Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. Both Desktops auto updated. So far so good
  2. I saw some outgoing internet traffic while doing nothing, and earlier when i started pc the File Explorer was open when i came to look at pc, so i wasnt even at my pc when that folder was opened, though that happened before i even was connected to pc as I just had installed motherboard drivers before connecting to internet. Also when i opened edge browser, it also opened another smaller window. FRST.txt Addition.txt Shortcut.txt
  3. For months ive been wiping my ssd and reinstalled windows, because I keep experiencing something weird with my pc constantly. Now latest was some black box flashing in lower right corner in browser when i was looking at emsisoft webpage, the site is reputable so thats not issue. Also I noticed that my downloads folder had changed its view settings to "large icon", previously it was set to "details" which is the default, and I have not changed that myself. I cant find anything from various virus scanners. Also I noticed some weird event logs in the event viewer, where unknown process does some registry changes. Here are also farbar logs for analyzing. Shortcut.txt Addition.txt FRST.txt
  4. EIS 2017.5.0.7538 Windows 10 Pro Version 1703 OS Build 15063.332 64-bit Process Hacker 2 (https://www.isthisfilesafe.com/?md5=B365AF317AE730A67C936F21432B9C71) Since some vendors treat Process Hacker as potentially malicious, it is possible that the behavior below is intended - so I'm not sure if it is a bug * * * * * 1. Launch Process Hacker 2 2. processhacker.exe shows in the Behavior Blocker list 3. A rule for processhacker.exe is never created in the Applications Rules list http://processhacker.sourceforge.net/downloads.php
  5. Frank, please PM me and I will provide you a download link for the *.bat and password. Video is .mp4 format. Delete Shadow Copies.mp4
  6. I've tried at least 4 antimalware programs after recieving disruptive amounts of pop-ups from my browser (chrome) despite not clicking on any ads, and from sites I've been frequenting for years that had no problems before, such as YouTube, Discord, and even new tabs. Unfortunately, all of the anti-malware scans have come clear; I've checked my applications for any programs I never installed myself and found none; I've done a disk clean on safe mode and reset chrome, and followed a bunch of steps from how to clean malware, so maybe I've been making it worse? but honestly I don't know. After I did that, there was a few days where I was clean from the pop-ups, but then it's started again the past few days. I hope you guys know what's wrong, and thanks for listening! Addition.txt FRST.txt scan_170605-211721.txt
  7. In practice, I find that I usually go to the Behavior Blocker list first to verify what is running, it's reputation, etc and then, if need be, go to the Application Rules list I find that I spend more time looking at the Behavior Blocker list than I do at the Application Rules - since the EAN pretty much takes care of the rules in 99.9 % of the cases The current logic is that a user must open the GUI first and then navigate to Protection > Behavior Blocker It would be more convenient to be able to open the Behavior Blocker list directly from the tray icon context menu - instead of always having to open the GUI and navigate to it It would be a practical feature to add EAM or EIS tray icon > right-click > Behavior Blocker (list) I am not suggesting that the Application Rules link should be removed from the tray icon context menu; I am requesting only that a link to the Behavior Blocker list be added to it
  8. The last couple of weeks I've been seeing - frequently - the attached series of messages/dialog boxes. Since the first message makes it clear that your software couldn't reach some server on your end ("...check your internet connection..."), why doesn't that message simply offer a "Retry" option instead of shoving me into a "Change your License" dialog and, as I now realize, incrementing a counter with a limit? I'm doing a lot of restarts lately trying to speed up Win7 startups and, since this license issue happens so often, am now unable to open the GUI. An attempt to do so just throws msg 03 back up followed by the "mapping limit" box (which I didn't attach). I'm cursed with a slow connection, so perhaps you're giving up too easily? Trying too soon? Whatever- it's very tiresome. Thanks. Here's today's development. Same series as described above, but with Emsisoft morphing into the Freeware version. Closed and reopened the GUI, looked normal, but then a message saying the license is now expired (attachment 04). Note 748 days left on the license in one message, yet another saying expired. There have been no hardware changes since a new HDD on 4/25. Followed instructions on the expired message to enter correct license key and get mapping limit reached. I'm being sent in circles.
