Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. MY Windows PC has also get infected as the screen of the system has turned blue and the system is not booting after restarting. It is showing ERROR CODE 0XC0000428 in the interface and I really do not know how would I fix that.
  2. Win 10 1809 I have a machine upstairs that I use every couple of days. I updated it this morning to build 9204. After reading here about an issue https://support.emsisoft.com/topic/30517-update-to-version-2019109204-disabled-windows-startup/ I went upstairs to allow it to update to new build 9207 but had a look first and 'start with Windows' was unticked. However it had no problem updating or starting with Windows so I wonder if it is cosmetic? It is still unticked so I will restart machine and see what happens. Here are debug logs in case they help a2start_20190201090648(7192).zip
  3. Win 10 1809. Beta update installed ok. Not keen at all on the collapsible Settings part of the GUI which is like that every time you reboot. Why have you done that??
  4. My computer (desktop) has been infected for quite some time. After one of Microsoft Wndows 10 updates that turned off all my protection the machine got infected. That was close to 2 years ago. I have been working on getting rid of the many infections manually and with a few killers. I recently ran across EEK and us4ed it and I used FRST as outlined in hopes this will finally get my desktop back in action. When fully infected I could not run anything. After I did some cleaning I was able to get into safe mode. but the infections would not allow me to change anything, delete or remove any files it presented me with an error box stating that I did not have permission to do that or when I attempted to run various malware and virus killers or start any anti-virus program. It stated it was already running. I am hoping that you can assist me in remedying my situation at hand with my desktop. I have attached the reports from EEK and FRST as outlined. I thank you in advance for your assistance. Addition.txt FRST.txt scan_190130-155741.txt
  5. Hello, recently i have noticed a slowdown in my machine, could you please take a look. FRST.txt Addition.txt scan_190128-024733.txt
  6. I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019 I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don't know. Is this normal behavior for Windows 10 nowadays? I thought Windows host processes like Cryptographic service or Diagnostic Policy service must connect only to Microsoft IP addressess but why Google MSI Verizon and Cloudflare? I don't get it. They don't run very often, just occaionally pop up for a few second once a day, and quicly stop. Maybe I became a bot or something? I think Emsisoft would pick it up already External IP PID 216.58.209.35:80 Google LLC USA 4276 CryptSvc 93.184.220.29:80 MSI Communications UK 4276 CryptSvc 104.16.95.121:80 Cloudflare Inc USA 4276 CryptSvs 172.217.17.67:80 Google LLC US 4276 CryptSvc 93.184.221.240:80 MSI Communications UK 4276 CryptSvc 216.58.209.131:80 Google LLC US 4140 DPS
  7. Win 10 1809... EAM build 9188 After you do a malware scan for example, how long on average should it take before EAM Protection Service levels come down to the level they were before the scan? For example this screenshot below is before a scan. During the scan it goes up to around 300MB but takes quite a while to release the memory.
  8. Windows 8.1, 64 bit The beta correctly identifies that I don't as yet have the browser security extension installed on my default browser (which is Firefox), but I have to go looking in Settings to see that. I still don't get a warning (when I start Firefox) saying that the extension is not installed there - should that still happen? I do (still) get the warning when I start Chrome.
  9. Upon attempting to quarantine 4 suspicious files found during a scan, I got a message stating: "Removing these items bears an unusually high risk of crashing your operating system during automatic cleaning, as these threats are embedded deeply. The malware removal experts at the Emsisoft Support will guide you through a safe removal of these threats." Accordingly, I am attaching the requested log files as per the forum posting instructions, and await your instructions. scan_190124-135355.txt Addition_24-01-2019 14.11.35.txt FRST_24-01-2019 14.11.35.txt
  10. Please see attached screenshot. I don't know how to handle this because I get the same pop up if I click on quarantine.
  11. I have uninstalled this program several times and it always returns. I understand that it prob is not malware, but I already have Emsisoft so I don't need another trying to get my attention. It was installed without my permission, and I don't see how it could have piggy backed on anything because I have not installed any new programs lately. It does not have an uninstall option on its menu. I have tried remove using the Windows 10 App/uninstall. Can someone help please?
