Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. I haven't had my laptop on for nearly two months, so when I turned it on all programs had to be updated. After Emsisoft updated it scanned and when the scan was finished and I closed the window there was an error window behind it. I have attached here. Also, where do I go to find out if my version has been updated; to find out which version I have?
  2. Hi Guys, I need a little help with this one. Since the update of 23rd November, I keep getting the BSOD when I run ExpressVPN (Version on a Windows 7 32 bit O/S. This only occurred following that update. ExpressVPN DOES NOT crash when using the LT2P or the SSTP protocol options, just openvpn. I tried uninstalling and reinstalling the following Microsoft Net Framework 3.5.1 Microsoft Net Framework 4.5.2 Emsisoft Internet Security ExpressVPN Version Whilst ExpressVPN app was uninstalled, and after reinstalling the other programmes above minus ExpressVPN, I tried installing OpenVPN 2.3.8 I601, using the ExpressVPN OVPN config files. I got the same result. Next I uninstalled Emsisoft Internet Security and ran ExpressVPN App in OVPN (TCP and UDP options) and it worked fine. No crash. So this is clearly a Emsisoft issue. I have included the last few minidumps and a Farbar scan as attachments. I would appreciate any advice. I don't consider myself a novice user, but having trouble souring the cause of this issue. I can see that fwndislwf32.sys is implicated in the problem but it still occurs even with the firewall turned off. Even with Emsisoft in disable all protection mode, this error keeps occurring. I have also run a Hitman Pro and MRT scan to see if anything came up but the system was entirely clear of any malware. The only thing that came up on Hitman Pro were tracking cookies, which would have been removed anyway by CCleaner when I closed the browser. Many thanks in advance. Mike aka Wheelie 112615-25490-01.dmp 112615-30295-01.dmp 112615-78452-01.dmp Addition.txt FRST.txt
  3. I'm getting the window that DEP closed Emsisoft to protect my computer. This is the second time in a week this has happened so I'm coming to the forum with it. Can anyone tell me why this is happening?
  4. Yesterday whilst on BT I got a pop-up asking me to do a survey, purportedly from BT - which I closed. I had a few tabs open on Edge and suddenly there was a 'warning' that I had a virus, that the site was unsafe (copied below) which I'd never heard of and to phone Microsoft toll free on the number written there. Needless to say I didn't do anything but I couldn't close Edge down unless I went through Task Manager but as soon as I re-booted up they all came again. I changed browser and went to Microsoft to find that Microsoft Edge had been hijacked. Prior to this I had run Emsisoft Emergency and quarantined 1 item - not this one - so I ran it again and I found 2 - one of which was the one referred to. I tried to take a screen shot of the messages but couldn't. Emsisoft quarantined the address and told me to come here and that experts would sort it for me, so here I am. Immediately after it was quarantined Edge was free of tabs but I'm not going to use it. When I put the computer on today message from Emsisoft said this site was trying to activate or something. Would I be safe if I uninstalled Edge? I find this situation very scary as I've never been 'targeted' before. The site in question is: attention.unugq.netdna-cdn.com/LP0304_uk/index.html?city=Wolverhampton&ip= I have Win 10 Home 64-bit - Processor: AMD Athlan 11 x 2 220 2.80 GHz I hope I've given you all the info and look forward to hearing back from you. Thanks in advance.
