Search the Community

Please see here for first reported instance https://support.emsisoft.com/topic/29560-scan-problem-with-8668/?tab=comments#comment-184696 It has happened again today however it is not stuck on memory this time as in the details for 'still scanning'' it says the scan has finished.

I'm confused by Christian's announcement a few minutes ago that the new GUI layout version of EAM has just been released... but with betas coming thick and fast, how on earth have you managed to choose a level of functionality that isn't already known to have problems? What build level is the new stable version?

Tool tips missing.. Under BB list....Suspicious Programs Under File Guard.. Only scan files with specific extensions.

Hello, after updating to 8906 beta 3, I clicked on "Custom scan" in "Scan & Clean" tab and got an error as you can see on the image. I sent a report and logs are included here. The issue was resolved after going to Custom scan via the standard menus. Also tried going to build 8843 stable and back to 8906 beta 3 again. Same results. After going back to 8943 stable, the UI got resized and covered almost whole screen (1920x1080). After updating to 8906 beta 3 the UI got much smaller and I had to resize it to see all tabs. Also it is pretty hard (at least for me) to grab the corners of the UI to resize it. Martin Edit: Sorry fot the language on the image, I am unable to make it speak english. Logs.zip

When I expand the menu I get a large number next to the quarantine menu entry but nothing is in quarantine?

Win 10 8894 Sent report Perhaps these logs may help? a2start_20180830092322(3208).zip

Win 8.1, 64bit. Update seemed smooth. Tooltips work on minimised sidebar menu. The mysterious "5123" number next to Quarantine is no longer there - I hope that's expected! Logs appear to be sorted properly.

Upgrade was smooth. I'm using W8.1, 64bit. In the layout on the Overview screen, when one hasn't clicked on the top-left menu icon, it's still possible to click on the mini icons down the lefhand side, but hard to know what they do. I mean... quarantine is possibly meant to look liek something in a cage, but looks to me more like a washing-machine... Maybe these mini icons should produce tooltips? The Support screen talks about getting help from the "?" at the top right, but it's no longer there. Thank-you for - finally - making the About option easier to find, and taking away the problems that clicking on "Emsisoft" could previously cause... but I see one still can't copy the current version number out of the About display. Now would be a fine time to add that facility!

I am trying to use the anti-malware program to remove "idleBuddy" and I got this warning. Also, not sure if "idlebuddy" was removed with in this scan, considering that I already quarantined all the suspicious files, and the pop-up is still showing.

How do I get rid of it,

Win 10 after autoupdate to 8894. I now have what looks like Pacman eating my EAM taskbar icon.

Win 8.1, EAM 8839 In Protection - BB - if I type eg: 'ked' (without quotes) in the search field the display is filtered to show just the instances of 'KEDITW32.exe' (my text editor) that are running. If I then append some random chars to 'ked' making it eg 'kedjkl' the display does not change. But I seriously doubt that there are any entries that actually contain 'kedjkl', which I think is misleading. If I enter 'wav' in the search field I'm shown 7 programs, none of which have "wav" in any visible text. It's not just matching on "w" or "wa" though because as I entered "wav" I paused between chars. That's to say, with just "w" in the search field I see more than 60 entries, then with "wa" I see 12 entries, then with "wav" I see 7. I realise that "wav" might occur in some field that's not displayed to the user, but that's quite confusing if it is the case. So, suppose I then right-click one of the seven lines and choose "Open file location" or "File properties"... absolutely nothing happens. I've done this several times with different entries and regularly see nothing (and two of those seven lines are 'KEDITW32.exe" ones). But, if I go back to the display based on 'ked', selecting one of those programs DOES open the file location or show its properties.

Win 10 EAM 8843 I have fast start disabled and I shut down machine each night. Each morning I then have to resize the BB list (via little drag down thing in bottom right corner) so I can see lots of items at once. I would like the BB list to remember my setting for it over a Windows shutdown and startup.

Update: After running EEK and FRST, the 2 quarantined copies of Trojan.Scam.MN (B)were gone. Only FRST remained in quarantine list and I deleted it. I searched PC for Trojan.Scam and got no results. If this is normal, you can close this case and I'll delete any remnants of EEK and FRST. Thanks. During regular scan EMSI Anti-Malware found 2 copies of Trojan.Scam.MN (B) and quarantined them see Original Scan-Forensics_180822-181418.txt. I requested deletion, but got message saying virus was deeply imbedded, and to come here for instructions how to delete. I ran EEK and scan seems clean (see attached log). I tried to run FRST, but it got quarantined (by EMSIsoft) while running. Message said it was it was trying to change Firewall settings. I didn't expect both to run per your instructions. I tried to follow all instructions exactly. Forensics_180822-173717.txt scan_180822-173117.txt

