Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 829 results

  1. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Execute malicious file (Locky variant) 2. Behavior blocker eventually detects suspicious activity, AMN query is performed, Bad reputation is returned, and the behavior blocker auto-resolves the file by terminating and sending to quarantine 3. The malicious process still appears in the behavior blocker list of actively running processes, but the process is not in active memory on the system 4. In the behavior blocker list, right-click on the process and select any of the context menu options and nothing happens (as expected) 5. Reboot system removes process from the behavior blocker active list 6. This same quirk happens when an active Bad reputation process, that just sits there and does nothing to trigger the behavior blocker, self-terminates
  2. EAM *.7838 Windows 10 Pro 1703 OS Build 15063.540 x64 1. Extract malware pack 2. Files are detected by File Guard real-time protection 3. Detected files are auto-quarantined and added to the Quarantine folder with .EIQF extension 4. Not all detected and auto-quarantine files appear in the GUI Quarantine list 5. Also some event logging quirks appeared in the Forensic Log during the process of detection and auto-quarantine There are occasional duplicate entries. The Component\Action sequences are OK. In the image below, take note of duplicate, identical line items for: xls.xls (there is a duplicate "infection quarantined") JbhbUsFs.exe (there is a double behavior blocker detection and Core notification) Minor GUI stuff; the applicable protections themselves are working. 11-8-17_6.7z
  3. I am having a problem removing two files. I keep getting a syntax error. Is there something wrong with this script: DeleteFile: ReplaceWithDummy C:\Users\OWNER\AppData\Local\zadtgpv C:\Users\OWNER\AppData\Local\exibrgo
  4. my comp specs,Intel Core i7 I7-4790K 4 GHz Quad-Core Processor, 2x 4gb, corsair vengeance ram pro ddr3 , nvidia gtx 770 graphics card,sandisk ultraplus 256g main hd, 1tb secondary not a "sandisk" and another for backup,asrock z97 pro4 motherboard, g15 gamer keyboard, sades 7.1 blk/red surround sound headphones, asus 27" flat hd screen..before you start telling me to download and install stuff i can't everytime i try to install anything i get " requested resource in use" on every virus program i try, windows defender offline, found crap, advanced system care i pay for finds crap but somehow this program finds C:\WINDOWS\System32\Drivers\moudclyc.sys Rootkit.SmartService (A) [290143] and wont let me get rid of it... no options for system restore anymore also... i already tried to install the stuff from the other Rootkit.SmartService (A) [290143] but again it wont let me install it.. my browser said search sixty engine was being used also which is a known virus i also tried SFC (system file checker) run DISM (Deployment Imaging and Servicing Management) Clean Boot none worked
  5. How do I clean my PC of this?: virus Addition_12-11-2017 17.16.05.txt FRST_12-11-2017 17.16.05.txt Forensics_171112-165110.txt logs.db3 Nov12-Scan_171112-165028.txt
  6. I used your service to find malware on my pc and i followed the steps and now i am here to get help. FRST.txt Addition.txt scan_171114-091848.txt
  7. Ran a scan and came up with a Rootkit and a Trojan that I can't delete or quarantine. Here are my scan records: Thanks for your help! Addition_10-11-2017 17.50.02.txt FRST_10-11-2017 17.50.02.txt scan_171110-170719.txt
  8. My Gateway Desktop computer has been impacted by a maleware/trojan. Malewarebytes can see some of the files but blocked in removing, other files not seen by Malewarebytes. But Malewarebytes is not allowed to scan, I can't open it to force a scan etc. Tried Chameleon and that saw some files but not able to remove, now Chameleon is no longer visible etc. Tried your EEK. Initially (before reading instructions) scanned in safe mode (as this is the only place malewarebytes even got to see the bad files) and that scan did find an infected file. Dialog box said to run EEK, and Farbar in Normal mode and create the files to send to you. I have done that and the scan report and FRST.txt and Addition.txt are attached. I'm also sending the scan log when I ran EEK in SafeMode so you can see the file it picked up. Again, the safemode scan was done prior to the Normal scan as requested. Thanks in advance for you rhelp. FRST.txt Addition.txt scan_171104-202602 in normal mode.txt scan_171103-212108 in safe mode.txt
  9. Update was smooth on two desktops. Not sure I can test the fix as I didn't see any problem before.
  10. Hello, Android novice so please forgive possible wrong terminology. Using the useful App Lock feature but it asks for the pin extremely frequently. There's a button in my Samsung tablet (Android 4.4.2) that reveals all open apps, so I can quickly switch between them. If I finger-hold one of them, I have the option to "remove it from list" which essentially closes it. If I get this correctly, the apps remain open and we are just switching between them. However, EMS asks the pin on every single switch, which is troublesome. I'd expect (or have an option) for the pin to be requested only when apps are closed/opened. Thanks. update: an option for stronger pins would also be nice (6/8 digits etc)
  11. Hello! EAM found in the registry and placed in quarantine SecHiJack (A). I read that this is a dangerous threat! Full computer scan - clean. In browser extensions, it's also clean. What else can I do to make sure that this was the only threat on the computer and now it is rendered harmless? I do not create a topic by rules, because. I hope that my computer is not infected. I just want to know what action to take!
