Search the Community

Showing results for tags 'Closed'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Found 833 results

  1. Win 10 1809. Auto update went through okay. No issues so far. I see on the main page of the GUI it's already 2019 !!
  2. The first time (in a Windows session) that I click on any of the four main panels on the EAM gui overview screen (Protection, Scan & Clean, Logs or Settings), it takes several seconds to open the relevant screen, and sometimes it doesn't open it at all.
  3. Win 10 build 1809 with yesterday's 3 Windows updates installed. Fast start disabled. Noticed this in logs at shutdown and startup. Not seen that before.
  4. Dear Experts, I was wondering if my computer might be infected or maybe I'm just paranoid. Although nothing seems to be out of the ordinary, please tell me I'm just paranoid here on this. I've heard about dll injection when malware authors have been exploiting Windows dynamic library where executables access the library and share the memory space, with a malicious dll beieng injected into a legitimate process. Then we won't then see a malicious process runing in memory there because it's a legitimate executable that could very well be an essential Windows operating system process but carrying out the malicious activities because it's actually executing functions that are part of a malicious dll file. Because I have Windows 10 Pro 64-bit(Version 1809 17763.134) (X64) there are obviously two rundll32.exe for calling different programs respectively. One is located in C:\Windows\System32\rundll32.exe Another one is in C:\Windows\SysWOW64\rundll32.exe Sometimes when I turn on my computer I see them both ( I guess) starting up with Windows, and sometimes they don't start up with Windows. Today for example they started up again. See attached Task Manager screenshot. I scanned my computer with Emsisoft while they were runnng. The scan result attached. I ran FRABAR scan. FRST nad Addition scans attached. I also ran cmd command (tasklist /m /fi "IMAGENAME eq rundll32.exe") to identify loaded DLLs in these running rundll32.exe,. Screenshot attached. Am I paranoid? My browsing habbits are pretty rigorous. I don't visit suspicious websites, I don't download literally anyting unless I have to. I don't even click on links that I send to myself not to mention some attachments coming in an email. My browser security settings don't have even one weak cipher siute and they are all with forward secrecy, My browser user agent only supports TLS 1.2 and obviously 1.3 and it's immune to logjam, freak and poodle attacks with a bunch other firefox about:config strengthened security settings. I know I'm probably a very sick individual in terms of this hyphened sense of security but that the way it is now. Should I be worried about these two rundll32.exe? EEK SCAN.txt FRST.txt Addition.txt
  5. Win 10 Pro 64bit. using 9069 Disabled Behaviour Blocker via right-click Protection Status..Disable Behaviour Blocker option on EAM taskbar icon. (Obviously Anti Ransomware got disabled as well) After about 30 seconds I enabled it again via taskar icon. The Windows Security Center now has a red cross on it and says actions are needed. EAM says I am only partially protected despite all options being on and taskbar icon is green. Logs attached plus screenies. Screenie of Forensics show timeline of events. a2start_20181202044432(1748).zip
  6. Please see here
  7. Auto updated okay on Win 10. Are there supposed to be different colours here?
  8. I was getting this some time back and don't know how it got solved. Now it's back. Emsisoft scan finds it, I quarantine it and the next time E scans it's back again. Over and over. I just ran EEK and the item in question was not found. But that is probably because I had just finished a scan which found it and quarantined it. scan_181118-225318.txt FRST.txt Addition.txt
  9. I think I have an infection and would like guided help to remove. Please see attached as requested and let me know the next steps. Thank you in advance emergency scan 181113-174933.txt
  10. HP EnVY TS 17 Notbook PC Has an I7 4700 processor and 16 GB ram. This machine should be running real fast. However it seems to be really slow. After running a full clean up using Techsuite (which includes EMSI soft removal tools) I was ready to give it back to the client..AFter a reboot it started running real slow again. I ran the techsuite software again and removed 17 new items. The only thing the machine had done was site idle on the internet. Attached is the EEK report. The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home) Thanks, scan_181029-172340.txt
  11. The first hours with 2018.10.1.9026 show improvement with connection issue. The next 48h will show if all kind of issues around network connections have been fixed with this beta. So far it looks like a big improvement.
