Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my PC is infected!
    • Ransomware First Aid
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Public Betas
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 675 results

  1. The first time (in a Windows session) that I click on any of the four main panels on the EAM gui overview screen (Protection, Scan & Clean, Logs or Settings), it takes several seconds to open the relevant screen, and sometimes it doesn't open it at all.
  2. Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually executing functions that are part of a malicious dll file. Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively. One is located in C:\Windows\System32\rundll32.exe Another one is in C:\Windows\SysWOW64\rundll32.exe Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot. I scanned my computer with Emsisoft while they were runnng. The scan result attached. I ran FRABAR scan. FRST nad Addition scans attached. I also ran cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached. Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to. I don't even click on links that I send to myself not to mention some attachments coming in an email. My browser security settings don't have even one weak cipher siute and they are all with forward secrecy, My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config strengthened security settings. I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now. Should I be worried about these two rundll32.exe? EEK SCAN.txt FRST.txt Addition.txt
  3. Please see here https://support.emsisoft.com/topic/30208-aktuelle-beta-keine-deutsche-sprachdatei-mehr/
  4. Auto updated okay on Win 10. Are there supposed to be different colours here?
  5. I was getting this some time back and don't know how it got solved. Now it's back. Emsisoft scan finds it, I quarantine it and the next time E scans it's back again. Over and over. I just ran EEK and the item in question was not found. But that is probably because I had just finished a scan which found it and quarantined it. scan_181118-225318.txt FRST.txt Addition.txt
  6. I think I have an infection and would like guided help to remove. Please see attached as requested and let me know the next steps. Thank you in advance emergency scan 181113-174933.txt
  7. HP EnVY TS 17 Notbook PC Has an I7 4700 processor and 16 GB ram. This machine should be running real fast. However it seems to be really slow. After running a full clean up using Techsuite (which includes EMSI soft removal tools) I was ready to give it back to the client..AFter a reboot it started running real slow again. I ran the techsuite software again and removed 17 new items. The only thing the machine had done was site idle on the internet. Attached is the EEK report. The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home) Thanks, scan_181029-172340.txt
  8. The first hours with 2018.10.1.9026 show improvement with connection issue. The next 48h will show if all kind of issues around network connections have been fixed with this beta. So far it looks like a big improvement.
  9. Updated smoothly. I see you've made changes to grid columns. In my forensic log, the 'handles' for altering column width are almost invisible on the column headers, because the handles are white and the surrounding column title background areas are pale grey. Really it's easier to find them by drifting the mouse across where they should be and waiting for the pointer to change. Ironically the handles (or at least column separators) are much easier to see if one highlights a row; then the highlighted text is shown in black on blue and the separator is (still) white, but of course not draggable... but at least you know where the handles should be above that (if eg you highlighted row 1). Resizing the window horizontally occasionally leaves the 'Clear' button outwith the display area, albeit adding a horizontal scroll bar. It's not easy to tell which changes will add the scroll bar and which will just redraw the whole window in a smaller area. When I first started experimenting I couldn't drag the 'Component' column wide enough to see the whole of a "User <machinename>\<username>" value. It's as if there's minimum widths for other columns that limit how big one column can be dragged if the other columns are already at their narrowest settings. Later on, after having dragged the window to its full width then narrowed it again, I was able to make the 'Component' column wide enough.
  10. Upgraded ok... W8.1 64-bit laptop screen res is 900 x 1600 But display of the log is worse. If I drag the log window as wide as possible, then drag it narrower, a horizontal scroll bar appears (though how wide it is has varied in my experiments - sometimes when the window is maybe 2/3 of its full width, the scroll bar is about 95% of the smaller window's width, implying it cannot be scrolled sideways very much). Once a scrollbar is presented, actually dragging the bar sideways shows that the full display is no longer accessible. That is I'm seeing truncation of the rhs of what was previously displayed in the max-width window. I've also had the scroll-bar mysteriously vanish from the display while the window is much smaller than full-width.
  11. Win 10 1809 EAM 9018 After boot (fast start disabled) accessing the BB window I had to drag down the little pull down thing to show all items in list. However the window would not show all items until I had clicked in it.
  12. Why does my Windows 10 registry have strange characters ? Are they dangerous? Can I delete them? Computer\HKEY_CURRENT_USER\꿸๧饸๧鞀๧_ Computer\HKEY_CURRENT_USER\ Є뭔烐厡Ʋo Computer\HKEY_CURRENT_USER\†Ѐ䘭ᇈ Computer\HKEY_CURRENT_USER\* Computer\HKEY_CURRENT_USER\;
  13. Hi Gays. Emsisoft hat ein Virus im Win-10 gefunden. Wie kann man entfernen (remove)? Bitte hilfe mir. Thanks all.
  14. Guys, what are the usual signs that your unit is infected?
  15. NAO SEI COMO MAS DESDE ~~~~~~~~~~~~~~~~O~~ DIA 30/06/18 MEU NOT TEM APRESENTADO A REPETIÇAO DE TECLAS... ALG~UEM AI PODE ME AJUDAR. CREIO QUE ESTOU INFECTADO C~POR ALG~UM BUG~BEAR~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  16. Do we still have some beta testers ??