  9. I get that title every time I try to use an execution file to clean my computer. I also noticed that I have a file in my downloads that is the source for my rootkit problem I am having. RogueKillerIndir1210100(x86x64). Attached are the 3 files requested. Thank you in advance for the help. It is greatly appreciated. scan_170602-184106.txt FRST.txt Addition.txt
  10. All execution program I try to use to clean my computer displays the following error message. The requested resource is in use. Can you help please? scan_170603-072834.txt FRST.txt Addition.txt
  11. Logs as attached. Thanks scan_170522-100350.txt FRST.txt Addition.txt
  12. I’m having incredible problems with my HP Pavilion Laptop, just purchased in December (windows 10). Even after running Emsisoft and deleting the 2 high-risk files that had been found, I can’t use the computer for more than 15 minutes before it locks up. I go between two locations and the problem is much more evident at this location, however, my husband has no problems with his laptop. When making a side-by-side comparison test yesterday, I found that his computer will have the spinning arrow if mine is on and locks up. When mine is shutdown, his operates normally. The internet speed test shows a download speed of about 12.8Mbps when the machine isn't locked up. When mine is locked up the test will barely run until my PC is shutdown. I ran into issues when I was at this location by myself in March and had the laptop scanned by a professional who uses and recommends Emsisoft. He found no hardware issues and removed some viruses but said there was nothing major. The laptop seemed to operate without issues at my other home. There are lots more details I could give on what’s gone on, including pictures of the various error screens. I’m typing this on Word first so I can get a posting up before it locks up again! The logs are attached. Thanks for your help. Scan_170530-101653.txt FRST_30-05-2017 10.18.50.txt Addition_30-05-2017 10.18.50.txt
  13. Good afternoon, I am having the same issue -- it seems that I have been infected with 4 Trojan.SmartService (A) trojans.
  14. Hi Emsisoft Support, I use an Asus laptop (Windows 7 x64 SP1) and a recent Emsisoft Anti-Malware alert as given in the attached screen shot shows the following message: I use PatchMyPC (https://patchmypc.net/supported-products-free-updater) for updating selected applications on my laptop when new versions become available. However, the "C:\PatchMyPCUpdates\" folder does not seem to exist. Did Emsisoft remove this folder or is this a false positive? I have attached the screen shot and the Emsisoft Emergency Kit log (scan_170518-154302.txt) from the "C:\EEK\Reports" folder. Also attached are the FRST.txt and Addition.txt. The FRST.txt shows a number of things that I find strange: (1) There are two users created yesterday on the laptop that I do not recognise (Akdzxqpv and Zuyel). Note: The "new" user is myself - I was too lazy to change the default user when I first got this second-hand laptop. In addition, the "Yer Woman" account was created by my wife. (2) Other folders created yesterday ("C:\Xorganized212" and "C:\arconfig139") I also do not recognise. Regards, Liam. Addition.txt FRST.txt scan_170518-154302.txt
  15. Using EIS on Win8.1 x64 There's no info in the help file about what this does. The tickbox's label implies it is only(?) for Outlook/Thunderbird's files, so... does that mean a particular file-extension or a few file-extensions, and does it mean ony when they are found in whatever are the typical locations that those apps would store their data files in? What about data files for other email clients? Is whatever is done in the scan of these files any different from what happened previously when a custom scan looked at these files, if that scan was done with filtering by file-extension turned off? (I suppose I'm assuming that if filtering by extension was on, those files previously got skipped.)
  16. Something is going on my pc and not sure what... logs.db3 Addition.txt FRST.txt
  17. Hi. Had this problem opening advert photos on Facebook.JS:Trojan,Cryxos.216 E Emsisoft jumped in and Quarantined it so thought that's it fixed so tried again and got the same problem again. So thinking maybe an I/E problem I deleted I/E and replaced it with Chrome. But got the same problem. Also had a big notice come up to phone such and such of a number from elsewhere which I deleted. Now my problem is has it actually downloaded anything on to my computer that my security programs cannot find. Slightly overloaded with security programs for this reason. Malwarebytes,Eset and Emsisoft. I have run them all in full scans and nothing is found except what has been quarantined. I checked this out from F-Secure and it looks the same. https://www.f-secure.com/v-descs/trojan_js_cryxos.shtml I am almost sure that if I go back to facebook and open the advert pages I will get the same problem. Is the problem liable to be a facebook problem or a problem on my computer. This from emsisoft Quarantine. ID Object 0 C:\Users\bill\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W04TDUSY\index[1].htm JS:Trojan.Cryxos.261 (B)
  18. Seems like I have been infected with Trojan.SmartService (A). Deleting og quarantining does not remove the trojan (they reappear after boot). Thanks. Bjørn Scan_170529-095746.txt Addition.txt FRST.txt