I think we have the same problem with: Every time I close the Task Manager my cpu usage is high like 80% no programs started completely idle. The only thing I can see in Process Explorer constantly appearing and disappearing is this with a Processid that can change. Examples: C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} or C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} .. I followed the guide and made some steps.. Please look at my JRT.txt and AdwCleaner[C00] I hope you can help me with this matter cause I really don't know what to do. I thought it's only a small problem... AdwCleaner[C00].txt JRT.txt Edited: Adding Uploaded Files - Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt EEK Reports Addition.txt FRST.txt scan_180822-222011.txt scan_180822-223620.txt

Hi i have a persistent malware infection in win10x64 (latest updates till aug 2018) i have did clean install several times (i have other drive as well that has data which was not formatted) but after working for some time infection returns usually after reboots or installing software or doing windows update etc. following happens 1)avast antivirus does not detect any thing but continously uses around 10% CPU. 2)installed malwarebytes, but some times it works other times malware protection and ransomware protection turnf off by own and do not turn back on. 3)bitdefender antivirus does not detect any thing. 4)comodo antivirus also does not detect any thing but uses 25% cpu. 5)Avira antivirus also does not detect anything. if computer goes to sleep or if it is restarted, then the password of computer gets changed by malware i have to reset using 3 secret questions (win10x64). 6)if malwarebytes is able to work then ok otherwise taskmanager or any other app says you dont have permissions etc. Also System tries to go udp pot 137 log copy of outpost firewall blocked logs SYSTEM OUT UDP 131.253.61.86 137 SYSTEM OUT UDP 131.253.61.82 137 SYSTEM OUT UDP 131.253.61.64 137 SYSTEM OUT UDP 13.107.4.52 137 SYSTEM OUT UDP 104.27.128.190 137 SYSTEM OUT UDP 104.20.94.33 137 SYSTEM OUT UDP 74.125.24.188 137 hence now formatted system and reinstalled win10x64 (i have other drive as well that has data which was not formatted)and installed emsisoft antimalware, it also does not detect any thing. then read ur manual malware removal guide. ran Autoruns and the found detected viruses by virustotal. entries of virustotal show some files are infected but that has been detected by one antivirus company only. I copes all these files to a folder and zip them and ran analysis on virustotal https://www.virustotal.com/#/file/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9/details and hybridanalysis as well https://www.hybrid-analysis.com/sample/47b4b566e2de3e7f73a554073ba028a5b165f0918c8ec134aef9378aade196d9 , they said infected. uploaded on of the files to hybridanalysis.com and ran on win7x64 it also said infected. when i turn off emsisoft to check the above mentioned issues return back. what can i do now? how can i replace these infected files or if u can add this to ur virus database and remove it somehow. or tell me steps to do to get this resolved. regards. sparta Infected files.zip

That was pretty weird, first youtube opened by itself, then i was waiting if something else would happen and then the unity3d page where it downloads the program opened by itself, the sites seemed legit though. Emsisoft antimalware doesnt find anything. Farbar logs: FRST.txt Addition.txt

Added a couple of rules yesterday set to "block and notify". Today they are set to "block silenty" Bug maybe? Win 7 x64 A side note; Had to take a big list file that i added off, took forever to enter a new rule. After set to defualt (host rules) it was faster.

On Windows 10 I saw this in System Event viewer logs this morning. I rebooted just now and it shows again. I have FastBoot disabled. It doesn't show on Win 7. shutdown.txt

Upgrade was smooth. Will test shutdown and report

My sister's Win 10 Asus pc has been acting badly. I downloaded free Emsisoft. I have the paid version on my PC and know it's great. I ran a Malware scan and 4 suspicious files were found. When I tried to delete and then quarantine them, Emsisoft put up the message "removing these … high risk of crashing your system....contact support … " I'm attaching the logs from EEK and FRST. The culprits are: Gen:Variant.Strictor.83319(b) Gen:Trojan.Heur.FU.ju)@aSTEIDhl(B) Gen.Variant.Graftor.53846(B) Gen:Variant.Strictor.83393(B) FRST_23-07-2018 17.41.35.txt Addition_23-07-2018 17.41.35.txt

Updated via autoupdater. Win 10 64bit All seems well. It took 37 seconds for EAM to restart itself after I press restart.

Auto-updated to 8824 on Win 7 64 bit. Error shown in event viewer Faulting application name: a2service.exe, version: 2018.7.0.8824, time stamp: 0x5b5f47cb Faulting module name: a2engine.dll, version: 2018.7.0.306, time stamp: 0x5b55cbd3 Find attached debug logs, forensics txt and event viewer info a2service_20180802174336(3180).zip

I see it says.. ''Settings/Advanced: checkbox 'Start on Windows startup' GUI issue after update to beta'' So it's right that I see after update ''Start on Windows startup has been changed to enabled'' in Forensics?

Hi, I uninstalled emsisoft after I thought that I didn’t need it anymore, but I remembered that I still had files in quarantine when I uninstalled. What happened to these files? I’m worried that the malware was let loose on my computer again, especially since malwarebytes just alerted me of some PUPs...