Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 829 results

  1. Hi all . Ran a scan with a malware removal tool and it turns out I have a smart service root kit on my computer. I tried installing root kit removal tools but they are unable to run, Im guessing because of the root kit on my computer denying me access to them. My computer is stable and can do everything else except update itself (main reason why I want to fix this issue) and download certain malware removal software.
  2. Hi, my computer is infected with Rootkit SmartService. Any help getting rid of this virus and the srvpiaga.sys file would be greatly appreciated. I've attached my log files. Thanks in advance. FRST.txt scan_171126-103309.txt Addition.txt
  3. New member here. I see that this problem has already been addressed in another post in July, and the fix steps offered, but I read that that fix is specific to that machine only. So I have the same problem, also Windows 7. That is, Emsisoft detected that \Windows\System32\sdclt.exe is attempting to modify and autorun entry. I attempted to quarantine, and Emsisoft popup replies that "these files are essential for Windows to work, you can't delete or quarantine them now." I am instructed to ask the Emsisoft Forum for help in its removal. I am not tech-savvy. Please help. thanks.
  4. Almost slipped this one bye me. Smooth with no update issues
  5. Hi Kevin, I read a similar thread with a similar issue, in my case I got a persistent folder that comes up in my main PC and another two laptops... The location that shows is C:\ProgramData\simplitec and the tread is an Application.AppInstall (A) Note that, that folder is empty and it seems is a low risk thread. Please find attached the report and log that came up from Emsisoft. I really appreciated all your help and thank you very much in advance. Kind regards, John Lange Forensics_171120-135057.txt scan_171120-132841.txt
  6. This is the information emsisoft displayed to me, " Windows kernel files have been detected as infected. C:\Windows\explorer.exe As these files are essential for Windows to work, you can't delete or quarantine them now. The removal experts on Emsisoft Forum will help you to safely remove this detection for free. http://support/ . Below find attached the required Log files as directed to find a solution. scan_171204-142020.txt FRST.txt Addition.txt
  7. Я не могу сам удалить вирусы ! Мне сказали разместить отчёты и ждать помощи. ПОМОГИТЕ, ПОЖАЛУЙСТА !!!!scan_171129-231615.txt FRST.txt Addition.txt
  8. Hallo, mein Emsisoft-Programm teilt mir mit: Die folgenden Windows-Kernel-Dateien wurden als infiziert erkannt: C:\Windows\System32\wermgr.exe und sagt mir, ich solle das hier posten. Bitte um Support. Vielen Dank!
  9. Emsisoft Anti-Malware 2017.11.0.8247 BETA on Windows 7 x64 Home Premium SP1 Just performed an update to the latest beta. When notification box is shown I put the mouse pointer over "change blog" text link. The second row then blinks and this repeats each time you move the pointer away and back over the link.
  10. I was hacked! They got the info for my bank's debit card ($2000), my Discover Card ($200), my WalMart Mastercard ($0), and my PayPal ($700). The bank is not working with me so the $2K is gone. Discover and PayPal are helping but in the end I'm not sure how much that's going to cost me. The hackers tried to get into my email but Roadrunner saw it was coming from outside Texas and locked my email account. I contacted Roadrunner and the tech support found a long list of outside IP addresses and then found a Torpig. He then started a list inside my Notebook program of what we needed to do to get the system clean and to get my email going again. Everything was fine until he started listing the cost of the software he wanted me to buy... $300, $400, and $500-bucks for each the different packages. My bank account was in the minus $200-bucks and all my cards have been reported as Lost/Stolen so I had nothing. After telling the tech that I didn't have it, he had the gall to say he didn't believe me! He refused to help any further and said to call back when I had the money and then disconnected the chat window. At this point, I felt it was only going to get fixed if I did the work myself and I hit the Google search. There I found a number of softwares that promised the moon and yes, they did find a-lot of crap on my system. But then the other shoe dropped and they want $50 to $75-bucks to unlock and register the product; something that's in very short supply right now. So I turned to the Freeware listed... everything went from crap to clusterfu*k! My system slowed to the speed of an old 286-systems and some programs wouldn't even run. The freeware programs were not even listed to uninstall so a system restore was the only way. I went back far enough in time that it was before the system