Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 842 results

  1. EAM on Win 7 64bit via autoupdates. No issues so far with new build. As I do not logon to my machine I guess this won't affect me ''Unattended scheduled scans: Scans now run even if no user is logged on in Windows.''
  2. EIS stable 7567 Windows 10 Pro Version 1703 OS Build 15063.413 64-bit Frank, I have sent you a PM with the download link for the malware along with the password Please take-down the video once you have grabbed it if you wish Use the current stable or beta versions of HMP.A to replicate; all will give the same result = break the behavior blocker in this particular test scenario The system after the second test after HMP.A has been installed alongside EIS is fully infected I cut the video short before the launch of powershell and both it and wscript connecting out to the network What the malware actually does is not important; HMP.A causing the behavior blocker not to react in this particular test is what is important A demonstration of how piling other security softs on top of Emsisoft can negatively affect the behavior blocker; Emsisoft protected the system until another security soft - that was not needed - was added to the system You have the sample and can fully replicate Video removed by OP
  3. I don't think the scan is working I run scan put my computer says not protected,and how do I get this on my desk top
  4. Dear Sirs: We are trying to clean Trojan.SmartService but we can only place it into quarantine. I enclose requested files after running step by step the procedure.If you need further information do not hesitate asking me. Thank you very much in advance Best regards Ivan, GEDLUx scan_170621-162649 (1).txt FRST.txt Addition.txt
  5. I dont know if i accidentally opened one when i tried to power on the monitor somehow, or did it come there by itself. Also I was logged off here when i restarted browser, even though it should stay logged in. I havent cleared cookies. I have tried scanning computer but havent found anything. Do these logs show anything? Addition.txt FRST.txt Shortcut.txt
  6. Hello I started to get this survey pop up about 2 weeks ago. It started to come more frequently last week. I reached out to my internet provider and they did some work on my chrome and reset it. I've downloaded your emergency kit and done a number of scans and I'm still getting this pop up this morning. I'm wondering if someone could help me out. I would like to know what I can do to prevent it again and I would also like to get rid of it. Thank you so much. FRST.txt Addition.txt scan_170609-170506.txt scan_170612-144823.txt scan_170613-150744.txt
  7. Both Desktops auto updated. So far so good
  8. I saw some outgoing internet traffic while doing nothing, and earlier when i started pc the File Explorer was open when i came to look at pc, so i wasnt even at my pc when that folder was opened, though that happened before i even was connected to pc as I just had installed motherboard drivers before connecting to internet. Also when i opened edge browser, it also opened another smaller window. FRST.txt Addition.txt Shortcut.txt
  9. For months ive been wiping my ssd and reinstalled windows, because I keep experiencing something weird with my pc constantly. Now latest was some black box flashing in lower right corner in browser when i was looking at emsisoft webpage, the site is reputable so thats not issue. Also I noticed that my downloads folder had changed its view settings to "large icon", previously it was set to "details" which is the default, and I have not changed that myself. I cant find anything from various virus scanners. Also I noticed some weird event logs in the event viewer, where unknown process does some registry changes. Here are also farbar logs for analyzing. Shortcut.txt Addition.txt FRST.txt
  10. EIS 2017.5.0.7538 Windows 10 Pro Version 1703 OS Build 15063.332 64-bit Process Hacker 2 ( Since some vendors treat Process Hacker as potentially malicious, it is possible that the behavior below is intended - so I'm not sure if it is a bug * * * * * 1. Launch Process Hacker 2 2. processhacker.exe shows in the Behavior Blocker list 3. A rule for processhacker.exe is never created in the Applications Rules list
  11. Frank, please PM me and I will provide you a download link for the *.bat and password. Video is .mp4 format. Delete Shadow Copies.mp4
