Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. Hi, it's me again. Today I scanned my laptop with this Rkill, I don't know why, maybe I souldn''t have but earlier it never showed this: Performing miscellaneous checks: * Reparse Point/Junctions Found (Most likely legitimate)! * C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir] I attach the Rkil log. Should I be concerned about i? I immediately scan the whole computer with EEK but nothing was found, the same with Adwcleaner Just in case FARBAR logs here: Rkill.txt FRST.txt Addition.txt EEK_scan_180717-202459.txt Now it's gone but I;m curious whta that was Rkill.txt
  2. Windows 10 build 17134.165 using 8750 This issue has happened for a little while now, since before last Win Update and before EAM build 8750. I thought it was something to do with the red cross on the Defender icon at boot for a few minutes before it then disappeared. However I think that may be because I have FastBoot disabled. After reading some clues from other users I can now say that if you hover over the yellow ! mark on Defender taskbar icon it will say 'Actions Needed'. But when you go to the Security Center for Defender all is green and well. BUT.. if you shut down EAM protection and start Defender from Security Center then you will see that there is a yellow ! mark on the Defender virus shield telling you that One Drive hasn't been set up. There is a Dismiss link you can click. When you click it the yellow ! goes away, and restarting EAM shows the mark has gone from the Defender taskbar icon. So EAM is stopping the enabling of One Drive by ''hiding'' the message from the Security Center. EDIT.. I have no debug logs for this I am afraid, but am 100% sure EAM is the cause.
  3. I recently have been getting some crash "Blue Screens" on my computer. I have your Emsisoft Anti-malware software on my computer and nothing shows up when I run the scan. I attached the logs you requested from EEK and FRST. Thanks, Jerry FRST_14-07-2018 10.38.59.txt Addition_14-07-2018 10.38.59.txt scan_180714-102854.txt
  4. Hi there guys, I recently helped a firend to clear his laptop (Dell, Windows Home 10, 64-bit) What happened was he got some pretty bad PUPs and other dirt. I was able to clean it up meticulously with Emsisoft Emergency Kit, I checked Firefox extensions according to Emsisoft article here, I ran many scans and it is clean now. No redirection, no PUPs, nothing, zilch, looks like it's clean and it is clean. Everything is working as it should be working. The only thing that is left is the list of greyed out exclusions that these viruses and malware programs forced Windows defender Antivirus to exclude. You can't remove them because they greyed out. Obviously I found them in the registry with the location: Komputer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths Here is the screenshot of the keyes I need to delete. They are exactly correspond to the greyed out exclusions in Wndows defender Antivirus that I also need to delete. But I can't delete the registry keys because of the error pop-up. It's like catch 22 situation. Of cource I can do a clean Windows refresh install with but maybe there;s some ways to delete first these registry keys and then maybe the exclusion list will "ungrey" automatically because doing a new install is too easey and the computer seems to be working just fine. Even better than before after I cleand all these dirt. Please help
  5. Hi guys, I need some help to remove a malware "Gen:Variant.Graftor.494726 (B)" which EMSISOFT found today. The software couldn't delete this. Error "Couldn't delete, cause of high risk to damge system." occured. Thnks for help. Gretings, Claas
  6. Hi I typed the name of a trusted website into the Google search box, clicked on that site and got redirected to an ‘advertisement’ saying ”Dear Chrome user, you are today’s lucky visitor…”. Something about a 2018 Annual Visitor Survey. The address bar displayed: play1549.i-our-prize60.loan. I didn’t click on anything and closed the window with the red x button top right. I haven’t downloaded anything for a while but checked in Programs and Features for anything unusual. There wasn’t. I ran EAM which found nothing. The Google redirect hasn’t happened again. I attach following logs. Thanks John FRST.txt Addition.txt scan_180628-220844.txt
  7. I am checking for any possible malware on my system, emsisoft antimalware, roguekiller and malwarebytes dont detect anything suspicious. But is there anything in these farbar logs? Btw, my emsisoft software said FRST.exe was suspicious and asked for my permission to allow it since it was trying to modify firewall somehow, i didnt manually approve it so the emsisoft then put the software in quarantee and shutdown the program, but the farbar was still able to make these logs, did that emsisoft interference make these logs less reliable in detecting malware? I decided to not approve the modification, because i dont know what it would do, so i will just upload these logs and if you need me to rerun farbar with approving the firewall modification i can give you new logs later. Also heres the rkill log too FRST.txt Addition.txt Rkill.txt
  8. Here's everything you need. Addition.txt FRST.txt scan_180617-172558.txt
  9. I have this impossible-to-delete-without-damage-your-cmp Rootkit problem and I don't know if it's this Cloudnet malware. I cannot access to windows defender, too, I tried many manually things. Ah, when I run an EEK scan after the results an 'Activate EEK protection' download pop up but then its says that's something wrong scan_180605-154342.txt Addition_05-06-2018 15.51.50.txt FRST_05-06-2018 15.51.50.txt
  10. Every time Chrome is opened it redirects to Yahoo search. Chrome is set as default. EAM scans haven't shown any issues but I wanted to make sure there wasn't a PUP or malware. Thank you! scan_180614-105720.txt Addition.txt FRST.txt
  11. Hello I was unable to remove file/program that keeps popping up on the desktop. The pop up is a small blue rectangle box with the words "please wait" Task manager has this app named "Windows Static Word (32bit)" File location is in C:/user/AppData/Roaming/StaticCheck/Audiod.exe The Audiod.exe file is associated with AnyCom I have used task manager to end the process as I was unable to simply remove the program from the task bar, and continued to delete the StaticCheck folder with the Audiod.exe file once the process has been cancelled. The file and folder keeps on regenerating followed up by the annoying pop up "please wait" I have tried using Malawarebytes / CClener and your own EMSI cleaner, all have been unsuccessful. Any advice would be appreciated as there does not appear to be much info in regards to this file? Regards Del audiod.exe
  12. hi guys i've just had this same issue just appear in theaudiod.exe last few days - any word on how to resolve - i've tried windows repair/restore, virus scanners - nothing.
