Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 714 results

  1. I updated manually the EEK I already had. (took a while to install the updates ) I right-clicked on EAM taskbar icon and selected to stop protection. Then I did a manual scan with EEK which found my eicar test file. EEK then asked about my current protection etc etc and offered to enable Emsi protection for me. I clicked on it and EEK disappeared. EAM gui then came up in red. All protection disabled. It is not possible to re-enable protection by the individually tickboxes in the GUI (surf protection, file guard etc) EAM service is not running in taskmanager but is shown as running in services, There is no icon for EAM in taskbar and starting EAM from start menu only starts GUI but no protection is possible. I suspect a restart of machine will fix this. Here are logs of EEK and also EAM in case they help explain what broke EAM. EDIT,,, In case it's of interest added radar pre leak thing from event viewer. a2start_20171128055850(3148).zip a2emergencykit_20171128060322(3536).zip radar.txt
  2. Frank just wondering if you can see any reason why sometimes it takes so long for the first update of the day to happen after a cold boot on Win 7 (machine turned off at night) This morning it took 18 minutes from when protection first started. Yesterday 16 minutes. The day before that 2 minutes. The day before that 9 minutes. Auto updates during the day are fine and on time. Debug logs for today plus forensics .txt attached. a2service_20171024044106(852).zip Forensics_171024-050217.txt EDIT.. just noticed that it seems to want to update after cold boot at the same time of day as the last update the day before . Should it be doing that?
  3. After starting the chrome browser last evening my husband's computer displayed a popup that covered most of the screen with a message supposed from support.windows.com. The message said ** Windows Warning Alert ** Malicious Pornographic Spyware/Riskware Detected and that it was necessary to call 888 596 8332. He rebooted his machine and all seemed well until it came back this morning. I took photos of the messages and ran the requested scans and restarted (not a complete reboot) the machine. After rebooting Chrome opened automatically, but the message is not displayed. Screen shot photos and logs are attached. Thanks for your help, Katrina Adams. logs.db3FRST.txtAddition.txt
  4. I have downloaded all files and even paid the $39 to purchase the license. However I cannot ever delete or quarantine anything. Every time I try I get the same error which is: Runtime Error (at 65:231): Step 3 Error (170): The requested resource is in use. This is happening no matter what virus software I try to run. I hear good things about your so I tried it but still to no avail I cannot run anything. So I haven't been able to login with my subscription or anything since nothing will run. Addition.txt FRST.txt EEK Report scan_171122-204435.txt
  5. I have no idea how Bing got onto my computer but I resent the imposition so could someone please advise me how to dump it. Many thanks.
  6. Hi there, I scanned my computer a while back for malware and found out about what's in the title. Now I've been trying for a while to get rid of this shit and would really appreciate help as soon as possible. Files of the scans are located below, thanks again. Emisoft Scan.txt FRST.txt Addition.txt
  7. Hello, shortly after updating to the newest beta, I noticed that while update is in progress, Forensic logs falsely alert user to an update failed from not know reasons (Wystąpił nieznany błąd aktualizacji = An unknown error occured). As you can see in the box below (copied the entire log content) and on the screenshot attached, there is an information about files not being updated, moreover, the date is definitely wrong. This is nothing very important, and this error disappeared right away update was finished, but someone might be alerted to it as an error. Ogólne informacje: Wersja 2017.11.0.8219 Start aktualizacji: 26.11.2017 12:19:31 Koniec aktualizacji: 01.01.1970 Czas trwania: 12:19:31 Wystąpił nieznany błąd aktualizacji Szczegółowe informacje: 62 Modułów, 23826551 Bajtów a2hosts.dat (3741 Bajtów) - Nie zaktualizowano a2trust.dat (464 Bajtów) - Nie zaktualizowano Signatures\20171126.sig (2066 Bajtów) - Nie zaktualizowano Signatures\BD\dalvik.ivd (341 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i00 (1605 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i15 (194527 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i16 (220104 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i17 (323 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i18 (345017 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i19 (333021 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i20 (4068 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i21 (414471 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i22 (386263 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i23 (4248 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i24 (3236 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i25 (378528 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.000 (348504 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.379 (693 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.385 (310 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.391 (116416 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.393 (138395 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.394 (264 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.396 (78177 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.403 (163515 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.404 (173824 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.405 (147370 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.407 (2309 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.408 (113037 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.409 (2706 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.410 (247725 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.411 (171290 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.412 (207364 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.413 (216947 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.414 (190591 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.415 (225605 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.416 (34724 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.417 (258129 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i05 (767284 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i06 (34763 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i07 (848710 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i08 (827222 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i22 (92423 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i25 (754197 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i26 (766946 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i27 (453822 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i29 (853650 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i32 (295449 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i38 (744114 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i50 (597311 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i55 (706835 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i56 (694485 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i57 (719537 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i61 (735254 Bajtów) - Nie zaktualizowano Some explanations because of Polish language used in the log: Start aktualizacji = Start of update Koniec aktualizacji = End of update Czas trwania = Duration Nie zaktualizowano = not updated And the issue can be seen also on the following screenshot:
