Search the Community

Showing results for tags 'Closed'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • Feedback, comments, and suggestions
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 751 results

  1. Hi, 1. In the past, We could add files to the quarantine directly by drag and drop. 2. In the past, We could send suspicious file from quarantine for analyze. (Submitted column is available yet) Thank You
  2. hi i unistall ver 11 and install ver 12 from EIM database in version 11 is 8.432.000 but in EIM 12 is 6.998.000 !!! Correct this ?
  3. Did just make some test with the whitelist features. Very nice to see wildcards! At this step it is a little bit annoying to add new entries as you at least has to enter one folder and then you are able to alter the path clicking the new entry. But for me this is more a cosmetic issue. Now to the main topic. As i did not find a pop-up or other info i assume the exclude options disables/excludes from all on-demand (scheduled), on-access (realtime) and behavior blocker in contrast to exclude from monitoring only means on-access and behavior blocker leaving on-demand active. Also noticed that excluding for example putty.exe does not remove the Behavior Blocker Hooks DLL as it was in EAM11. Is it possible to exclude injecting these DLLs in some rare case that an applications crashes while using behavior blocker? Is it also possible or planned to use an behavior blocker only whitelist as i find it important to have at least realtime protection and do not want to exlude all checks? For example we have a large admin maintained install share where a lot of software installers are placed, some of them will trigger an behavior blocker alert. We have whitelisted this folder in EAM (using ECC) but only from behavior blocker which is possible in EAM11. So our automated installations run fine but we have at least some kind of protection if we unintentional upload a malware to this share.
  4. My browser automatically opens a suspicious site which gets detected by my antivirus software and gets blocked every time. It opens randomly at anytime even when the browser is closed. please help me with this problem as I am afraid this might be a potential malware.
  5. Greetings! My computer and hard discs are fully infected with Cerber version 1. I've stopped the process but the encrypted files needs to be decrypted. I have noticed strange behavoir before full infection, but as the ransomware disguised itself as chrome update or so, it was look alike, like microsoft forced or wrong update. I tried TrendMicro: Ransomware File Decryptor, but every time, during progress it closed itself, without any notice or effort on the files. How and when can i decrypt my files? Thank you! Addition.txt FRST.txt Scan_160806-200124.txt
  6. This Windows 10 Home PC was brought to me because of popup ads. Prior to being directed to the forum, I ran MBAM and quarantined about 1,100 objects, and ran EEK and quarantined 56 objects. These runs were in Safe Mode because the PC would not install software when booted normally. EEK reported "The following objects were not removed for your own safety: C:\WINDOWS\SYSTEM32\DNSAPI.dll C:\WINDOWS\SysWOW64\dnsapi.dll" At this point I stopped, found the forum, and followed the directions in START HERE. 1. Booted in Normal mode. 2. Ran EEK from C:\EEK, Update, Malware Scan, scan only. 3. Ran FRST64 from flash drive. After clicking Yes on disclaimer, FRST64 posted a window reading "Application Error Exception EAccessViolation in module ERUNT.exe at 00003A62. Access violation at address 00403A62 in module 'ERUNT.EXE'. Read of address 0069005C." Clicked OK. FRST64 posted a window reading "Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Failed to update (4)" Clicked OK. Clicked Scan. Scan completed. Logs for these runs enclosed. Let me know if you want the logs from the runs that took place before I came to the forum. Cheers! Edward Addition.txt FRST.txt scan_160811-110353.txt
  7. Windows becomes unresponsive as soon as EAM starts to load (on boot) and if left long enough some of the EAM Interface graphic will appear (takes hours). If I boot in safe mode, disable EAM and reboot Windows works normally. I have tried uninstalling / reinstalling EAM and get the same problem. Event logs show an error "the program a2guard.exe version 11.10.0.6563 stopped interacting with windows and was closed". System is Windows 10 home 64 bit. Any help would be greatly appreciated.
