Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. Last night my Win 8.1 64 bit system had a BSOD stop code 0x000000d1 ie "DRIVER_IRQL_NOT_LESS_OR_EQUAL" apparently in tcpip.sys At the time I wasn't consciously doing anything internet-ish though I did have browser tabs open. There's no obvious reason to blame EAM, except that I know there's maybe an ongoing problem in this area. I have a full 8 GB dump from this. Do you want it?
  2. Here are the files of my scan i did. I let my brother on my Laptop for a week. And when i saw some files where deleted. I was on the hunt for a fix i hope you guys can look at the log files. scan_200713-090949.txt Addition.txt FRST.txt
  3. GOOD EVENING TO YOU ALL. I'm in a real emergency; is from about one week to 7 DELL computers (Windows 10) even though the network connection (ping OK) can not browse the network and surf the Internet. When I use the Chrome browser comes to me the word "creation of a network protected under way ..." and does not allow me to navigate. What may have happened ? thanks for any help you can give me.
  4. I went for quite a few years without any antivirus software on my old Dell Inspiron 1545 computer. I used CCleaner and Spybot to manually maintain my computer. When I finally bought the upgraded version of CCleaner, I told them, in an after-purchase survey, this same story. It wasn't but a few hours after this interaction that my computer went offline and my connection was unavailable. After searching for a solution for several days on my cellphone, I discovered Emsisoft. I used an older version of EEK in my computer's files (from Dec. 2015 - the updates were 1517 days old) After the scan I discovered four infected files. Two Trojans and two Variants that I quarantined, but I'm sure its not effective enough. I would like to know about a USB connected solution. Thank you - jef
  5. My PC was infected by the trojan "Grand Prix2", which was shown as a "hidden file - Grand Prix2" when I power off the computer. What steps should I take to remove this threat and clean my PC? Thanks. Albert
  6. I have 5 eicar test files I use in my scans. I have report only selected. If I right-click on one of the files in the scan results and select 'invert' it de-selects it. It seems a very strange word to use for that action.
  7. Win 10 2004 build 10275. With EAM GUI window open, the minimize window does not work for me at the moment. The close button works, and the expand button works. Clicking on the minimize button does absolutely nothing. It is dead.
  8. Win 10 2004 after auto update. Can I ask what the hotfix was for, and if there were any interesting tweaks please. (Resetting counters and logs still gives the same info in Forensics, so I guess this will be altered at a later date)
  9. Win 10 2004 updated to new beta via manual updates. All seems okay so far. So a2start will still show the 0..1..2..0..1 in task manager CPU details? It took a little while to start protection after update.
  10. Hi i know you advised that Malwarebytes and emsisoft dont get along now but ive still been using it, but i notice now certain programs not starting including iexplore Malwarebytes has found, malware removed and a pup but its a program after downloading i scanned and it came up clean, it seems trying to uninstall the program my problems started Can you run me through the process of removing malware, as although ive run a deep scan many times nothing is showing but my PC is not happy with something, im running a vpn also Many thanks Haydn PS - this link advertises the software i installed https://www.digitalcitizen.life/best-free-alternatives-task-manager-windows and i couldnt remove it so i installed software from this site https://www.iobit.com/en/advanceduninstaller.php both appear to be infections, these arnt links to the actual downloads regards Haydn O appologies if i wrote this in the wrong section
  11. Hi, I am using a Windows 8.1 64Bit OS. A few days ago my antivirus AVAST detected a rootkit C:\Windows\System32\Drivers\Wdf45726.sys Every time I delete this file manually or thru AVAST it comes back after reboot. Avast does not allow me to Quarantine this file. I am unable to rename this file as i get "Access Denied" error even in Safe Mode and Logged on as Administrator. I have used Adaware and Malwarebytes which found some more potential Trojans etc which I was able to remove easily except this one. I ran EMISoft Emergency Kit and it too detected this. Regards, Sam Addition.txt FRST.txt scan_200615-115023.txt
  12. I wasn't able to neither quarantine nor delete a malware detected in a system essential file. So please suggest me a way to safely remove this infection.