  8. EAM 7353 on Win 10 Pro 64 bit build 1703. What is this Mem Compression just shown as verifying?
  9. EAM on win 10 Pro 64bit I paused EAM while I re-downloaded Eicar to test scanning. EAM restarted protection and while EAM was doing a malware scan I was looking in the Event Viewer. EAM caught Eicar and then I noticed scan was stuck on 99% on C\Windows\write.exe Could not use taskmanager to do a dump of Emsi, nothing at all would work so I did a hard shutdown. Find enclosed debug logs. + Screenshot of stuck scan before all desktop froze as well. +Screenshot of forensic logs for today +txt file of event viewer error for a2service radar_pre_leak64 a2guard_20170901102833(2972).zip
  10. Did we ever get it sorted about why so many event id 15 entries appear in the Windows Event Manager? I remember this from quite a while agao but cannot find post for it at the moment. This is from today's update to beta 7353 on Windows 10 using EAM They say.... Updated Emsisoft Anti-Malware status successfully to SECURITY_PRODUCT_STATE_ON.
  11. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Execute malicious file (Locky variant) 2. Behavior blocker eventually detects suspicious activity, AMN query is performed, Bad reputation is returned, and the behavior blocker auto-resolves the file by terminating and sending to quarantine 3. The malicious process still appears in the behavior blocker list of actively running processes, but the process is not in active memory on the system 4. In the behavior blocker list, right-click on the process and select any of the context menu options and nothing happens (as expected) 5. Reboot system removes process from the behavior blocker active list 6. This same quirk happens when an active Bad reputation process, that just sits there and does nothing to trigger the behavior blocker, self-terminates Locky_Variant__diablo6.zip termsrv.zip
  12. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Extract malware pack 2. Files are detected by File Guard real-time protection 3. Detected files are auto-quarantined and added to the Quarantine folder with .EIQF extension 4. Not all detected and auto-quarantine files appear in the GUI Quarantine list 5. Also some event logging quirks appeared in the Forensic Log during the process of detection and auto-quarantine There are occasional duplicate entries. The Component\Action sequences are OK. In the image below, take note of duplicate, identical line items for: xls.xls (there is a duplicate "infection quarantined") JbhbUsFs.exe (there is a double behavior blocker detection and Core notification) Minor GUI stuff; the applicable protections themselves are working. 11-8-17_6.7z
  13. I am having a problem removing two files. I keep getting a syntax error. Is there something wrong with this script: DeleteFile: ReplaceWithDummy C:\Users\OWNER\AppData\Local\zadtgpv C:\Users\OWNER\AppData\Local\exibrgo
  14. my comp specs,Intel Core i7 I7-4790K 4 GHz Quad-Core Processor, 2x 4gb, corsair vengeance ram pro ddr3 , nvidia gtx 770 graphics card,sandisk ultraplus 256g main hd, 1tb secondary not a "sandisk" and another for backup,asrock z97 pro4 motherboard, g15 gamer keyboard, sades 7.1 blk/red surround sound headphones, asus 27" flat hd screen..before you start telling me to download and install stuff i can't everytime i try to install anything i get " requested resource in use" on every virus program i try, windows defender offline, found crap, advanced system care i pay for finds crap but somehow this program finds C:\WINDOWS\System32\Drivers\moudclyc.sys Rootkit.SmartService (A) [290143] and wont let me get rid of it... no options for system restore anymore also... i already tried to install the stuff from the other Rootkit.SmartService (A) [290143] but again it wont let me install it.. my browser said search sixty engine was being used also which is a known virus i also tried SFC (system file checker) run DISM (Deployment Imaging and Servicing Management) Clean Boot none worked
  15. How do I clean my PC of this?: trk.cp20.com virus Addition_12-11-2017 17.16.05.txt FRST_12-11-2017 17.16.05.txt Forensics_171112-165110.txt logs.db3 Nov12-Scan_171112-165028.txt
  16. I used your service to find malware on my pc and i followed the steps and now i am here to get help. FRST.txt Addition.txt scan_171114-091848.txt
  17. Ran a scan and came up with a Rootkit and a Trojan that I can't delete or quarantine. Here are my scan records: Thanks for your help! Addition_10-11-2017 17.50.02.txt FRST_10-11-2017 17.50.02.txt scan_171110-170719.txt