  8. Greetings, As the title says it automatically opens a link which the redirects me to shorte.st which redirects me to some symantec page on forum. My browser has only 2 extensions which I have been using all my life and none other. I first though it opens the shortening url page then redirects me to symantec forum page but when I look at my history I saw another link before that one: http://insightlk.com/download/download.php?mn=9995 Even if the browser is closed it will open the browser and then the link (google chrome cause it's default one I guess). Thanks in advance. Addition.txt FRST.txt scan_160626-161309.txt
  9. Hi! Yesterday I believe it was I was prompted by EIS to re-boot the software to load new modules I believe it was. I did this and then a message came up saying there were either missing and/or broken components to my current EIS program and that I needed to download a new copy. I uninstalled EIS, and re-booted. I then have a saved copy of Emsiclean, so I clicked on the desktop icon which stated that nothing was left from Emsisoft programs. I then re-booted again, went to the EIS site and was able to download a new copy of the latest version. I had to reset everything in EIS to the way it was manually as my settings were not carried over. The program seems to be working fine now, as my other version was going like 7 hours sometimes between updates (have set for every 1.5), which I thought might be Emsisoft server issues. Anyway, I use password protection so I activated that feature. I am the only one with an administrative account, and I deactivate the majority of Emsisoft control setting/adjustment features once I set my program settings to where I want them. This results in their "greying out" so as to become set and unadjustable on EIS. Well when I closed the EIS program and re-opened it, on a few occasions now, when I go to file guard, I am able to change the settings, as they are not greyed out. Once I do, they then turn grey and unadjustable. I don't know if this is a known glitch, or not. I don't want to return log files, but was just wondering. Thanks
  10. W8.1, 64-bit, reinstalling EIS v11.7.0.6394, as advised in: http://support.emsisoft.com/topic/20057-possible-virtual-memory-problem-with-a2serviceexe/ I did a very thorough uninstall of EIS, several restarts, ran the Emsi diagnostic .bat file several times - before uninstall, during and after, and also made full registry backups before, during and after. I used Emsiclean to get rid of registry entries not removed by the ordinary installer. During the following install (using an installer I downloaded at 1356 on 20160519, it all went well until it tried to contact your servers to get uptodate signatures, when it said it couldn't connect. I ran your diagnostic .bat file at that point and all three of its traceroutes worked fine, and with similar routes & timings to the tracerts done before I started the uninstall. I continued on past this stage. When EIS started at the end of the install, the GUI showed up in orange saying the product was out of date. I noted at that point that ping/tracert issued from a command window failed (as I'd found several months ago, discussed at: http://support.emsisoft.com/topic/19819-new-to-eis-and-dont-understand-why-an-app-is-being-blocked/ ). As was true then, I have Windows set up thinking that I'm always (even at home) using a public network. Previously I'd eventually told EIS to set itself up as a Priivate network, so that ping etc issued from a command window would work. So I tried to do that again. I didn't work. Even with a reboot, and despite the 'Manage Networks' option "Use Windows settings for new connections" being unset, and "Category for new connections" being set to: Private network, the top part of the display still says that EIS thinks I'm on a Public Network. Before I tried the reboot with those settings, I also tried a slightly less drastic option: I unplugged the LAN cable, turned on debug logging, closed the GUI, reconnected the cable, re-opened the GUI, checked debugging was still on (yes), and went to Manage Networks... and observed the incorrect setting. Then I turned off that debug logging. Do you want those logs? Clicking on 'update now' in the GUI simply produces a message saying it can't connect to the servers.
  11. Hello! This morning my internet service was acting up, believe due to local thunderstorms in the area. EIS was not able to auto-update. When my internet eventually started working, I attempted to do a password necessary manual update. I had the GUI opened. Usually, it will show "Initializing", and it will have a "Gauge" which shows it has activated and doing downloads. Well this time nothing appeared on the GUI. It was inactive. Eventually the downloads successfully completed, and the pop-up alert arose stating it completed. However, no activity on the GUI. It was still showing 10 hours since last update. When I hovered over the Emsisoft symbol in the taskbar, this showed it was now up to date, but not the GUI. I then closed the GUI and re-opened it, and it then appeared to show it was up to date.
