Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my PC is infected!
    • Ransomware First Aid
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Public Betas
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 675 results

  1. Win 10 after autoupdate to 8894. I now have what looks like Pacman eating my EAM taskbar icon.
  2. Win 8.1, EAM 8839 In Protection - BB - if I type eg: 'ked' (without quotes) in the search field the display is filtered to show just the instances of 'KEDITW32.exe' (my text editor) that are running. If I then append some random chars to 'ked' making it eg 'kedjkl' the display does not change. But I seriously doubt that there are any entries that actually contain 'kedjkl', which I think is misleading. If I enter 'wav' in the search field I'm shown 7 programs, none of which have "wav" in any visible text. It's not just matching on "w" or "wa" though because as I entered "wav" I paused between chars. That's to say, with just "w" in the search field I see more than 60 entries, then with "wa" I see 12 entries, then with "wav" I see 7. I realise that "wav" might occur in some field that's not displayed to the user, but that's quite confusing if it is the case. So, suppose I then right-click one of the seven lines and choose "Open file location" or "File properties"... absolutely nothing happens. I've done this several times with different entries and regularly see nothing (and two of those seven lines are 'KEDITW32.exe" ones). But, if I go back to the display based on 'ked', selecting one of those programs DOES open the file location or show its properties.
  3. Update: After running EEK and FRST, the 2 quarantined copies of Trojan.Scam.MN (B)were gone. Only FRST remained in quarantine list and I deleted it. I searched PC for Trojan.Scam and got no results. If this is normal, you can close this case and I'll delete any remnants of EEK and FRST. Thanks. During regular scan EMSI Anti-Malware found 2 copies of Trojan.Scam.MN (B) and quarantined them see Original Scan-Forensics_180822-181418.txt. I requested deletion, but got message saying virus was deeply imbedded, and to come here for instructions how to delete. I ran EEK and scan seems clean (see attached log). I tried to run FRST, but it got quarantined (by EMSIsoft) while running. Message said it was it was trying to change Firewall settings. I didn't expect both to run per your instructions. I tried to follow all instructions exactly. Forensics_180822-173717.txt scan_180822-173117.txt
  4. I think we have the same problem with: Every time I close the Task Manager my cpu usage is high like 80% no programs started completely idle. The only thing I can see in Process Explorer constantly appearing and disappearing is this with a Processid that can change. Examples: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} or C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} .. I followed the guide and made some steps.. Please look at my JRT.txt and AdwCleaner[C00] I hope you can help me with this matter cause I really don't know what to do. I thought it's only a small problem... AdwCleaner[C00].txt JRT.txt Edited: Adding Uploaded Files - Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt EEK Reports Addition.txt FRST.txt scan_180822-222011.txt scan_180822-223620.txt
  5. Hi i have a persistent malware infection in win10x64 (latest updates till aug 2018) i have did clean install several times (i have other drive as well that has data which was not formatted) but after working for some time infection returns usually after reboots or installing software or doing windows update etc. following happens 1)avast antivirus does not detect any thing but continously uses around 10% CPU. 2)installed malwarebytes, but some times it works other times malware protection and ransomware protection turnf off by own and do not turn back on. 3)bitdefender antivirus does not detect any thing. 4)comodo antivirus also does not detect any thing but uses 25% cpu. 5)Avira antivirus also does not detect anything. if computer goes to sleep or if it is restarted, then the password of computer gets changed by malware i have to reset using 3 secret questions (win10x64). 6)if malwarebytes is able to work then ok otherwise taskmanager or any other app says you dont have permissions etc. Also System tries to go udp pot 137 log copy of outpost firewall blocked logs SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 SYSTEM OUT UDP 137 hence now formatted system and reinstalled win10x64 (i have other drive as well that has data which was not formatted)and installed emsisoft antimalware, it also does not detect any thing. then read ur manual malware removal guide. ran Autoruns and the found detected viruses by virustotal. entries of virustotal show some files are infected but that has been detected by one antivirus company only. I copes all these files to a folder and zip them and ran analysis on virustotal and hybridanalysis as well , they said infected. uploaded on of the files to and ran on win7x64 it also said infected. when i turn off emsisoft to check the above mentioned issues return back. what can i do now? how can i replace these infected files or if u can add this to ur virus database and remove it somehow. or tell me steps to do to get this resolved. regards. sparta Infected
  6. That was pretty weird, first youtube opened by itself, then i was waiting if something else would happen and then the unity3d page where it downloads the program opened by itself, the sites seemed legit though. Emsisoft antimalware doesnt find anything. Farbar logs: FRST.txt Addition.txt
  7. Added a couple of rules yesterday set to "block and notify". Today they are set to "block silenty" Bug maybe? Win 7 x64 A side note; Had to take a big list file that i added off, took forever to enter a new rule. After set to defualt (host rules) it was faster.
  8. On Windows 10 I saw this in System Event viewer logs this morning. I rebooted just now and it shows again. I have FastBoot disabled. It doesn't show on Win 7. shutdown.txt
  9. Upgrade was smooth. Will test shutdown and report
  10. My sister's Win 10 Asus pc has been acting badly. I downloaded free Emsisoft. I have the paid version on my PC and know it's great. I ran a Malware scan and 4 suspicious files were found. When I tried to delete and then quarantine them, Emsisoft put up the message "removing these … high risk of crashing your support … " I'm attaching the logs from EEK and FRST. The culprits are: Gen:Variant.Strictor.83319(b) Gen:Trojan.Heur.FU.ju)@aSTEIDhl(B) Gen.Variant.Graftor.53846(B) Gen:Variant.Strictor.83393(B) FRST_23-07-2018 17.41.35.txt Addition_23-07-2018 17.41.35.txt
  11. Updated via autoupdater. Win 10 64bit All seems well. It took 37 seconds for EAM to restart itself after I press restart.