  18. My Gateway Desktop computer has been impacted by a maleware/trojan. Malewarebytes can see some of the files but blocked in removing, other files not seen by Malewarebytes. But Malewarebytes is not allowed to scan, I can't open it to force a scan etc. Tried Chameleon and that saw some files but not able to remove, now Chameleon is no longer visible etc. Tried your EEK. Initially (before reading instructions) scanned in safe mode (as this is the only place malewarebytes even got to see the bad files) and that scan did find an infected file. Dialog box said to run EEK, and Farbar in Normal mode and create the files to send to you. I have done that and the scan report and FRST.txt and Addition.txt are attached. I'm also sending the scan log when I ran EEK in SafeMode so you can see the file it picked up. Again, the safemode scan was done prior to the Normal scan as requested. Thanks in advance for you rhelp. FRST.txt Addition.txt scan_171104-202602 in normal mode.txt scan_171103-212108 in safe mode.txt
  19. Update was smooth on two desktops. Not sure I can test the fix as I didn't see any problem before.
  20. Hello, Android novice so please forgive possible wrong terminology. Using the useful App Lock feature but it asks for the pin extremely frequently. There's a button in my Samsung tablet (Android 4.4.2) that reveals all open apps, so I can quickly switch between them. If I finger-hold one of them, I have the option to "remove it from list" which essentially closes it. If I get this correctly, the apps remain open and we are just switching between them. However, EMS asks the pin on every single switch, which is troublesome. I'd expect (or have an option) for the pin to be requested only when apps are closed/opened. Thanks. update: an option for stronger pins would also be nice (6/8 digits etc)
  21. Hello! EAM found in the registry and placed in quarantine SecHiJack (A). I read that this is a dangerous threat! Full computer scan - clean. In browser extensions, it's also clean. What else can I do to make sure that this was the only threat on the computer and now it is rendered harmless? I do not create a topic by rules, because. I hope that my computer is not infected. I just want to know what action to take!
  22. Help please. I scanned Emsisoft Emergency Kit and it detected this Application.AdReg and it can't be removed, it says the following object can't be removed for your own security. Can I be helped I have saw other people with this problem but it said fix would work only for them, so fix for me please? The files are found below Addition.txt FRST.txt
  23. After quarantining items found during scan the computer shut down. I was able after hours to reboot into safe mode with networking. Following a reboot after hours and hours the sign in screen appeared. I signed in and attempted to view logs etc. I continuously received file system error 1073741819 errors and rundll32exe 0xc0000005 errors. Obviously nothing worked. After attempting to utilize control panel everything hung.... I hit the escape button and the computer went to bsod. I left it on and went to bed.... after multiple attempts to access I was eventually able to sign in and everything appeared to be back to normal. No more error codes etc. After shutting it off I am back to square one. I have no exe, error code 1073741819 etc. and am now afraid to shut it off. In looking at Emsisoft logs it was running the entire time and doing frequent updates which I had to shut off. My D drive seemed to be gaining a lot of data. I can't 100% guarantee the chronological order of these events as it has been days this has been going on. I have an HP Pavilion P7-1414PC Next Gen AMD Quad Core AB5500 Accelerated Processor 64 bit. This taken from the tag on the tower. No access to info in control panel. I cannot attach the logs as they won't export nor can I copy & paste them. If you know of an alternative... I believe the issue lies somewhere with HKey Users S-1-15-21 3931398849...software Microsoft Windows which it originally quarantined and then released. I am at a loss and certainly afraid to do anything at this point. It has become way beyond my level of expertise or comfort. According to logs 10/26 @ 10:01 Protection Started, at 10:27 Shutdown received. Nowhere throughout the rest of the logs does it note any further shutdowns though there have been more and emsisoft has continued to run while nothing else does.
  24. Windows 10 Home with all updates. I am getting a 0X80070032 error when I boot. I have to reboot to start Windows. Is it malware or a problem with Windows? FRST.txt Addition.txt scan_171101-130617.txt I BB_171101-170551.txt Forensics_171101-170633.txt Quarantine_171101-170430.txt
  25. What should I do to remove virus and recover my files....no browser is working on my laptop please help me