  12. Hello, I was infected by malware about 6 weeks ago. After trying numerous programs and a fruitless round of Customer No-Service from Malwarebyes, this insipid piece of evil refuses to stay away once and for all! I thought for the past few days that I may have finally got it out of my hair. I started a trial run of Emsisoft's Anti-Malware and performed a malware scan right away (Those scan results are included in the attachments). It did indeed find the hijacker and I quarantined it-and it's still sitting there. After that, I had no problems at all. But then came today and so I'm back to square one. Even though I've had several hijack occurrences today, the scan results continue to show no infection with either the Emergency Kit or the Anti-Malware scanner. I must add that Malwarebytes Premium has also caught the hijacker soon after it has struck. I almost totally reset Windows trying to finally get rid of it, but my notebook has a lot of bloatware and I'd hate to have to go through all of that, including the increasing mountain of Windows updates as well. Please note that this is my 2nd attempt to post. That damn hijacker took out the 1st one. I just clicked on the screen and the tab I was on abruptly closed on me. Typical hijacker behavior! Thank you, auto save! Rick scan_160211-220441.txt scan_160214-185519.txt Addition.txt FRST.txt
  13. I also just downloaded and installed EEK (v11.0.0.6082) on a flash drive. Upon launching it the first time, I was promped to check for updates and, they too were downloaded and installed. Next, I ran Custom scan that seemed to complete successfully. About that time I got an "error" pop-up from Windows saying: "a device driver was not found/not installed successfully/device unplugged". Buy this time the user interface for EEK had "closed" so, I couldn't check the log to see if anything had been found during the scan. I attempted to re-launch EEK but it would no launch a second time!! I returned to the Newsletter that I accessed the EEK download from and saw a link for "an online version" of EEK. Have I misunderstood something here -- is the fact that I have installed my copy of EEK on a flash/thumb drive mean I cannot get the updates?? Why would I get an error about a device driver (I've been using my USB ports quite regularly with no problem). I'm running Windows 7 and the following security programs: Windows 7 PRO(64bit) SP-1; 16GB RAM Windows Defender Emsisoft Internet Security (malware & firewall) Malwarebytes Home Premium WinPatrol/WinPrivacy/WinAntiRansom Task Catcher (BillP Studios)
  14. Hi I had an update to EIS last night that required a restart and all seemed to go well until I turned my machine on this morning and I then got an Emsisoft error message saying that 'a major problem has prevented the application from starting' (see attached screenshot). I tried couple of reboots but the problem persists - so I thought a reinstall might help. So, I uninstalled EIS and rebooted twice and tried to reinstall but now I get a message saying 'it appears a version of EIS is already installed on your system' (see screenshot) and I can't uninstall it now as it no longer shows in the program list following the uninstall I did earlier. I've checked in Task Manager and the a2 AntiMalware service is showing in a stopped state so it appears the uninstall didn't work properly. I also still had the Emsisoft NDIS packet filter visible and enabled in my wifi adaptor properties - I've since uninstalled this driver and tried to reinstall EIS but the problem still persists - I can't install as it thinks it's already installed. I ran Emsiclean.exe, and closed it without letting it clean up, so that it generated a log file (see attached). Please advise me how to fix this. Thanks Marko EmsiClean_2016.02.05_10.32.24.txt
  15. I haven't had my laptop on for nearly two months, so when I turned it on all programs had to be updated. After Emsisoft updated it scanned and when the scan was finished and I closed the window there was an error window behind it. I have attached here. Also, where do I go to find out if my version has been updated; to find out which version I have?
  16. Hi Guys, I need a little help with this one. Since the update of 23rd November, I keep getting the BSOD when I run ExpressVPN (Version 4.1.1.380) on a Windows 7 32 bit O/S. This only occurred following that update. ExpressVPN DOES NOT crash when using the LT2P or the SSTP protocol options, just openvpn. I tried uninstalling and reinstalling the following Microsoft Net Framework 3.5.1 Microsoft Net Framework 4.5.2 Emsisoft Internet Security 11.0.0.5958 ExpressVPN Version 4.1.1.380 Whilst ExpressVPN app was uninstalled, and after reinstalling the other programmes above minus ExpressVPN, I tried installing OpenVPN 2.3.8 I601, using the ExpressVPN OVPN config files. I got the same result. Next I uninstalled Emsisoft Internet Security and ran ExpressVPN App in OVPN (TCP and UDP options) and it worked fine. No crash. So this is clearly a Emsisoft issue. I have included the last few minidumps and a Farbar scan as attachments. I would appreciate any advice. I don't consider myself a novice user, but having trouble souring the cause of this issue. I can see that fwndislwf32.sys is implicated in the problem but it still occurs even with the firewall turned off. Even with Emsisoft in disable all protection mode, this error keeps occurring. I have also run a Hitman Pro and MRT scan to see if anything came up but the system was entirely clear of any malware. The only thing that came up on Hitman Pro were tracking cookies, which would have been removed anyway by CCleaner when I closed the browser. Many thanks in advance. Mike aka Wheelie 112615-25490-01.dmp 112615-30295-01.dmp 112615-78452-01.dmp Addition.txt FRST.txt
  17. I'm getting the window that DEP closed Emsisoft to protect my computer. This is the second time in a week this has happened so I'm coming to the forum with it. Can anyone tell me why this is happening?