  13. As we improved WSC integration in v2020.6, could one of you test on a 32 bit OS an check if EAM is registered in WSC after update to beta please note that it can take a few minutes till Windows starts WSC, Thanks
  14. Win 8.1 64 bit I can't remember what a2start's memory use normally is, but right now mine has (according to Process Hacker) a "Private Bytes" value of 1.43 GB and a /working set/ of 1.38 GB. A custom scan (which looked at 1.4m objects) finished about an hour and a quarter ago; that ran with debug-logging on. Debug-logging has been disabled and re-enabled since then, without affecting a2start's memory use. I understand that this working set is only /virtual storage/ but commited pages still have to be backed in either RAM or the page file. I've 8 GB RAM and just over 8 GB of pagefile, so about 16.1 GB is the maximum amount of commitable vs ... and on that basis 1.38 GB doesn't seem like a vast amount - about 8.6% of the system's overall maximum. But it's still the largest WS of any application on the system by a huge margin.
  15. Win 8.1, 64 bit. Unfortunately debug logging was not on, after yesterday's experiments. I used the GUI to try to start a custom scan, loaded predefined scan settings, and clicked NEXT. Immediately got a "Emsisoft Security Centre has stopped working" pane, [with the usual misleading info that Windows is going to phone a friend and see if they can fix it (which has never ever worked for anything as far as I know)]. I was not offered a chance to send a dump to Emsisoft. Windows did save a small crash dump - I'll PM its location to @Frank H Event log has: Log Name: Application Source: Application Error Date: 30/05/2020 11:09:24 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: SAMSUNG-NP350 Description: Faulting application name: a2start.exe, version: 2020.6.0.10204, time stamp: 0x5ecea8fc Faulting module name: unknown, version:, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000005410fd8 Faulting process ID: 0x1ea0 Faulting application start time: 0x01d635bb1682db2e Faulting application path: C:\Program Files\Emsisoft Internet Security\a2start.exe Faulting module path: unknown Report ID: a2cdc279-a25d-11ea-822f-50b7c3e8a12a Faulting package full name: Faulting package-relative application ID: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2020-05-30T10:09:24.000000000Z" /> <EventRecordID>250243</EventRecordID> <Channel>Application</Channel> <Computer>SAMSUNG-NP350</Computer> <Security /> </System> <EventData> <Data>a2start.exe</Data> <Data>2020.6.0.10204</Data> <Data>5ecea8fc</Data> <Data>unknown</Data> <Data></Data> <Data>00000000</Data> <Data>c0000005</Data> <Data>0000000005410fd8</Data> <Data>1ea0</Data> <Data>01d635bb1682db2e</Data> <Data>C:\Program Files\Emsisoft Internet Security\a2start.exe</Data> <Data>unknown</Data> <Data>a2cdc279-a25d-11ea-822f-50b7c3e8a12a</Data> <Data> </Data> <Data> </Data> </EventData> </Event>
  16. Win 8.1 64 bit The logs display is completely empty. (I have 'all components' set, and the filter field has no contents not even spaces.)
  17. You may or may not remember Frank I have always had very low figure showing in taskmanager details for all the 3 Emsi things. Since you 'fixed' the a2start thing in this new beta my a2start CPU moves between 1-2-and 3% constantly. I also cannot get memory usage down to previous levels. Plus the processes window jumps all the time because of a2start. What did you change that could have had this affect on my machine? I know it is not a high CPU etc, but I've never had it before.
  18. Well the browser addon notification works.
  19. Problem #1: I am being inundated with adds that I am unable to close. Many of them take up a good deal of screen real estate making content difficult to read. They are identifiable by a small blue triangle with the word "AdChoices" next to it. When I click on "X" to close the ad ... the ad is replaced by the text "Ads by Google ... Report this ad ... Why this ad?". A few seconds later this is replaced by another ad. Problem #2: uBlock Origin is blocking zero items on every webpage I visit. Problem #3: On Amazon.com ... when reading a page describing an item to buy ... and when the mouse pointer is in the top left half of the page where product images are ... the mouse pointer drags around a blue cross hatched rectangle that magnifies everything. The magnified image is large and located on the right side of the mouse and blocks out almost all text. While investigating the problem prior to this post EAM detected and quarantined JS:Trojan.Cryxos.3758(B) ... I don't know if it is related. Quarantining it didn't fix the problems described above. Specs: Windows 10 v1909, FireFox v76.0.1 (64 bit) EEK and FRST reports are attached So ... I need help! Thanks! KenB Addition_25-05-2020 21.37.18.txt scan_200525-212939.txt FRST_25-05-2020 21.37.18.txt
  20. Win 10 via manual update from previous beta. All seems ok (scans etc)
  21. Update went well and all seems ok. Did you know Frank that if you forget a scan is running in tray, and you do a context menu sca, the cursor freezes a bit while it has a think and then just carries on as if you hadn't asked it to do that 😀
