Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 842 results

  1. My HP Pavillion dv7-7135us has been freezing up lately with no warning and no visible symptoms other than I return to it after a few hours and find it frozen. The only remedy is to power down. EEK and FRST files are attached. I tried to scrupulously follow the instructions. EEK did not display the same choices as the instructions, but I tried to get a clean scan, without changing any parameters after the sw updated itself. FRST showed no anomalies on operation. Addition.txt FRST.txt a2scan_190112-100254.txt
  2. I have uninstalled this program several times and it always returns. I understand that it prob is not malware, but I already have Emsisoft so I don't need another trying to get my attention. It was installed without my permission, and I don't see how it could have piggy backed on anything because I have not installed any new programs lately. It does not have an uninstall option on its menu. I have tried remove using the Windows 10 App/uninstall. Can someone help please?
  3. So is this error which shows in Event Viewer after each EAM update Microsoft's fault?
  4. I ran a scan and with EK and I see 7 varieties of threats, but I can't remove with either delete or quarantine? Help Here is my log file. scan_190109-092825.txt
  5. Win 10 build 9144. As part of some troubleshooting I uninstalled 9144 and selected for EAM to remove the everything option. It leaves a Program Folder in C drive with quarantine in it. Surely if I select to remove everything (all folders etc) it should do just that?
  6. I'm on the Beta feed. EAM just 'updated' but it's installed 2018.11.0.9073 when before that I was running 2018.12.1.9144. Why? See logs screenshot at: EAM update that isn't.jpg?dl=0
  7. I just can't find/get rid of this software (Go.MennyThanks, or AAMennyThanks)), that was secretly installed on my computer. I'd prefer not having to buy more malware software. Can anyone help me? Thanks. Bob
  8. Pity it wasn't posted here as well.
  9. I wish you and you beloved ones and family a Merry Christmas, have a peaceful and happy time. Cheers
  10. Win 10 1809. Auto update went through okay. No issues so far. I see on the main page of the GUI it's already 2019 !!
  11. The first time (in a Windows session) that I click on any of the four main panels on the EAM gui overview screen (Protection, Scan & Clean, Logs or Settings), it takes several seconds to open the relevant screen, and sometimes it doesn't open it at all.
  12. Win 10 build 1809 with yesterday's 3 Windows updates installed. Fast start disabled. Noticed this in logs at shutdown and startup. Not seen that before.
  13. Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually executing functions that are part of a malicious dll file. Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively. One is located in C:\Windows\System32\rundll32.exe Another one is in C:\Windows\SysWOW64\rundll32.exe Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot. I scanned my computer with Emsisoft while they were runnng. The scan result attached. I ran FRABAR scan. FRST nad Addition scans attached. I also ran cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached. Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to. I don't even click on links that I send to myself not to mention some attachments coming in an email. My browser security settings don't have even one weak cipher siute and they are all with forward secrecy, My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config strengthened security settings. I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now. Should I be worried about these two rundll32.exe? EEK SCAN.txt FRST.txt Addition.txt
  14. Win 10 Pro 64bit. using 9069 Disabled Behaviour Blocker via right-click Protection Status..Disable Behaviour Blocker option on EAM taskbar icon. (Obviously Anti Ransomware got disabled as well) After about 30 seconds I enabled it again via taskar icon. The Windows Security Center now has a red cross on it and says actions are needed. EAM says I am only partially protected despite all options being on and taskbar icon is green. Logs attached plus screenies. Screenie of Forensics show timeline of events. a2start_20181202044432(1748).zip
  15. Please see here
  16. Auto updated okay on Win 10. Are there supposed to be different colours here?
  17. I was getting this some time back and don't know how it got solved. Now it's back. Emsisoft scan finds it, I quarantine it and the next time E scans it's back again. Over and over. I just ran EEK and the item in question was not found. But that is probably because I had just finished a scan which found it and quarantined it. scan_181118-225318.txt FRST.txt Addition.txt
  18. I think I have an infection and would like guided help to remove. Please see attached as requested and let me know the next steps. Thank you in advance emergency scan 181113-174933.txt
  19. HP EnVY TS 17 Notbook PC Has an I7 4700 processor and 16 GB ram. This machine should be running real fast. However it seems to be really slow. After running a full clean up using Techsuite (which includes EMSI soft removal tools) I was ready to give it back to the client..AFter a reboot it started running real slow again. I ran the techsuite software again and removed 17 new items. The only thing the machine had done was site idle on the internet. Attached is the EEK report. The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home) Thanks, scan_181029-172340.txt
  20. The first hours with 2018.10.1.9026 show improvement with connection issue. The next 48h will show if all kind of issues around network connections have been fixed with this beta. So far it looks like a big improvement.
  21. Updated smoothly. I see you've made changes to grid columns. In my forensic log, the 'handles' for altering column width are almost invisible on the column headers, because the handles are white and the surrounding column title background areas are pale grey. Really it's easier to find them by drifting the mouse across where they should be and waiting for the pointer to change. Ironically the handles (or at least column separators) are much easier to see if one highlights a row; then the highlighted text is shown in black on blue and the separator is (still) white, but of course not draggable... but at least you know where the handles should be above that (if eg you highlighted row 1). Resizing the window horizontally occasionally leaves the 'Clear' button outwith the display area, albeit adding a horizontal scroll bar. It's not easy to tell which changes will add the scroll bar and which will just redraw the whole window in a smaller area. When I first started experimenting I couldn't drag the 'Component' column wide enough to see the whole of a "User <machinename>\<username>" value. It's as if there's minimum widths for other columns that limit how big one column can be dragged if the other columns are already at their narrowest settings. Later on, after having dragged the window to its full width then narrowed it again, I was able to make the 'Component' column wide enough.
  22. Upgraded ok... W8.1 64-bit laptop screen res is 900 x 1600 But display of the log is worse. If I drag the log window as wide as possible, then drag it narrower, a horizontal scroll bar appears (though how wide it is has varied in my experiments - sometimes when the window is maybe 2/3 of its full width, the scroll bar is about 95% of the smaller window's width, implying it cannot be scrolled sideways very much). Once a scrollbar is presented, actually dragging the bar sideways shows that the full display is no longer accessible. That is I'm seeing truncation of the rhs of what was previously displayed in the max-width window. I've also had the scroll-bar mysteriously vanish from the display while the window is much smaller than full-width.
  23. Win 10 1809 EAM 9018 After boot (fast start disabled) accessing the BB window I had to drag down the little pull down thing to show all items in list. However the window would not show all items until I had clicked in it.
  24. Why does my Windows 10 registry have strange characters ? Are they dangerous? Can I delete them? Computer\HKEY_CURRENT_USER\꿸๧饸๧鞀๧_ Computer\HKEY_CURRENT_USER\ Є뭔烐厡Ʋo Computer\HKEY_CURRENT_USER\†Ѐ䘭ᇈ Computer\HKEY_CURRENT_USER\* Computer\HKEY_CURRENT_USER\;