Was the DLL actually infected or was it just indicating another problem with the system? Thanks! Liam.
×
×
  • Create New...