  5. My Emsisoft Scan reports I have the 2 problems listed above. Enclosed are the logs; appreciate your help. Jim G. scan_150807-110802.txt FRST.txt Addition.txt
  6. Hi Kevin, you helped me before, I wonder if you could possibly help me again, please! Today I got one of those fake FBI warning web pages, saying I had accessed illegal information. I quickly closed the page, it tried to re-open so I closed it again. I then restarted my pc in safe mode with command prompts and did a system restore to the day before. I ran a smart scan with Emisoft Emergency Kit and it didn't find anything (apart from a false positive which is always finds). I then ran MalwareBytes Anti-Malware which found another false positive from another Chinese program. I deleted both these reported files just to be safe. I ran HitmanPro and it found a few tracking cookies, a few false positives from Chinese programs, and reported my certclient.dat as being suspicious. I didn't do anything with them and came to this forum for help. The scam web page didn't seem to take control of my browser or my computer in any visible way, but my antivirus reported that several web addresses were being redirected. After a Google search of the IP, it seems that may be my Astril VPN. What should I do to make sure my PC hasn't been infected? I ran Emisoft again as per the forum instructions (smart scan?), and then Farbar and attached the files. Thanks again, Kevin. Scan_150718-160524.txt FRST.txt Addition.txt
  7. Last night, I updated my windows updates. I usually wait several days to find out about possible issues with the updates. After not finding any (might be a careless error of mine,) I decided to install the windows updates last night. While in the process of downloading and installing the windows updates, Emsisoft Anti-Malware also installed an update that required a reboot because it contained updates for behavior blocker and other features for the program. Once my laptop restarted and booted back up, my laptop was barely functioning. My laptop continued to hang and stall. When I tried to open a program, a web browser, or whatever, it would not open. If it did open, when I closed it, the process would still be showing in process explorer as if it were still running. I tried manually terminating the process in process explorer, but it had no effect. Moreover, I could not run anything on my laptop after that point. If I tried to open something after that point, nothing would happen. My computer would be unresponsive. I had to manually turn off my laptop by pressing the button on the side. I am unsure what is causing the problem. It still persists. I can hardly use my laptop. I have done system restore several times, which seems to have fixed the issue each time; however, every time I do system restore, Emsisoft Anti-Malware updates with the one update that requires a system restart. Subsequently, my laptop reverts back to being hardly operable. I am now just leaving my laptop on because if the I restart/turn off my computer, the update will autoinstall and the problem will surface. Can anyone please assist me? Edit: I have turned my laptop off since I originally posted. As a result, EAM updated once again with the system restart update. Since then, my computer seems to be running fine, but when I open Chrome, Chrome starts to malfunction after a few minutes and/or will not close after I click out of it. After that, I cannot run any more processes or open any more windows. I am still guessing that there is an issue with the update maybe. I am probably going to use system restore once again to return to a point before the EAM update was installed to find out of Chrome functions without any problems. I currently using a system restore point that is before my latest updates from Tuesday, July 14th. Edit 2: I was trying to use my laptop after the EAM system restart update was installed/updated, but the same aforesaid symptoms resurfaced. I once again used system restore to a point before the EAM system restart update. Thus far, I do not have any problems, including using Chrome. I am thinking that it is becoming more evident that the problem somehow lies in the EAM system restart update or it causes the problem(s.) Again, my laptop stalls and is hardly operable after the EAM system restart update is installed. If someone could please help me, I would be most grateful.
  8. 1. I disabled the firewall 2. Rebooted 3. Opened Emsisoft (you can see the firewall is disabled) 4. Opened Device Manager (Emsisoft WFP Filter says it is Started) 5. Opened DebugView from Microsoft SysInternal Suite (monitoring all events/ kernel / win32 instructions) 1. Enabled Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (It still says Started) 3. DebugView, the way I read it, there was no change in services, also why "Request queue is empty" 1. Disabled Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (it now says Stopped) 3. Debugview, indicates calls were made to services to disable fwwfp and sets status code to zero (ie. disabled) 1. Activated Firewall in EIS 2. Closed Device Manager Properties and Re-opened to read current status (it still says Stopped) 3. Debugview, doesn't appear to have made a call to start the service again. At this stage, I can not connect to any websites, and I also believe is related to why my internet drops out (as svchost times out on connecting) Even after I restart the fwwfp service manually from Device Manager, i have to reboot in order to connect to the internet. I am using Version I have reinstalled twice, rebooting twice in between installations. I have reset settings to Factory Defaults several times.
  9. I'm running a trial of Emsisoft Internet Security and can get into Quickbooks from my computer but other computers on my network say it is unavailable. The Quickbooks File Doctor reports * Port number 55348- 'QuickBooks Database Port Service' for QuickBooks 2012 is closed on 'Boss-PC'. * Port number 8019- 'QuickBooks Port Finder Service' is closed on 'Boss-PC'. I do not see anything on the forums to resolve this. If I cannot get it straightened out quickly i will be forced to dump Emsisoft. I have done a custome rule as shown in the attached picture but it may not be done correctly as it does not help resolve the issue. Any help? Thanks
  10. I installed Emsisoft from the wizard fine, it completed and everything. The time the window it takes (the one you put your license key or choose trial version) took a lot of time to pop up, around 5 minutes, I put my key code and everything and the window closed. Then this thing showed up http://gyazo.com/38eb866b442299c67908ecd6761070d5 Few minutes later http://gyazo.com/bad5965d0cc0d8ab4ded6c7dbfba5cf2 I restarted the pc and the tray icon is red with a cross inside saying "Emsisoft - Background guard". I've already trying uninstalling and reinstalling more than 2 times with no success. PS: I don't know if this can help somehow but I installed the hotfix the installer mentions before I install EIS.
