Search the Community

On Windows 10 I saw this in System Event viewer logs this morning. I rebooted just now and it shows again. I have FastBoot disabled. It doesn't show on Win 7. shutdown.txt

Upgrade was smooth. Will test shutdown and report

My sister's Win 10 Asus pc has been acting badly. I downloaded free Emsisoft. I have the paid version on my PC and know it's great. I ran a Malware scan and 4 suspicious files were found. When I tried to delete and then quarantine them, Emsisoft put up the message "removing these … high risk of crashing your system....contact support … " I'm attaching the logs from EEK and FRST. The culprits are: Gen:Variant.Strictor.83319(b) Gen:Trojan.Heur.FU.ju)@aSTEIDhl(B) Gen.Variant.Graftor.53846(B) Gen:Variant.Strictor.83393(B) FRST_23-07-2018 17.41.35.txt Addition_23-07-2018 17.41.35.txt

Updated via autoupdater. Win 10 64bit All seems well. It took 37 seconds for EAM to restart itself after I press restart.

Auto-updated to 8824 on Win 7 64 bit. Error shown in event viewer Faulting application name: a2service.exe, version: 2018.7.0.8824, time stamp: 0x5b5f47cb Faulting module name: a2engine.dll, version: 2018.7.0.306, time stamp: 0x5b55cbd3 Find attached debug logs, forensics txt and event viewer info a2service_20180802174336(3180).zip

I see it says.. ''Settings/Advanced: checkbox 'Start on Windows startup' GUI issue after update to beta'' So it's right that I see after update ''Start on Windows startup has been changed to enabled'' in Forensics?

Hi, I uninstalled emsisoft after I thought that I didn’t need it anymore, but I remembered that I still had files in quarantine when I uninstalled. What happened to these files? I’m worried that the malware was let loose on my computer again, especially since malwarebytes just alerted me of some PUPs...

I saw after the update the scan performance has improved. It changed its default scan level. Now it is set to fast and when I ran some EICAR test files it didn't detect 7 out of 8. After setting de default option to balanced again it detected al 8. I was thinking that this could be the case of the new scan level, but also when you open the EICAR files it didn't detect any. Is this normal?

The beta updated smoothly. Good start

It's a bit unpredictable at times. When it first opens at default view you see Process...ID.. and Description. Company and Status are not visible unless you go full screen. If you then move Company and Status along to the left so they are visible in default view, Description gets truncated. But this truncation doesn't happenevery time. Thanks for allowing me to have full list of BB visible via dragdown on bottom right of BB panel.

And I'm totally freaked out. 7/26/2018 4:35:54 PM Scanner detected Medium risk Malware "Adware.Linkury.CX (B)" 7/26/2018 4:36:44 PM Scanner detected High risk Malware "Adware.Linkury.CX (B)" logs.db3 FRST.txt Addition.txt scan_180726-163012.txt

Just updated to 8750 No issues.

I dont know what it was, but in case it was something malicious, here are farbar logs. Emsisoft antimalware and roguekiller and hitman pro dont find anything, malwarebytes also didnt find anything. Also i just got some firewall notification about onedrive, i dont know if it was legitimate onedrive thing or what, but windows said it prevented Microsoft onedrive and it asked do i allow it or not. The path of the program was C:\users\mstwd\appdata\local\microsoft\onedrive\onedrive.exe. Is that legit path and file? FRST.txt Addition.txt

Hi, it's me again. Today I scanned my laptop with this Rkill, I don't know why, maybe I souldn''t have but earlier it never showed this: Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir] I attach the Rkil log. Should I be concerned about i? I immediately scan the whole computer with EEK but nothing was found, the same with Adwcleaner Just in case FARBAR logs here: Rkill.txt FRST.txt Addition.txt EEK_scan_180717-202459.txt Now it's gone but I;m curious whta that was Rkill.txt

Windows 10 build 17134.165 using 8750 This issue has happened for a little while now, since before last Win Update and before EAM build 8750. I thought it was something to do with the red cross on the Defender icon at boot for a few minutes before it then disappeared. However I think that may be because I have FastBoot disabled. After reading some clues from other users I can now say that if you hover over the yellow ! mark on Defender taskbar icon it will say 'Actions Needed'. But when you go to the Security Center for Defender all is green and well. BUT.. if you shut down EAM protection and start Defender from Security Center then you will see that there is a yellow ! mark on the Defender virus shield telling you that One Drive hasn't been set up. There is a Dismiss link you can click. When you click it the yellow ! goes away, and restarting EAM shows the mark has gone from the Defender taskbar icon. So EAM is stopping the enabling of One Drive by ''hiding'' the message from the Security Center. EDIT.. I have no debug logs for this I am afraid, but am 100% sure EAM is the cause.