  12. Help please. I scanned Emsisoft Emergency Kit and it detected this Application.AdReg and it can't be removed, it says the following object can't be removed for your own security. Can I be helped I have saw other people with this problem but it said fix would work only for them, so fix for me please? The files are found below Addition.txt FRST.txt
  13. After quarantining items found during scan the computer shut down. I was able after hours to reboot into safe mode with networking. Following a reboot after hours and hours the sign in screen appeared. I signed in and attempted to view logs etc. I continuously received file system error 1073741819 errors and rundll32exe 0xc0000005 errors. Obviously nothing worked. After attempting to utilize control panel everything hung.... I hit the escape button and the computer went to bsod. I left it on and went to bed.... after multiple attempts to access I was eventually able to sign in and everything appeared to be back to normal. No more error codes etc. After shutting it off I am back to square one. I have no exe, error code 1073741819 etc. and am now afraid to shut it off. In looking at Emsisoft logs it was running the entire time and doing frequent updates which I had to shut off. My D drive seemed to be gaining a lot of data. I can't 100% guarantee the chronological order of these events as it has been days this has been going on. I have an HP Pavilion P7-1414PC Next Gen AMD Quad Core AB5500 Accelerated Processor 64 bit. This taken from the tag on the tower. No access to info in control panel. I cannot attach the logs as they won't export nor can I copy & paste them. If you know of an alternative... I believe the issue lies somewhere with HKey Users S-1-15-21 Microsoft Windows which it originally quarantined and then released. I am at a loss and certainly afraid to do anything at this point. It has become way beyond my level of expertise or comfort. According to logs 10/26 @ 10:01 Protection Started, at 10:27 Shutdown received. Nowhere throughout the rest of the logs does it note any further shutdowns though there have been more and emsisoft has continued to run while nothing else does.
  14. Windows 10 Home with all updates. I am getting a 0X80070032 error when I boot. I have to reboot to start Windows. Is it malware or a problem with Windows? FRST.txt Addition.txt scan_171101-130617.txt I BB_171101-170551.txt Forensics_171101-170633.txt Quarantine_171101-170430.txt
  15. What should I do to remove virus and recover my browser is working on my laptop please help me
  16. You guys are busy bee's One desk top just auto update. Smooth. Beat you Frank
  17. Win 10 build 1709....EEK 7904 Because of the thread here I thought I would see if I could reproduce it. Turned off EAM and installed EEK and ran a scan. No issues and after closing EEK there was no instance of EEK left in TaskManager. One thing I did note is that I have a copy of Eicar on my machines to test my Malware scans on EAM and EEK. EEK didn't catch Eicar as Windows Defender jumped in and got it first Of course this doesn't happen on Win 7 with EAM turned off when running EEK, but it does using Win 10.
  18. This is renewed call for 67 malwares that Emsisoft discovered on my PC but it is not able to remove them. Today I followed Kevin Zoll's instructions using AdwCleaner and Junkware Removal Tool and here are generated files. What now? My Internet provider (Rogers) switches my internet service off as dangers for their system and other customers!!! Urgent help needed. Thanks in advance Dobrilo AdwCleaner[S1].txt JRT.txt
  19. Hi Frank Both desktops updated no sweat. Course on win 7 isn't much of an issue.
  20. as you can see in the screenshot security centre icon is not displayed in the task bar, but when I click it opens. is it a bug? is it known? Please Let me know Soon
  21. Updated to Windows 10 Fall Creators Update (1709). The "Virus & threat protection" part of the Windows Defender Security Center does recognize EAM as an installed antivirus provider, but the status is unavailable... (it informs me to open EAM for more information) Is this the way it is supposed to work?
  22. Hello; I run EAM on my USB flash drive, and three objects were quarantined, with message: E:\xxx.vbs Quarantined: VB:Trojan.Agent.CMIZ (B) E:\R_CDF_MDE.lnk Quarantined: Generic.WormVBS.LNKC.CA2DE534 (B) E:\Services Custombit.lnk Quarantined: Generic.WormVBS.LNKC.ABDAAF75 (B) There is something more I can do apart of delete them? Should I format the drive? Should I run some additional test? Mhhh ... fear
  23. Windows 10 build 1709 using autoupdater. As it was downloading I got the popup for app restart required. I said yes. After GUI was loaded it said I was on 8100 but Forensics said the updates had been cancelled by me. I then did a manual update which uploaded some more stuff and also asked me for an app restart. Debug logs attached, plus screenshot of Forensics and copies of the 2 update logs inside zip. update log 1 is the one EAM says I cancelled and shows some things were updated and some were not. update log 2 shows what was updated via manual update a couple of minutes later. a2guard_20171026075450(6784).zip
  24. Hi Frank Two desktops sitting pretty with 8100 on them. Looking good. Pete
  25. I saw something flashing over the google search bar in firefox while watching youtube, also checking routinely for viruses anyway. Ive done some virus scans which come out clean. Do these logs show anything out of order? FRST.txt Addition.txt scan_171024-064749.txt
  • Who's Online   0 Members, 0 Anonymous, 68 Guests (See full list)

    There are no registered users currently online