  18. Yesterday whilst on BT I got a pop-up asking me to do a survey, purportedly from BT - which I closed. I had a few tabs open on Edge and suddenly there was a 'warning' that I had a virus, that the site was unsafe (copied below) which I'd never heard of and to phone Microsoft toll free on the number written there. Needless to say I didn't do anything but I couldn't close Edge down unless I went through Task Manager but as soon as I re-booted up they all came again. I changed browser and went to Microsoft to find that Microsoft Edge had been hijacked. Prior to this I had run Emsisoft Emergency and quarantined 1 item - not this one - so I ran it again and I found 2 - one of which was the one referred to. I tried to take a screen shot of the messages but couldn't. Emsisoft quarantined the address and told me to come here and that experts would sort it for me, so here I am. Immediately after it was quarantined Edge was free of tabs but I'm not going to use it. When I put the computer on today message from Emsisoft said this site was trying to activate or something. Would I be safe if I uninstalled Edge? I find this situation very scary as I've never been 'targeted' before. The site in question is: attention.unugq.netdna-cdn.com/LP0304_uk/index.html?city=Wolverhampton&ip=86.170.33.235&isp=BT I have Win 10 Home 64-bit - Processor: AMD Athlan 11 x 2 220 2.80 GHz I hope I've given you all the info and look forward to hearing back from you. Thanks in advance.
  19. My Emsisoft Scan reports I have the 2 problems listed above. Enclosed are the logs; appreciate your help. Jim G. scan_150807-110802.txt FRST.txt Addition.txt
  20. Hi Kevin, you helped me before, I wonder if you could possibly help me again, please! Today I got one of those fake FBI warning web pages, saying I had accessed illegal information. I quickly closed the page, it tried to re-open so I closed it again. I then restarted my pc in safe mode with command prompts and did a system restore to the day before. I ran a smart scan with Emisoft Emergency Kit and it didn't find anything (apart from a false positive which is always finds). I then ran MalwareBytes Anti-Malware which found another false positive from another Chinese program. I deleted both these reported files just to be safe. I ran HitmanPro and it found a few tracking cookies, a few false positives from Chinese programs, and reported my certclient.dat as being suspicious. I didn't do anything with them and came to this forum for help. The scam web page didn't seem to take control of my browser or my computer in any visible way, but my antivirus reported that several web addresses were being redirected. After a Google search of the IP, it seems that may be my Astril VPN. What should I do to make sure my PC hasn't been infected? I ran Emisoft again as per the forum instructions (smart scan?), and then Farbar and attached the files. Thanks again, Kevin. Scan_150718-160524.txt FRST.txt Addition.txt
  21. Last night, I updated my windows updates. I usually wait several days to find out about possible issues with the updates. After not finding any (might be a careless error of mine,) I decided to install the windows updates last night. While in the process of downloading and installing the windows updates, Emsisoft Anti-Malware also installed an update that required a reboot because it contained updates for behavior blocker and other features for the program. Once my laptop restarted and booted back up, my laptop was barely functioning. My laptop continued to hang and stall. When I tried to open a program, a web browser, or whatever, it would not open. If it did open, when I closed it, the process would still be showing in process explorer as if it were still running. I tried manually terminating the process in process explorer, but it had no effect. Moreover, I could not run anything on my laptop after that point. If I tried to open something after that point, nothing would happen. My computer would be unresponsive. I had to manually turn off my laptop by pressing the button on the side. I am unsure what is causing the problem. It still persists. I can hardly use my laptop. I have done system restore several times, which seems to have fixed the issue each time; however, every time I do system restore, Emsisoft Anti-Malware updates with the one update that requires a system restart. Subsequently, my laptop reverts back to being hardly operable. I am now just leaving my laptop on because if the I restart/turn off my computer, the update will autoinstall and the problem will surface. Can anyone please assist me? Edit: I have turned my laptop off since I originally posted. As a result, EAM updated once again with the system restart update. Since then, my computer seems to be running fine, but when I open Chrome, Chrome starts to malfunction after a few minutes and/or will not close after I click out of it. After that, I cannot run any more processes or open any more windows. I am still guessing that there is an issue with the update maybe. I am probably going to use system restore once again to return to a point before the EAM update was installed to find out of Chrome functions without any problems. I currently using a system restore point that is before my latest updates from Tuesday, July 14th. Edit 2: I was trying to use my laptop after the EAM system restart update was installed/updated, but the same aforesaid symptoms resurfaced. I once again used system restore to a point before the EAM system restart update. Thus far, I do not have any problems, including using Chrome. I am thinking that it is becoming more evident that the problem somehow lies in the EAM system restart update or it causes the problem(s.) Again, my laptop stalls and is hardly operable after the EAM system restart update is installed. If someone could please help me, I would be most grateful.