  13. I ran a scan with emnisoft and it found several threaths. Tried to remove them. "The following objects C:\Windows\System32\Drivers\Winmon.sys C:\Windows\System32\Drivers\WinmonFS.sys were not removed for your safety ...Removing these items bears an unusually high risk of crashing your OS.." I followed the instructions on the "START HERE.." page and it asked to post remaining items here. Thanks for your help. (Sorry for my bad english, i'm not a native speaker) Edit: I can't start Windows Defender Addition.txt FRST.txt scan_180607-170710.txt scan_180607-170039.txt scan_180607-170410.txt
  14. Was online chatting with an emsisoft rep but they stopped responding over 4+ hours ago. The malware I have is consistently being identified and quarantined, repeatedly. I ran the FRST program and have added the files here in hope I can get some further assistance. Thank you. Addition.txt FRST.txt
  15. After updating to the latest version, the computer hangs on reboot. I had to go to Safe Mode to uninstall. OS: Win 7 Ultimate, 64-bit Other AV: Comodo Firewall (not AV), VodooShield free Autoruns: Eraser, SoftPerfect RAM disk, Samsung RAPID mode, Dimension 4, Virtual Clone Drive, ID Manager, Pure VPN, Rainlendar2, TextAloud 3, USB safely remove, KeyScrambler, Snagit and Hard disk sentinel. It is during the loading of the autoruns that the system hangs, and does not recover. Emsisoft Anti-Malware 2018.3.0.8555 Updating to this version required a reboot, and that is when the problem started. I have cloned back a few times, and every time the Emsisoft update causes the computer to freeze during reboot. I’ve tried updating from the old (clone) Emsisoft, and also downloading the latest installer, both with same results. I thought it must be a bad update, but the lack of action on the forum tells me different. I downloaded the latest EEK, and it found no problems. I’m still afraid to reinstall EAM as I’ve already put hours into it. Yes, I can boot into Safe Mode, but EAM real time protection seemed to be off there.
  16. System updated a short time ago, but I see no release details here. What is in Emsisoft Anti-Malware Full 2018.5.0.8686 beta [en-us] OS: Windows 8.1 (Version 6.3, Build 9600, 64-bit Edition)
  17. Before install emsi i click on a fb profile of one of my friends and he said it is virus . I click on "Special video" . What sould i do? Now i am installing EAM and runing that I put the url whith xxx to not compromise people https://xxx.facebook.com/Miklistli/activity/957761784401554?comment_id=957762854401447&notif_id=1527812882874767&notif_t=mentions_comment https://www.virustotal.com/es/url/6e1e012cb44db6112c38171df7f9a8829b386948ce5cb2588a5623aaef41d019/analysis/1527812941/ https://www.virustotal.com/es/url/81657085141be23c497e0c09e782fd693b07168481e75cb16162e8611d1953fa/analysis/1527813173/
  18. I have the smartservice rootkit on my machine, and I can't remove it. I have been unable to start malwarebytes, windows defender, or avast. Emsisoft Emergency Kit has been able to detect this rootkit at C:\WINDOWS\System32\Drivers\mouvqrty.sys. However, it has been unable to delete this file. EEK says that this file cannot be removed for your own safety, and it says a computer restart is required. However, after restarting the virus is still there. I tried multiple EEK scans to no avail. I also used Zemana anti malware to detect it, but it cannot remove smartservice either. Help would be appreciated.
  19. Win 10 using 8668 after autoupdate to new build. After having build on machine for half an hour or so, I decided to do a manual malware scan via GUI menu. The scan ended almost immediately. I asked to view logs for scan via scan window, and got a popup saying I couldn't look at the log as it wasn't available. So I opened general logs and it just says the scan is still in progress (and is still stuck saying this) Included are debug logs , db3 logs, and 2 screenshots. a2service_20180526043820(1728).zip
  20. Win 8.1, 64bit... Running 8631 with Beta feed... but there's been several updates since beta 8668 was announced and my machine hasn't selected it. Should it have done so? Emsisoft Anti-Malware Full 2018.4.0.8631 beta [en-us] OS: Windows 8.1 (Version 6.3, Build 9600, 64-bit Edition)
  21. Since updating to 8555 a short while ago I see this entry in BB list. Right-click options on it show nothing at all. Win 10
  22. 5/20/2018 11:31:29 AM A notification message "The following Windows kernel files have been detected as infected:C:\Windows\SysWOW64\schtasks.exeAs these files are essential for Windows to work, you can't delete or quarantine them now.The removal experts on the Emsisoft Forum will help you to safely remove this detection for free: http://support.emsisoft.com" has been shown
  23. Just wondering why a2contextmenu64.dll and a2contextmenu.dll in EAM Program folder do have up to date digital signatures.
  • Who's Online   0 Members, 0 Anonymous, 34 Guests (See full list)

    There are no registered users currently online

  • Create New...