  12. I've tried at least 4 antimalware programs after recieving disruptive amounts of pop-ups from my browser (chrome) despite not clicking on any ads, and from sites I've been frequenting for years that had no problems before, such as YouTube, Discord, and even new tabs. Unfortunately, all of the anti-malware scans have come clear; I've checked my applications for any programs I never installed myself and found none; I've done a disk clean on safe mode and reset chrome, and followed a bunch of steps from how to clean malware, so maybe I've been making it worse? but honestly I don't know. After I did that, there was a few days where I was clean from the pop-ups, but then it's started again the past few days. I hope you guys know what's wrong, and thanks for listening! Addition.txt FRST.txt scan_170605-211721.txt
  13. In practice, I find that I usually go to the Behavior Blocker list first to verify what is running, it's reputation, etc and then, if need be, go to the Application Rules list I find that I spend more time looking at the Behavior Blocker list than I do at the Application Rules - since the EAN pretty much takes care of the rules in 99.9 % of the cases The current logic is that a user must open the GUI first and then navigate to Protection > Behavior Blocker It would be more convenient to be able to open the Behavior Blocker list directly from the tray icon context menu - instead of always having to open the GUI and navigate to it It would be a practical feature to add EAM or EIS tray icon > right-click > Behavior Blocker (list) I am not suggesting that the Application Rules link should be removed from the tray icon context menu; I am requesting only that a link to the Behavior Blocker list be added to it
  14. The last couple of weeks I've been seeing - frequently - the attached series of messages/dialog boxes. Since the first message makes it clear that your software couldn't reach some server on your end ("...check your internet connection..."), why doesn't that message simply offer a "Retry" option instead of shoving me into a "Change your License" dialog and, as I now realize, incrementing a counter with a limit? I'm doing a lot of restarts lately trying to speed up Win7 startups and, since this license issue happens so often, am now unable to open the GUI. An attempt to do so just throws msg 03 back up followed by the "mapping limit" box (which I didn't attach). I'm cursed with a slow connection, so perhaps you're giving up too easily? Trying too soon? Whatever- it's very tiresome. Thanks. Here's today's development. Same series as described above, but with Emsisoft morphing into the Freeware version. Closed and reopened the GUI, looked normal, but then a message saying the license is now expired (attachment 04). Note 748 days left on the license in one message, yet another saying expired. There have been no hardware changes since a new HDD on 4/25. Followed instructions on the expired message to enter correct license key and get mapping limit reached. I'm being sent in circles.
  15. I get that title every time I try to use an execution file to clean my computer. I also noticed that I have a file in my downloads that is the source for my rootkit problem I am having. RogueKillerIndir1210100(x86x64). Attached are the 3 files requested. Thank you in advance for the help. It is greatly appreciated. scan_170602-184106.txt FRST.txt Addition.txt
  16. All execution program I try to use to clean my computer displays the following error message. The requested resource is in use. Can you help please? scan_170603-072834.txt FRST.txt Addition.txt
  17. I’m having incredible problems with my HP Pavilion Laptop, just purchased in December (windows 10). Even after running Emsisoft and deleting the 2 high-risk files that had been found, I can’t use the computer for more than 15 minutes before it locks up. I go between two locations and the problem is much more evident at this location, however, my husband has no problems with his laptop. When making a side-by-side comparison test yesterday, I found that his computer will have the spinning arrow if mine is on and locks up. When mine is shutdown, his operates normally. The internet speed test shows a download speed of about 12.8Mbps when the machine isn't locked up. When mine is locked up the test will barely run until my PC is shutdown. I ran into issues when I was at this location by myself in March and had the laptop scanned by a professional who uses and recommends Emsisoft. He found no hardware issues and removed some viruses but said there was nothing major. The laptop seemed to operate without issues at my other home. There are lots more details I could give on what’s gone on, including pictures of the various error screens. I’m typing this on Word first so I can get a posting up before it locks up again! The logs are attached. Thanks for your help. Scan_170530-101653.txt FRST_30-05-2017 10.18.50.txt Addition_30-05-2017 10.18.50.txt
  18. Good afternoon, I am having the same issue -- it seems that I have been infected with 4 Trojan.SmartService (A) trojans.