  11. Hi Emisoft, esp. Kevin Zoll, I'm a PC user with a potential malware Q, which shares a loopback address mentioned in one of your malware-fixes online, this past week. http://support.emsisoft.com/topic/17265-high-ram-usage/ Could I briefly ask about best steps / tactics? >> My story: Windows 7, Lenovo Thinkpad. I was recently running Lenovo update, which said "unable to connect to the proxy server". Looking at my Internet settings (IE), >> LAN settings, under 'Automatic Configuration': + Automatically detect settings. (was Checked, as usual for Earthlink / Time-Warner). + 'Use automatic configuration' script, was checked, with this localhost loopback: >> I just saw, you advised a fix for removing this same address, on your post cited above. So yesterday, I removed this loopback, unchecked 'Use automatic configuration', & closed Internet settings. When I reopened IE settings, 'automatic config. script' was still unchecked, but the loopback address was still there, greyed out. I searched my registry for this address, found the loopback in three entries at these keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies I backed up registry & deleted all 3. However, that loopback remains in my IE settings, albeit greyed-out, as long as 'automatic config. script' is unchecked. >> So far as I know, it loops back to a proxy port on my LAN server. I almost never use IE, prefer Firefox, so no idea how long its been this way. I infrequently use, & still have installed two VPN's: OkayFreedom & Cyberghost. These VPN seem fairly mainstream, & I found no complaints they do this kinda thing. So I feared malware. As per yr recommends, I ran these anti-malwares, tho nothing came up, except some IE 'ProxyEnable' Registry items (I can likely change those): 1) CCleaner, (excluding windows logs). 2) M$ Malicious software removal, reports nothing. 3) Malwarebytes' Anti-Malware, reports nothing... see log, (AMWB.txt). 4) OTL, see logs (2). 5) Emisoft EEK, smart-scan, see log (a2scan_150515-143323.txt) 6) FRST64, see logs (2). I attach six (6) logs here. Finally, I had purchased this laptop last fall from a (reputable) refurbisher, who said he reconstituted Windows from the 'Lenovo Recovery' partition. Well, maybe this is a standard in Lenovo's special sauce. Can I briefly ask 4 you suggestion ? ~ Regards, Gadzoox AMWB.txt OTL.Txt Extras.Txt a2scan_150515-143323.txt FRST.txt Addition.txt
  12. Hi. My OS is Windows 8.1 Enterprise x64. EAM version I closed the "Emsisoft News" box, then Action Center told me no antivirus software is running. I checked the event viewer and found this: Log Name: Application Source: Application Error Date: 12/5/2558 21:25:23 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: Sirawit-PC Description: Faulting application name: a2service.exe, version:, time stamp: 0x554e6f77 Faulting module name: a2engine.dll_unloaded, version:, time stamp: 0x5538d5f2 Exception code: 0xc0000005 Fault offset: 0x000603ac Faulting process id: 0x4f8 Faulting application start time: 0x01d08bb21dfcf049 Faulting application path: C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe Faulting module path: a2engine.dll Report Id: b905548b-f8b2-11e4-8269-54271e1869e6 Faulting package full name: Faulting package-relative application ID: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-05-12T14:25:23.000000000Z" /> <EventRecordID>11988</EventRecordID> <Channel>Application</Channel> <Computer>Sirawit-PC</Computer> <Security /> </System> <EventData> <Data>a2service.exe</Data> <Data></Data> <Data>554e6f77</Data> <Data>a2engine.dll_unloaded</Data> <Data></Data> <Data>5538d5f2</Data> <Data>c0000005</Data> <Data>000603ac</Data> <Data>4f8</Data> <Data>01d08bb21dfcf049</Data> <Data>C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe</Data> <Data>a2engine.dll</Data> <Data>b905548b-f8b2-11e4-8269-54271e1869e6</Data> <Data> </Data> <Data> </Data> </EventData> </Event> Please tell me if you need any more info. Thank you.