was hacked but I wasn't thinking; the damage is in the registry and the restore wouldn't touch it. Next, I changed every single password I could think of. Then I double checked and found the MS Firewall was down which didn't help matters. I used the MS Defender and Network Safety Check and plug what holes they could find. Since my Roadrunner email is still locked, I have been using my Gmail account. So I have the system cleaned-out the best I can and all the software and programs are updated. Pretty sure the Torpig is still there and the outside IP's are still open. Short of buy some high dollar software, which I cannot do at this point, I am at the end of what I think I can do. I found an eight page 'how to' fix but it has a long list of the files throughout the system that it says need to be deleted and then driving into the registry to change and delete items in there. Can I do that? Yes. But I just got the system fixed from the last 'how to' freeware crap so I'm a-little gunshy right now. That's when I remember this forum and how you helped me fix my Mom's system when she got hit. So here I am. I have WiFi router to replace for the security system and a few other small items to take care on the other two system but I'm here. I'll turn the sound way up so I can hear notification sounds. Thanks, David
  11. Repeated restarts do not resolve the issue. Requested logs are attached. Addition.txt FRST.txt scan_171124-163623.txt
  12. There is something going on here. I cannot find it, but it's here somewhere. Can you help? Files are attached. Thanks Scan_171126-135308.txt Addition.txt FRST.txt
  13. Hi, I've done the scans and now attaching the logs. Thanks, Deen FRST.txt Addition.txt scan_171128-092208.txt Scan_171128-094149.txt
  14. FRST.txt scan_171128-023526.txt Addition.txt
  15. Autoupdate on Windows 10. No issues so far.
  16. I updated manually the EEK I already had. (took a while to install the updates ) I right-clicked on EAM taskbar icon and selected to stop protection. Then I did a manual scan with EEK which found my eicar test file. EEK then asked about my current protection etc etc and offered to enable Emsi protection for me. I clicked on it and EEK disappeared. EAM gui then came up in red. All protection disabled. It is not possible to re-enable protection by the individually tickboxes in the GUI (surf protection, file guard etc) EAM service is not running in taskmanager but is shown as running in services, There is no icon for EAM in taskbar and starting EAM from start menu only starts GUI but no protection is possible. I suspect a restart of machine will fix this. Here are logs of EEK and also EAM in case they help explain what broke EAM. EDIT,,, In case it's of interest added radar pre leak thing from event viewer. a2start_20171128055850(3148).zip a2emergencykit_20171128060322(3536).zip radar.txt
  17. Frank just wondering if you can see any reason why sometimes it takes so long for the first update of the day to happen after a cold boot on Win 7 (machine turned off at night) This morning it took 18 minutes from when protection first started. Yesterday 16 minutes. The day before that 2 minutes. The day before that 9 minutes. Auto updates during the day are fine and on time. Debug logs for today plus forensics .txt attached. a2service_20171024044106(852).zip Forensics_171024-050217.txt EDIT.. just noticed that it seems to want to update after cold boot at the same time of day as the last update the day before . Should it be doing that?
  18. After starting the chrome browser last evening my husband's computer displayed a popup that covered most of the screen with a message supposed from The message said ** Windows Warning Alert ** Malicious Pornographic Spyware/Riskware Detected and that it was necessary to call 888 596 8332. He rebooted his machine and all seemed well until it came back this morning. I took photos of the messages and ran the requested scans and restarted (not a complete reboot) the machine. After rebooting Chrome opened automatically, but the message is not displayed. Screen shot photos and logs are attached. Thanks for your help, Katrina Adams. logs.db3FRST.txtAddition.txt
  19. I have downloaded all files and even paid the $39 to purchase the license. However I cannot ever delete or quarantine anything. Every time I try I get the same error which is: Runtime Error (at 65:231): Step 3 Error (170): The requested resource is in use. This is happening no matter what virus software I try to run. I hear good things about your so I tried it but still to no avail I cannot run anything. So I haven't been able to login with my subscription or anything since nothing will run. Addition.txt FRST.txt EEK Report scan_171122-204435.txt
  20. I have no idea how Bing got onto my computer but I resent the imposition so could someone please advise me how to dump it. Many thanks.