  19. Hi Emsisoft Support, I use an Asus laptop (Windows 7 x64 SP1) and a recent Emsisoft Anti-Malware alert as given in the attached screen shot shows the following message: I use PatchMyPC ( for updating selected applications on my laptop when new versions become available. However, the "C:\PatchMyPCUpdates\" folder does not seem to exist. Did Emsisoft remove this folder or is this a false positive? I have attached the screen shot and the Emsisoft Emergency Kit log (scan_170518-154302.txt) from the "C:\EEK\Reports" folder. Also attached are the FRST.txt and Addition.txt. The FRST.txt shows a number of things that I find strange: (1) There are two users created yesterday on the laptop that I do not recognise (Akdzxqpv and Zuyel). Note: The "new" user is myself - I was too lazy to change the default user when I first got this second-hand laptop. In addition, the "Yer Woman" account was created by my wife. (2) Other folders created yesterday ("C:\Xorganized212" and "C:\arconfig139") I also do not recognise. Regards, Liam. Addition.txt FRST.txt scan_170518-154302.txt
  20. Using EIS on Win8.1 x64 There's no info in the help file about what this does. The tickbox's label implies it is only(?) for Outlook/Thunderbird's files, so... does that mean a particular file-extension or a few file-extensions, and does it mean ony when they are found in whatever are the typical locations that those apps would store their data files in? What about data files for other email clients? Is whatever is done in the scan of these files any different from what happened previously when a custom scan looked at these files, if that scan was done with filtering by file-extension turned off? (I suppose I'm assuming that if filtering by extension was on, those files previously got skipped.)
  21. Something is going on my pc and not sure what... logs.db3 Addition.txt FRST.txt
  22. Hi. Had this problem opening advert photos on Facebook.JS:Trojan,Cryxos.216 E Emsisoft jumped in and Quarantined it so thought that's it fixed so tried again and got the same problem again. So thinking maybe an I/E problem I deleted I/E and replaced it with Chrome. But got the same problem. Also had a big notice come up to phone such and such of a number from elsewhere which I deleted. Now my problem is has it actually downloaded anything on to my computer that my security programs cannot find. Slightly overloaded with security programs for this reason. Malwarebytes,Eset and Emsisoft. I have run them all in full scans and nothing is found except what has been quarantined. I checked this out from F-Secure and it looks the same. I am almost sure that if I go back to facebook and open the advert pages I will get the same problem. Is the problem liable to be a facebook problem or a problem on my computer. This from emsisoft Quarantine. ID Object 0 C:\Users\bill\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\W04TDUSY\index[1].htm JS:Trojan.Cryxos.261 (B)
  23. Seems like I have been infected with Trojan.SmartService (A). Deleting og quarantining does not remove the trojan (they reappear after boot). Thanks. Bjørn Scan_170529-095746.txt Addition.txt FRST.txt
  24. C:\Windows\system32\wbiosrvp.dll --- Trojan.GenericKD.4561291 (B) [krnl.xmd] The infected file is located deep in the root directory of the operating system. Emsisoft Internet Security version 2017.4.1.7484 can not solve this problem. I ask for help in solving the problem. Addition.txt FRST.txt scan_170519-165318.txt
  25. Hi everybody, I am not English native so I apologize for possible errors. Software running on my PC: - OS: Windows 7 Pro 64 (regularly updated) - AV: Avast Free Antivirus - AM: Emsisoft Emergency Kit (2017.4.0.7437) - FW: Comodo Firewall 10 I have been using this machine for a couple of years, more or less. The antivirus and firewall are always running in background and I use both Avast and Emsisoft Emergency Kit (which is placed on one of the internal drives) every now and then for virus and malware scanning. I didn't notice anything strange, everything was smooth and fine, Avast all green (Protected), no viruses found (both by quick and full system scan) and EEK always tells me "0 detected" (malware scan). Yesterday, influenced by the "Wanna Cry Crisis" I ran another malware scan with EEK, 0 detected as usual. Then I decided to do a Custom Scan (which I have never done before, apparently), I left all the default settings and gave it a go. The scan took much more time than usual (that's normal) but this time two objects were detected (see attached log). Both files were located on F:, which is a data partition on a HDD I moved into this machine from a previous computer running Windows XP, for what I know they could have been there for years, doing what? I don't know, as I said I have never experienced anything strange. I quarantined the two files then I rescanned with EEK (Custom Scan) to confirm the system was clean. I got a "0 detected" from EEK but Avast showed me an alert about an infection (Win32:Malware-gen) coming from a2emergencykit.exe (which is inside the EEK folder). According to Avast the process was blocked before any damage was done. I ran a full system scan and a boot time scan with Avast, both negative. I then ran EEK Custom Scan twice, "0 detected" but both times Avast showed the same alert about a2emergencykit.exe. Again Avast full system scan, negative. In short, it seems I get an Avast alert each time I do a EEK Custom Scan (the standard Malware Scan doesn't trigger the alert). Anybody can help me to understand what is happening? scan_170517-202303.txt