  13. Hello I tested EIS By pcflank (Advanced Port Scanner), Unfortunately EIS closed ports except 135, 139 http://www.pcflank.com/scanner1.htm Is it normal?? I think, EIS must stealthed all ports. Addition.txt FRST.txt EIS fully updated Win 7 SP1 64bit
  14. Hello and thanks in advance, I hope you can help. Windows explorer keeps restarting sometimes from it self or as I try to open a file (even in SafeMode), and CPU get really high without obvious reason. Besides I get black/blue strip/area occasionally on part of screen and youtube videos. Malewarebytes keeps blocking access to scvhost.exe, and I've already tried everything I can think of, run several programs (you can see it in FRST.text, reset browser settings (IE i Firefox) and chose no proxy for Internet, even installed Microsoft hoxfix, but problems persists. If you need any additional information just ask please, don't wanna to write a book... Please find enclosed reports as you requested. I've added 150321-'''130.txt from yesterday - first scan with EEK you may need it. a2scan_150322-164957.txta2scan_150321-000130.txtFRST.txtAddition.txt
  15. I currently have Emsisoft on my Computer (Vista Home Premium 32 Bit) but an having problems with my Windows Vista applications. 1)I keep getting Windows Command prompts being closed, 2) Multiple "Default IME" showing in Task Manager 3) Multiple "Internet Explorer" in Task manager 4) Emsisoft Full scan will not completely run to conclusion. 5)The computer is running extremely slow. I attached the Text files your website requested from Emsisoft Emergency Kit and Farbar Recovery Scan Tool. (I had to download them to a USB flash drive because my computer was running too slow. a2scan_150306-225258.txt Addition.txt FRST.txt Shortcut.txt
  16. Sorry I cuoldn't utilize internet on this week, I think you have closed the other topic because I didn't post anything. So now I attach the logs required in the second post. AdwCleanerS0.txt Fixlog.txt JRT.txt
  17. PingPlotter and plain ol tracert and ping can't seem to get out. I have not changed any settings in the firewall screen from the defaults (still trying to understand the layout of this new firewall coming from OA). It did previously show up in the (logs,firewall) log as having automatically added it with "IN/OUT - All Allowed" HOWEVER it didn't work. While this was happening I switched over to cmd prompt and tried tracert both programs show request timed out. I then tried to manually add the program via (Protection, Application rulews) the first time it simply wouldn't add, I went to the application rules and it wasn't there. I closed and re-opened the EIS dialog and went back to Application Rules and this time it stuck but pingplotter still failed to be able to get out, I confirmed in the log that it is there (IN/OUT - All Allowed) for the pingplotter.exe, same with tracert still times out. If I disable the EIS Firewall (Protection, Firewall, Uncheck OR the Protection screen) and then re-enable the windows firewall in action center both programs work properly (tracing and pinging is not longer blocked). I have attached the Protection Firewall screen and I don't recall ever modifying any rules directly on this screen, are they defaults? Any ideas would be appreciated, I keep suspecting I am just not used to this layout (brain is still in OA mode) and might be missing something. EIS Windows 8.1 pro 64bit
  18. hi i am having the same question, when making an online test onli 5-7 ports are stealhed and the rest are only closed. most of the firewalls use to stealth all the ports... besides even tho i set up emsi to be in a private network... other pc are able to read my host name and identify my pc... also for them they are able to reach my pc.... (when making ping to other ports) with other firewalls my pc is not even recognized and the results for all ports is stealhed.... this happens no matter which network i use... i usually go online in my campus and my house
  19. Hi :-) I was getting frequent warnings about EMIS Overwiew Has Shut Down everytime I closed the interface after a scan and occasionally at other times. Though I always believed it to be a false warning, it did make me feel unsure and I often I would restart my PC. I was looking at the Anti-Malware Forum where users there were reporting a similar issue. The suggestion there was to enable Beta Updates because the issue had been fixed in one of those updates. So, I of course enabled Beta Updates in EMIS. Soon thereafter, after surfing the net for several minutes my internet connection closed down. This happened several times. On a restart of my PC, which was the only way to re-open it, it was always open again. Whether this was a mere coincidence with problems with my ISP I do not know, but because of the nature and timing of the interruptions I doubt my ISP was the cause. I have uninstalled EMIS that had been updated with the Beta Updates. Will be running another security program tonight just too see if it was my ISP and will reinstal EMIS tomorrow with no Beta Updates and put up with the warnings about the Security Overview Stopped Working warnings, which after a time do become annoying.