  12. Auto-updated to 8824 on Win 7 64 bit. Error shown in event viewer Faulting application name: a2service.exe, version: 2018.7.0.8824, time stamp: 0x5b5f47cb Faulting module name: a2engine.dll, version: 2018.7.0.306, time stamp: 0x5b55cbd3 Find attached debug logs, forensics txt and event viewer info a2service_20180802174336(3180).zip
  13. I see it says.. ''Settings/Advanced: checkbox 'Start on Windows startup' GUI issue after update to beta'' So it's right that I see after update ''Start on Windows startup has been changed to enabled'' in Forensics?
  14. Hi, I uninstalled emsisoft after I thought that I didn’t need it anymore, but I remembered that I still had files in quarantine when I uninstalled. What happened to these files? I’m worried that the malware was let loose on my computer again, especially since malwarebytes just alerted me of some PUPs...
  15. I saw after the update the scan performance has improved. It changed its default scan level. Now it is set to fast and when I ran some EICAR test files it didn't detect 7 out of 8. After setting de default option to balanced again it detected al 8. I was thinking that this could be the case of the new scan level, but also when you open the EICAR files it didn't detect any. Is this normal?
  16. The beta updated smoothly. Good start
  17. It's a bit unpredictable at times. When it first opens at default view you see Process...ID.. and Description. Company and Status are not visible unless you go full screen. If you then move Company and Status along to the left so they are visible in default view, Description gets truncated. But this truncation doesn't happenevery time. Thanks for allowing me to have full list of BB visible via dragdown on bottom right of BB panel.
  18. And I'm totally freaked out. 7/26/2018 4:35:54 PM Scanner detected Medium risk Malware "Adware.Linkury.CX (B)" 7/26/2018 4:36:44 PM Scanner detected High risk Malware "Adware.Linkury.CX (B)" logs.db3 FRST.txt Addition.txt scan_180726-163012.txt
  19. Just updated to 8750 No issues.
  20. I dont know what it was, but in case it was something malicious, here are farbar logs. Emsisoft antimalware and roguekiller and hitman pro dont find anything, malwarebytes also didnt find anything. Also i just got some firewall notification about onedrive, i dont know if it was legitimate onedrive thing or what, but windows said it prevented Microsoft onedrive and it asked do i allow it or not. The path of the program was C:\users\mstwd\appdata\local\microsoft\onedrive\onedrive.exe. Is that legit path and file? FRST.txt Addition.txt
  21. Hi, it's me again. Today I scanned my laptop with this Rkill, I don't know why, maybe I souldn''t have but earlier it never showed this: Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir] I attach the Rkil log. Should I be concerned about i? I immediately scan the whole computer with EEK but nothing was found, the same with Adwcleaner Just in case FARBAR logs here: Rkill.txt FRST.txt Addition.txt EEK_scan_180717-202459.txt Now it's gone but I;m curious whta that was Rkill.txt
  22. Windows 10 build 17134.165 using 8750 This issue has happened for a little while now, since before last Win Update and before EAM build 8750. I thought it was something to do with the red cross on the Defender icon at boot for a few minutes before it then disappeared. However I think that may be because I have FastBoot disabled. After reading some clues from other users I can now say that if you hover over the yellow ! mark on Defender taskbar icon it will say 'Actions Needed'. But when you go to the Security Center for Defender all is green and well. BUT.. if you shut down EAM protection and start Defender from Security Center then you will see that there is a yellow ! mark on the Defender virus shield telling you that One Drive hasn't been set up. There is a Dismiss link you can click. When you click it the yellow ! goes away, and restarting EAM shows the mark has gone from the Defender taskbar icon. So EAM is stopping the enabling of One Drive by ''hiding'' the message from the Security Center. EDIT.. I have no debug logs for this I am afraid, but am 100% sure EAM is the cause.
  23. I recently have been getting some crash "Blue Screens" on my computer. I have your Emsisoft Anti-malware software on my computer and nothing shows up when I run the scan. I attached the logs you requested from EEK and FRST. Thanks, Jerry FRST_14-07-2018 10.38.59.txt Addition_14-07-2018 10.38.59.txt scan_180714-102854.txt
  24. Hi there guys, I recently helped a firend to clear his laptop (Dell, Windows Home 10, 64-bit) What happened was he got some pretty bad PUPs and other dirt. I was able to clean it up meticulously with Emsisoft Emergency Kit, I checked Firefox extensions according to Emsisoft article here, I ran many scans and it is clean now. No redirection, no PUPs, nothing, zilch, looks like it's clean and it is clean. Everything is working as it should be working. The only thing that is left is the list of greyed out exclusions that these viruses and malware programs forced Windows defender Antivirus to exclude. You can't remove them because they greyed out. Obviously I found them in the registry with the location: Komputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths Here is the screenshot of the keyes I need to delete. They are exactly correspond to the greyed out exclusions in Wndows defender Antivirus that I also need to delete. But I can't delete the registry keys because of the error pop-up. It's like catch 22 situation. Of cource I can do a clean Windows refresh install with but maybe there;s some ways to delete first these registry keys and then maybe the exclusion list will "ungrey" automatically because doing a new install is too easey and the computer seems to be working just fine. Even better than before after I cleand all these dirt. Please help