  12. So is this error which shows in Event Viewer after each EAM update Microsoft's fault? https://answers.microsoft.com/en-us/windows/forum/all/event-id-17-security-center-failed-to-validate/1fe0f4d7-8b4e-40a6-b607-e1895bfc7535
  13. My HP Pavillion dv7-7135us has been freezing up lately with no warning and no visible symptoms other than I return to it after a few hours and find it frozen. The only remedy is to power down. EEK and FRST files are attached. I tried to scrupulously follow the instructions. EEK did not display the same choices as the instructions, but I tried to get a clean scan, without changing any parameters after the sw updated itself. FRST showed no anomalies on operation. Addition.txt FRST.txt a2scan_190112-100254.txt
  14. I ran a scan and with EK and I see 7 varieties of threats, but I can't remove with either delete or quarantine? Help Here is my log file. scan_190109-092825.txt
  15. Win 10 build 9144. As part of some troubleshooting I uninstalled 9144 and selected for EAM to remove the everything option. It leaves a Program Folder in C drive with quarantine in it. Surely if I select to remove everything (all folders etc) it should do just that?
  16. I'm on the Beta feed. EAM just 'updated' but it's installed 2018.11.0.9073 when before that I was running 2018.12.1.9144. Why? See logs screenshot at: https://www.dropbox.com/s/lo685jpbogs0ce6/20190107 EAM update that isn't.jpg?dl=0
  17. https://malwaretips.com/threads/emsisoft-browser-security.88869/ Pity it wasn't posted here as well.
  18. Win 10 1809. EAM 9112. I noticed this the other day, but with it being Xmas I was too busy to make a report. So I reproduced the behaviour again today. Custom scan of C drive only and I did not use the machine in anyway while scan was running or until I looked at details of scan. Left it to run and it completed flagging Eicar as usual. I left the window open. About 10 mins or so later I looked at the scan report details. I closed the scan window and tried to open my browser. First I tried Sandboxied, then without Sandboxie. I tried to open CD Burner XP. It was as if something was preventing it and I am sure it was EAM after a custom scan and being left open afterwards. I can reproduce the behaviour each time. A definitions update occurred each time while the scan was running (just for info) Debug logs attached a2service_20181226043717(1660).zip
  19. I wish you and you beloved ones and family a Merry Christmas, have a peaceful and happy time. Cheers
  20. I just can't find/get rid of this software (Go.MennyThanks, or AAMennyThanks)), that was secretly installed on my computer. I'd prefer not having to buy more malware software. Can anyone help me? Thanks. Bob
  21. Win 10 1809. Auto update went through okay. No issues so far. I see on the main page of the GUI it's already 2019 !!
  22. Win 10 build 1809 with yesterday's 3 Windows updates installed. Fast start disabled. Noticed this in logs at shutdown and startup. Not seen that before.
  23. Please see here https://support.emsisoft.com/topic/30208-aktuelle-beta-keine-deutsche-sprachdatei-mehr/
  24. Win 10 Pro 64bit. using 9069 Disabled Behaviour Blocker via right-click Protection Status..Disable Behaviour Blocker option on EAM taskbar icon. (Obviously Anti Ransomware got disabled as well) After about 30 seconds I enabled it again via taskar icon. The Windows Security Center now has a red cross on it and says actions are needed. EAM says I am only partially protected despite all options being on and taskbar icon is green. Logs attached plus screenies. Screenie of Forensics show timeline of events. a2start_20181202044432(1748).zip
  25. Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually executing functions that are part of a malicious dll file. Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively. One is located in C:\Windows\System32\rundll32.exe Another one is in C:\Windows\SysWOW64\rundll32.exe Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot. I scanned my computer with Emsisoft while they were runnng. The scan result attached. I ran FRABAR scan. FRST nad Addition scans attached. I also ran cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached. Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to. I don't even click on links that I send to myself not to mention some attachments coming in an email. My browser security settings don't have even one weak cipher siute and they are all with forward secrecy, My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config strengthened security settings. I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now. Should I be worried about these two rundll32.exe? EEK SCAN.txt FRST.txt Addition.txt
×
×
  • Create New...