  20. this is the final scan from the thread that was just closed with the same topic title . I had run the report and thought I already posted it .a2scan_141205-142714.txt
  21. Hello, This issue has suddenly appeared within the last two weeks; computer is extremely slow, Norton keeps reporting it's blocked various malware, internet is grindingly slow (we're on Verizon DSL) and shutting down the computer is slow as it always says something is running when when we've closed all "visible" programs. My system; Windows 7 Home premium, Service Pack 1 Dell Inspiron 1750 64 bit 2 GHz Norton 360 Messages from Norton and the Computer; Computer - Powershell has stopped working High Disk read usage by Com Surrogate There are more than this but I'm not sure which are relevant. Norton - reports that its blocked or removed (after a full scan, but of course they are still there) the following; Adware.Maltree.TS!g23 Trojan.Powelik Protecting your connection to a newly detected adapter "Teredo Tunneling Pseudo Interface (haven't installed any new hardware of software recently) Angler Exploit Kit Website There are more than this but I'm not sure which are relevant. Attached are the three analysis files Thanks, Peter
  22. My earlier post was closed because I was away from office for a week but I am back in action. Attached is the Fixlog.txt from running FRST. I also attached the originally requested files.
  23. Yesterday, while I was browsing on the Internet my cpu usage went to 100%, and it stays there. The Resource Monitor showed many dllhost.exe COM Surrogate running. The computer slows to a stand still. I have attempted to find what ever is causing it, but have failed to figure it out. The only way I can "fix" this is to open the resource monitor, click on the process and Suspend it. If I kill the process, it just restarts, and it appears to spin off additional dllhost.exe COM Surrogate's. I do not know if a virus or malware has a hold. Find enclosed: the results of the EMSIsoft full scan the FarBar Recovery Scan tool results a screen shot of my Resource Monitor Also, the results of two of the tools I ran while trying to fix this. Can you help? Thank-you, Keith L Terrill
  24. Was there a problem with the update server betwewen 4:00-7:00 AM this morning? Will EMIS update during a scan? Was running a full scan when I went to bed. Up early at 6:00 AM and noticed there had not been an update in over two hours, I then made several attempts to update manually and received a "could not connect to the update server" response." Eventually I was able to update. If there are no updates available at a time will EMIS report back that it was not able to connect to the server? When I closed the Protection Center GUI I got another of thos warnings that The Protection Center had Stopped with the option to close the program. This has happened several times before and as requested I emailed a crash dump for one of them. I had always assumed this was a false alarm triggered by a bug, but this time because of the update issue I wanted to restart my PC. During the shutdown I received one of those pages that siad "a program was restarting do you want to shut-down anyways?" I assume this program was the EMIS security center or security. When the security center stops working does the proterction also stop working? I had assumed it didn't. I'll send the crash dump reports to FW.
  25. I deciced that I would not renew my previous OAP licence having not remembered to check when it expired, also not getting a reminder to renew, to so reverted to the free version. I took the 30 day free trial of OAP, which incidentally did not have a functioning Banking Mode but what the hell because it's not what it used to be.. At the end of the 30 days, I was inveted to try the30 day free trial again. I closed down the window and carried on my merry way round the internet. It wasn't until next day that I noticed that OA free hadn't loaded on boot up. So launched it manually. Since then, I keep getting an invitation to try the 30 free trial of OAP. No matter whether I close the window, or ckick on "Next" to be told the trial has expired, the OA free closes down on its own. I then have to launch it manually. What the hell is going on???????
  • Who's Online   0 Members, 0 Anonymous, 26 Guests (See full list)

    • There are no registered users currently online
  • Create New...