  22. 1. I disabled the firewall 2. Rebooted 3. Opened Emsisoft (you can see the firewall is disabled) 4. Opened Device Manager (Emsisoft WFP Filter says it is Started) 5. Opened DebugView from Microsoft SysInternal Suite (monitoring all events/ kernel / win32 instructions) 1. Enabled Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (It still says Started) 3. DebugView, the way I read it, there was no change in services, also why "Request queue is empty" 1. Disabled Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (it now says Stopped) 3. Debugview, indicates calls were made to services to disable fwwfp and sets status code to zero (ie. disabled) 1. Activated Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (it still says Stopped) 3. Debugview, doesn't appear to have made a call to start the service again. At this stage, I can not connect to any websites, and I also believe is related to why my internet drops out (as svchost times out on connecting) Even after I restart the fwwfp service manually from Device Manager, i have to reboot in order to connect to the internet. I am using Version 10.0.0.5532 I have reinstalled twice, rebooting twice in between installations. I have reset settings to Factory Defaults several times.
  23. I'm running a trial of Emsisoft Internet Security and can get into Quickbooks from my computer but other computers on my network say it is unavailable. The Quickbooks File Doctor reports * Port number 55348- 'QuickBooks Database Port Service' for QuickBooks 2012 is closed on 'Boss-PC'. * Port number 8019- 'QuickBooks Port Finder Service' is closed on 'Boss-PC'. I do not see anything on the forums to resolve this. If I cannot get it straightened out quickly i will be forced to dump Emsisoft. I have done a custome rule as shown in the attached picture but it may not be done correctly as it does not help resolve the issue. Any help? Thanks
  24. I installed Emsisoft from the wizard fine, it completed and everything. The time the window it takes (the one you put your license key or choose trial version) took a lot of time to pop up, around 5 minutes, I put my key code and everything and the window closed. Then this thing showed up http://gyazo.com/38eb866b442299c67908ecd6761070d5 Few minutes later http://gyazo.com/bad5965d0cc0d8ab4ded6c7dbfba5cf2 I restarted the pc and the tray icon is red with a cross inside saying "Emsisoft - Background guard". I've already trying uninstalling and reinstalling more than 2 times with no success. PS: I don't know if this can help somehow but I installed the hotfix the installer mentions before I install EIS.
  25. Hi Emisoft, esp. Kevin Zoll, I'm a PC user with a potential malware Q, which shares a loopback address mentioned in one of your malware-fixes online, this past week. http://support.emsisoft.com/topic/17265-high-ram-usage/ Could I briefly ask about best steps / tactics? >> My story: Windows 7, Lenovo Thinkpad. I was recently running Lenovo update, which said "unable to connect to the proxy server". Looking at my Internet settings (IE), >> LAN settings, under 'Automatic Configuration': + Automatically detect settings. (was Checked, as usual for Earthlink / Time-Warner). + 'Use automatic configuration' script, was checked, with this localhost loopback: http://127.0.0.1:8445/okf.pac >> I just saw, you advised a fix for removing this same address, on your post cited above. So yesterday, I removed this loopback, unchecked 'Use automatic configuration', & closed Internet settings. When I reopened IE settings, 'automatic config. script' was still unchecked, but the loopback address was still there, greyed out. I searched my registry for this address, found the loopback in three entries at these keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies I backed up registry & deleted all 3. However, that loopback remains in my IE settings, albeit greyed-out, as long as 'automatic config. script' is unchecked. >> So far as I know, it loops back to a proxy port on my LAN server. I almost never use IE, prefer Firefox, so no idea how long its been this way. I infrequently use, & still have installed two VPN's: OkayFreedom & Cyberghost. These VPN seem fairly mainstream, & I found no complaints they do this kinda thing. So I feared malware. As per yr recommends, I ran these anti-malwares, tho nothing came up, except some IE 'ProxyEnable' Registry items (I can likely change those): 1) CCleaner, (excluding windows logs). 2) M$ Malicious software removal, reports nothing. 3) Malwarebytes' Anti-Malware, reports nothing... see log, (AMWB.txt). 4) OTL, see logs (2). 5) Emisoft EEK, smart-scan, see log (a2scan_150515-143323.txt) 6) FRST64, see logs (2). I attach six (6) logs here. Finally, I had purchased this laptop last fall from a (reputable) refurbisher, who said he reconstituted Windows from the 'Lenovo Recovery' partition. Well, maybe this is a standard in Lenovo's special sauce. Can I briefly ask 4 you suggestion ? ~ Regards, Gadzoox AMWB.txt OTL.Txt Extras.Txt a2scan_150515-143323.txt FRST.txt Addition.txt
  • Who's Online   0 Members, 0 Anonymous, 68 Guests (See full list)

    There are no registered users currently online