I recently have been getting some crash "Blue Screens" on my computer. I have your Emsisoft Anti-malware software on my computer and nothing shows up when I run the scan. I attached the logs you requested from EEK and FRST. Thanks, Jerry FRST_14-07-2018 10.38.59.txt Addition_14-07-2018 10.38.59.txt scan_180714-102854.txt

Hi there guys, I recently helped a firend to clear his laptop (Dell, Windows Home 10, 64-bit) What happened was he got some pretty bad PUPs and other dirt. I was able to clean it up meticulously with Emsisoft Emergency Kit, I checked Firefox extensions according to Emsisoft article here, I ran many scans and it is clean now. No redirection, no PUPs, nothing, zilch, looks like it's clean and it is clean. Everything is working as it should be working. The only thing that is left is the list of greyed out exclusions that these viruses and malware programs forced Windows defender Antivirus to exclude. You can't remove them because they greyed out. Obviously I found them in the registry with the location: Komputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths Here is the screenshot of the keyes I need to delete. They are exactly correspond to the greyed out exclusions in Wndows defender Antivirus that I also need to delete. But I can't delete the registry keys because of the error pop-up. It's like catch 22 situation. Of cource I can do a clean Windows refresh install with but maybe there;s some ways to delete first these registry keys and then maybe the exclusion list will "ungrey" automatically because doing a new install is too easey and the computer seems to be working just fine. Even better than before after I cleand all these dirt. Please help

Hi guys, I need some help to remove a malware "Gen:Variant.Graftor.494726 (B)" which EMSISOFT found today. The software couldn't delete this. Error "Couldn't delete, cause of high risk to damge system." occured. Thnks for help. Gretings, Claas

Hi I typed the name of a trusted website into the Google search box, clicked on that site and got redirected to an ‘advertisement’ saying ”Dear Chrome user, you are today’s lucky visitor…”. Something about a 2018 Annual Visitor Survey. The address bar displayed: play1549.i-our-prize60.loan. I didn’t click on anything and closed the window with the red x button top right. I haven’t downloaded anything for a while but checked in Programs and Features for anything unusual. There wasn’t. I ran EAM which found nothing. The Google redirect hasn’t happened again. I attach following logs. Thanks John FRST.txt Addition.txt scan_180628-220844.txt

Smooth autoupdate

I am checking for any possible malware on my system, emsisoft antimalware, roguekiller and malwarebytes dont detect anything suspicious. But is there anything in these farbar logs? Btw, my emsisoft software said FRST.exe was suspicious and asked for my permission to allow it since it was trying to modify firewall somehow, i didnt manually approve it so the emsisoft then put the software in quarantee and shutdown the program, but the farbar was still able to make these logs, did that emsisoft interference make these logs less reliable in detecting malware? I decided to not approve the modification, because i dont know what it would do, so i will just upload these logs and if you need me to rerun farbar with approving the firewall modification i can give you new logs later. Also heres the rkill log too FRST.txt Addition.txt Rkill.txt

Here's everything you need. Addition.txt FRST.txt scan_180617-172558.txt

I have this impossible-to-delete-without-damage-your-cmp Rootkit problem and I don't know if it's this Cloudnet malware. I cannot access to windows defender, too, I tried many manually things. Ah, when I run an EEK scan after the results an 'Activate EEK protection' download pop up but then its says that's something wrong scan_180605-154342.txt Addition_05-06-2018 15.51.50.txt FRST_05-06-2018 15.51.50.txt

Every time Chrome is opened it redirects to Yahoo search. Chrome is set as default. EAM scans haven't shown any issues but I wanted to make sure there wasn't a PUP or malware. Thank you! scan_180614-105720.txt Addition.txt FRST.txt

Hello I was unable to remove file/program that keeps popping up on the desktop. The pop up is a small blue rectangle box with the words "please wait" Task manager has this app named "Windows Static Word (32bit)" File location is in C:/user/AppData/Roaming/StaticCheck/Audiod.exe The Audiod.exe file is associated with AnyCom I have used task manager to end the process as I was unable to simply remove the program from the task bar, and continued to delete the StaticCheck folder with the Audiod.exe file once the process has been cancelled. The file and folder keeps on regenerating followed up by the annoying pop up "please wait" I have tried using Malawarebytes / CClener and your own EMSI cleaner, all have been unsuccessful. Any advice would be appreciated as there does not appear to be much info in regards to this file? Regards Del audiod.exe