  19. C:\Windows\system32\wbiosrvp.dll --- Trojan.GenericKD.4561291 (B) [krnl.xmd] The infected file is located deep in the root directory of the operating system. Emsisoft Internet Security version 2017.4.1.7484 can not solve this problem. I ask for help in solving the problem. Addition.txt FRST.txt scan_170519-165318.txt
  20. Hi everybody, I am not English native so I apologize for possible errors. Software running on my PC: - OS: Windows 7 Pro 64 (regularly updated) - AV: Avast Free Antivirus - AM: Emsisoft Emergency Kit (2017.4.0.7437) - FW: Comodo Firewall 10 I have been using this machine for a couple of years, more or less. The antivirus and firewall are always running in background and I use both Avast and Emsisoft Emergency Kit (which is placed on one of the internal drives) every now and then for virus and malware scanning. I didn't notice anything strange, everything was smooth and fine, Avast all green (Protected), no viruses found (both by quick and full system scan) and EEK always tells me "0 detected" (malware scan). Yesterday, influenced by the "Wanna Cry Crisis" I ran another malware scan with EEK, 0 detected as usual. Then I decided to do a Custom Scan (which I have never done before, apparently), I left all the default settings and gave it a go. The scan took much more time than usual (that's normal) but this time two objects were detected (see attached log). Both files were located on F:, which is a data partition on a HDD I moved into this machine from a previous computer running Windows XP, for what I know they could have been there for years, doing what? I don't know, as I said I have never experienced anything strange. I quarantined the two files then I rescanned with EEK (Custom Scan) to confirm the system was clean. I got a "0 detected" from EEK but Avast showed me an alert about an infection (Win32:Malware-gen) coming from a2emergencykit.exe (which is inside the EEK folder). According to Avast the process was blocked before any damage was done. I ran a full system scan and a boot time scan with Avast, both negative. I then ran EEK Custom Scan twice, "0 detected" but both times Avast showed the same alert about a2emergencykit.exe. Again Avast full system scan, negative. In short, it seems I get an Avast alert each time I do a EEK Custom Scan (the standard Malware Scan doesn't trigger the alert). Anybody can help me to understand what is happening? scan_170517-202303.txt
  21. Using the latest EAM 2017.3.0.7318 beta on Win 7 HomePremium SP1 x64. Some good files in behavior blocker tab are still marked as Unknown. In stable version those are also shown first when I open GUI but are removed after few seconds. Online check confirms them as Trusted in AMN. Are there some AMN problems?
  22. On 6963 and 6971 there is a small graphics error and I have been trying to find what triggers it and an the moment I cannot. Perhaps it is a Windows session thing I don't know. I do a malware scan, look at reports, etc then back to main GUI then open logs and I see this in the screenshot.
  23. Good day! I would like to report a minor issue with this product's beta, the issue is that if a known malware is detected - the file is being moved to the quarantine without any notification, despite the function for detection notificiation being turned on. No game mode was enabled.
  24. After autoupdate of EAM on Win 7 64bit I decided to plug in a small usb drive to test the new 'scan anyway' option. Plugged in usb stick and selected scan anyway from slide option. No issues. Thought I would copy my eicar file from C drive to G (usb) to see what would happen. Laptop locked up solid and I had to do a hard reset Windows Event Viewer showed Log Name: Application Source: Application Error Date: 25/03/2017 06:25:43 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: ****-PC Description: Faulting application name: a2service.exe, version: 2017.3.0.7318, time stamp: 0x58d5820f Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c99e1 Exception code: 0xc0000374 Fault offset: 0x00000000000bf3e2 Faulting process id: 0x11a8 Faulting application start time: 0x01d2a52fa0796f96 Faulting application path: C:\Program Files\Emsisoft Anti-Malware\a2service.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: df563e36-1123-11e7-a79c-c80aa971b42a Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2017-03-25T06:25:43.000000000Z" /> <EventRecordID>90286</EventRecordID> <Channel>Application</Channel> <Computer>****-PC</Computer> <Security /> </System> <EventData> <Data>a2service.exe</Data> <Data>2017.3.0.7318</Data> <Data>58d5820f</Data> <Data>ntdll.dll</Data> <Data>6.1.7601.23677</Data> <Data>589c99e1</Data> <Data>c0000374</Data> <Data>00000000000bf3e2</Data> <Data>11a8</Data> <Data>01d2a52fa0796f96</Data> <Data>C:\Program Files\Emsisoft Anti-Malware\a2service.exe</Data> <Data>C:\Windows\SYSTEM32\ntdll.dll</Data> <Data>df563e36-1123-11e7-a79c-c80aa971b42a</Data> </EventData> </Event> Attached are debug logs (thanks a lot for the new 'enabled always' option for debug logging :)) a2start_20170325061834(4712).zip
  25. Using EIS on Win8.1 x64 This looks to me as if it acts identically to the existing Behaviour Blocker component on that tile, which makes it a marketing thing rather than a technical feature. Am I missing something?
  • Create New...