  17. Since yesterday, my PC has been infected with the virus mentioned in the title of the topic, according to Windows Defender. I deleted a couple of programs that were installed along with the virus but after a couple of restarts, command prompts and unknown programs seem to start along with Windows. In addition, there is a bunch of exclusions for certain programs in folders with made up names that Windows Defender is unable to scan. I never excluded those folders myself. What is more, these said folders are located in the Program Files (x86), ProgramData, AppData\Local\Temp, WINDOWS\Temp folders of my PC. I refrain from logging in in various sites and apps I used to, at least without creating a new password, since I'm terrified that my personal data will be compromised through the malicious program. I do not know whether they've already been compromised or the worst is yet to come. I will stand by, waiting for further instructions as to how to proceed on the matter. Thank you in advance. scan_181011-012112.txt Addition.txt FRST.txt
  18. Windows 10 1809 - EAM 8988 Frank if I go to BB and select ''add application rule'' browse to notepad.exe, select it and choose blocked, I can still open notepad. When I do open notepad I get 2 entries in BB list one listed as monitored, and one listed as blocked See screenshot. (Also why does it say n/a when you go to add an application rule?)
  19. Bonjour pouvez vous m'aider je n'arrive pas à supprimer un logiciel malveillant ,quand je le supprime il reviens toujours merci
  20. Hi, I'm running EAM on a Windows 7 machine. I've been getting scareware. EAM is not protecting against it coming in, but it does find the infection when I run a scan. It removes it and then later on it comes back. The file is found in <User>\Application Data\Local\Microsoft\Windows\INetCache\Low\IE. From what I've read, this infection is due to visiting a web site with a nasty java script. Question is how can I prevent the infection from coming back.
  21. Hello, I am not sure whether this is posted in the right place, since I am not sure that my laptop is infected at all. Since I don't know where else to turn to and since it might be related to Emsisoft Malware, I describe my problem here: Since about two weeks TLS 1.2 stopped working on my laptop. I switched it on one day and could not load any https pages anymore. I tried several browsers, all with the same symptoms. I disabled TLS 1.2 in IE11 and I could load most of the pages again as before. I can load them in IE, but not for example in Chrome which does not allow me to disable TLS 1.2. Some web pages like online banking etc. only allow access via TLS 1.2 and these are blocked for me now clearly telling me to update my browser to a safer version. Access is via Wifi, and all other devices going via that wifi don't have this issue. This includes one other laptop also protected by Emsisoft Malware and mobile phones. I switched off firewall and Emsisoft to check whether this might be a restriction from their side, but to no visible effect. I googled the Problem and followed several common pages recommending to clear SSL cache, browser history, cookies, whatever, but it didn't help. I even reinstalled Windows 10, but the Problem persisted. I am pretty sure that TLS 1.2 is at the heart of the Problem, that only my device is affected and that nomal settings resets don't seem to help. I wonder whether this could be some malware or virus so far undetected? Have you encountered such a case before? Any help or advice would be appreciated very much. Best regards, Jörg
  22. [email protected], variant graftor 183326 and 53843, variand strictor 83393 and 83319 and 58214
  23. Windows 10, version 2018.9.1.8968. Shortly after the slide that notified me EAM has been updated popped up, my Heroes of the Storm session started behaving strangely - mouse delays, inability to control cursor properly ingame. Things work fine outside of the game itself, and quitting EAM fixed the problem. Right now I have restarted EAM with all protections disabled.
  24. As of 2 days ago, my Steam installation no longer runs. Tonight I tried to launch Nvidia GEForce Experience to use Shadowplay to vidcap something, and it no longer runs either. I noticed a file in the EEK log that says it's whitelisted and comes from Intel, but I did not whitelist it and its name is vgnqwemqwejlk.exe or something equally inscrutable, which is one of the signs of malware. I have run sfc /scannow (no errors found) and reinstalled Steam and NVIDIA drivers/Experience and it doesn't help. I hope you can see something wrong in these scan logs- Thanks. Addition.txt FRST.txt scan_181005-191152.txt
  • Who's Online   0 Members, 0 Anonymous, 33 Guests (See full list)

    There are no registered users currently online