  12. Updated smoothly. I see you've made changes to grid columns. In my forensic log, the 'handles' for altering column width are almost invisible on the column headers, because the handles are white and the surrounding column title background areas are pale grey. Really it's easier to find them by drifting the mouse across where they should be and waiting for the pointer to change. Ironically the handles (or at least column separators) are much easier to see if one highlights a row; then the highlighted text is shown in black on blue and the separator is (still) white, but of course not draggable... but at least you know where the handles should be above that (if eg you highlighted row 1). Resizing the window horizontally occasionally leaves the 'Clear' button outwith the display area, albeit adding a horizontal scroll bar. It's not easy to tell which changes will add the scroll bar and which will just redraw the whole window in a smaller area. When I first started experimenting I couldn't drag the 'Component' column wide enough to see the whole of a "User <machinename>\<username>" value. It's as if there's minimum widths for other columns that limit how big one column can be dragged if the other columns are already at their narrowest settings. Later on, after having dragged the window to its full width then narrowed it again, I was able to make the 'Component' column wide enough.
  13. Upgraded ok... W8.1 64-bit laptop screen res is 900 x 1600 But display of the log is worse. If I drag the log window as wide as possible, then drag it narrower, a horizontal scroll bar appears (though how wide it is has varied in my experiments - sometimes when the window is maybe 2/3 of its full width, the scroll bar is about 95% of the smaller window's width, implying it cannot be scrolled sideways very much). Once a scrollbar is presented, actually dragging the bar sideways shows that the full display is no longer accessible. That is I'm seeing truncation of the rhs of what was previously displayed in the max-width window. I've also had the scroll-bar mysteriously vanish from the display while the window is much smaller than full-width.
  14. Win 10 1809 EAM 9018 After boot (fast start disabled) accessing the BB window I had to drag down the little pull down thing to show all items in list. However the window would not show all items until I had clicked in it.
  15. Why does my Windows 10 registry have strange characters ? Are they dangerous? Can I delete them? Computer\HKEY_CURRENT_USER\꿸๧饸๧鞀๧_ Computer\HKEY_CURRENT_USER\ Є뭔烐厡Ʋo Computer\HKEY_CURRENT_USER\†Ѐ䘭ᇈ Computer\HKEY_CURRENT_USER\* Computer\HKEY_CURRENT_USER\;
  16. Hi Gays. Emsisoft hat ein Virus im Win-10 gefunden. Wie kann man entfernen (remove)? Bitte hilfe mir. Thanks all.
  17. Guys, what are the usual signs that your unit is infected?
  18. Windows 10 1809, EAM 8988 Each morning after boot and a cup of tea I open EAM logs and highlight the update line which says ''downloaded and installed 67 files in 45 seconds'' (example number) and select the View Details button. This morning there was no info there at all. I tried again. Then I tried from the logs icon on left side of GUI. Then suddenly they were all there. This has not happened before. I have attached debug logs where I noticed round 5.04 am there were quite a few of these in a2start logs. 05:04:02.611 6700 Warning: name "components[]" is not only name of "LogsPage.html" 05:04:02.611 6700 Warning: name "components[]" is not only name of "LogsPage.html" 05:04:02.611 6700 Warning: name "components[]" is not only name of "LogsPage.html" and some odd looking events in the a2service logs at the same time. a2start_20181025044852(3200).zip
  20. Do we still have some beta testers ??
  21. Since yesterday, my PC has been infected with the virus mentioned in the title of the topic, according to Windows Defender. I deleted a couple of programs that were installed along with the virus but after a couple of restarts, command prompts and unknown programs seem to start along with Windows. In addition, there is a bunch of exclusions for certain programs in folders with made up names that Windows Defender is unable to scan. I never excluded those folders myself. What is more, these said folders are located in the Program Files (x86), ProgramData, AppData\Local\Temp, WINDOWS\Temp folders of my PC. I refrain from logging in in various sites and apps I used to, at least without creating a new password, since I'm terrified that my personal data will be compromised through the malicious program. I do not know whether they've already been compromised or the worst is yet to come. I will stand by, waiting for further instructions as to how to proceed on the matter. Thank you in advance. scan_181011-012112.txt Addition.txt FRST.txt
  22. It was probably asked before but anyway.... In older versions we could auto adjust column width by double clicking on separators. This is not possible any more and it requires lots of time and nerves to adjust them properly. Any chance of bringing this functionality back?
  23. Windows 10 1809 - EAM 8988 Frank if I go to BB and select ''add application rule'' browse to notepad.exe, select it and choose blocked, I can still open notepad. When I do open notepad I get 2 entries in BB list one listed as monitored, and one listed as blocked See screenshot. (Also why does it say n/a when you go to add an application rule?)
  24. Bonjour pouvez vous m'aider je n'arrive pas à supprimer un logiciel malveillant ,quand je le supprime il reviens toujours merci
  • Who's Online   0 Members, 0 Anonymous, 79 Guests (See full list)

    There are no registered users currently online