  21. Hi there, I scanned my computer a while back for malware and found out about what's in the title. Now I've been trying for a while to get rid of this shit and would really appreciate help as soon as possible. Files of the scans are located below, thanks again. Emisoft Scan.txt FRST.txt Addition.txt
  22. Hello, shortly after updating to the newest beta, I noticed that while update is in progress, Forensic logs falsely alert user to an update failed from not know reasons (Wystąpił nieznany błąd aktualizacji = An unknown error occured). As you can see in the box below (copied the entire log content) and on the screenshot attached, there is an information about files not being updated, moreover, the date is definitely wrong. This is nothing very important, and this error disappeared right away update was finished, but someone might be alerted to it as an error. Ogólne informacje: Wersja 2017.11.0.8219 Start aktualizacji: 26.11.2017 12:19:31 Koniec aktualizacji: 01.01.1970 Czas trwania: 12:19:31 Wystąpił nieznany błąd aktualizacji Szczegółowe informacje: 62 Modułów, 23826551 Bajtów a2hosts.dat (3741 Bajtów) - Nie zaktualizowano a2trust.dat (464 Bajtów) - Nie zaktualizowano Signatures\20171126.sig (2066 Bajtów) - Nie zaktualizowano Signatures\BD\dalvik.ivd (341 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i00 (1605 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i15 (194527 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i16 (220104 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i17 (323 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i18 (345017 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i19 (333021 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i20 (4068 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i21 (414471 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i22 (386263 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i23 (4248 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i24 (3236 Bajtów) - Nie zaktualizowano Signatures\BD\e_spyw.i25 (378528 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.000 (348504 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.379 (693 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.385 (310 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.391 (116416 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.393 (138395 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.394 (264 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.396 (78177 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.403 (163515 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.404 (173824 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.405 (147370 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.407 (2309 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.408 (113037 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.409 (2706 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.410 (247725 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.411 (171290 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.412 (207364 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.413 (216947 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.414 (190591 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.415 (225605 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.416 (34724 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.417 (258129 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i05 (767284 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i06 (34763 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i07 (848710 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i08 (827222 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i22 (92423 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i25 (754197 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i26 (766946 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i27 (453822 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i29 (853650 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i32 (295449 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i38 (744114 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i50 (597311 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i55 (706835 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i56 (694485 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i57 (719537 Bajtów) - Nie zaktualizowano Signatures\BD\emalware.i61 (735254 Bajtów) - Nie zaktualizowano Some explanations because of Polish language used in the log: Start aktualizacji = Start of update Koniec aktualizacji = End of update Czas trwania = Duration Nie zaktualizowano = not updated And the issue can be seen also on the following screenshot:
  23. EAM 7353 on Win 10 Pro 64 bit build 1703. What is this Mem Compression just shown as verifying?
  24. EAM on win 10 Pro 64bit I paused EAM while I re-downloaded Eicar to test scanning. EAM restarted protection and while EAM was doing a malware scan I was looking in the Event Viewer. EAM caught Eicar and then I noticed scan was stuck on 99% on C\Windows\write.exe Could not use taskmanager to do a dump of Emsi, nothing at all would work so I did a hard shutdown. Find enclosed debug logs. + Screenshot of stuck scan before all desktop froze as well. +Screenshot of forensic logs for today +txt file of event viewer error for a2service radar_pre_leak64 a2guard_20170901102833(2972).zip
  25. Did we ever get it sorted about why so many event id 15 entries appear in the Windows Event Manager? I remember this from quite a while agao but cannot find post for it at the moment. This is from today's update to beta 7353 on Windows 10 using EAM They say.... Updated Emsisoft Anti-Malware status successfully to SECURITY_PRODUCT_STATE_ON.