  22. hi all, i need to uninstall ad-aware, and i have bugs & malwares installed on all my comodo virtual desktops: the containment & the secure shopping, which makes impossibility to make online shopping bugs & malwares in the infected virtual desktop of containment (comodo sandbox)--: -reimage -yara editor trial -diffview trial -techtoolstore->privazer -tuneup360 -audio/video to exe -registry first aid -smart privacy cleaner -if/when i try again to reinstall the virtual desktop of comodo sandbox: impossible->error of installation of microsoft siverlight and the bugs & infections installed in the virtual desktop of comodo secure shopping: -pchelpsoft pc cleaner -spyhunter -radiorage en page d'accueil -systools pdf bates numberer -wondershare 1-click pc care internet problem on galaxy book pc, the icon of livebox wifi displays connected/connexion ok, but if i come on/go to various internet browsers i have error of connexion at every web sites the UVK & UAK logs here: https://www.cjoint.com/c/JDyoYfZB2Gn https://www.cjoint.com/c/JDyoZEceaUn Thanks... uak rapport.txt Ultra Virus Killer Report.htm
  23. Hi. so i have a problem started this morning, a strange error keep popping up on the startup i will attach a screenshot of it and the name of the file causing the error is Win32 Cabinet Self-Extractor, not sure if i got kind of virus or its just windows itself kidding me. scan_200423-233248.txt FRST.txt Addition.txt
  24. Updated manually on Win 10 1909. Whenever I do a right-click scan with EAM on something on my desktop for example, a separate entry for a2start appears in the logs folder (ProgramData) Why is that? If I have a folder and do a context menu scan on it, it automatically gets stored in the custom scan settings and will stay there until I do another context menu scan on a different item. It will then replace the previous item in the custom scan settings. Why is that? I do understand that context menu and custom scans are the same, but right-click scan with EAM tend to be one offs, and so I don't see why they should be stored as a custom scan entry in the GUI.
  25. Hi There! In the interest of keeping this short and to the point, I believe I have some sort of persistent malware / rootkit / keylogger, which apparently, is able to survive a clean format and installation of Windows 10. Right now, I have a relatively clean installation (as far as I can ascertain) of Windows 10 Home 64bt, along with some minimal software: Chromium based Edge Browser Office 365 OneDrive Windows Defender I've attached the Emsisoft Rescue Kit and Farbar Recovery Scan logs per the instructions. --- Below is the, not so short, possibly irrelevant details about what was happening prior to the current configuration... I've been dealing with a stalker situation offline. Specifically, my upstairs neighbor. That along with some curious behavior from my laptop, led me to suspect malware. Additionally, I live in a city with an unusually robust community of hackers. There are over a dozen of hacking/coding/security boot camps within a 1 mile radius of where I live. It is not out of the realm of possibility here, as it might be elsewhere. I've also observed various fishy incidents: For instance, in one such incident, Windows Update, one day, notified me of a keyboard driver update, all of a sudden out of nowhere. When I went to verify these drivers with the manufacturer, there were no such drivers. (When I reinstalled Windows, as noted above, and updated all drivers, this same driver wasn't offered again.) When I initiated a support chat with Microsoft, the support technician directed me to a shady non-Microsoft site to get more information about this driver. It could just be Microsoft being cheap and hiring inexperienced support people, but it was extremely strange, and immediately set off alarm bells in my head. (I have screenshots of this incident if you would like to see. ) A terminal window starting popping up on every startup, apparently running some script, before quickly closing My BIOS admin/user password along with the startup lock disappeared all by itself Various suspicious Wi-Fi networks probing the area, and repeated disconnections, as might happen during a deauthorization attack. All this leading me to use ethernet instead instead of Wi-Fi. Numerous other incidents, which in retrospect were extremely suspicious and should have set off alarm bells. Before reinstalling Windows 10 from scratch*, for the final time, the following security software was installed on another clean installation of Windows 10: Sophos AV novirusthanks OS Armor Voodoo Shield malwarebytes Windows Firewall Control This resulted in a weird Windows "black screen of death" crash: Logon was normal Post Logon was greeted with a black screen showing only my mouse cursor, that's all (almost as if a remote desktop session had been initiated, but this is Windows 10 Home and I had disabled all remote access... CTRL+ALT+DEL did not work SHIFT + Power Button also didn't work Safe Mode Threw Errors when I tried to restore to an earlier restore point I consider myself relatively computer savvy, so yes, you can assume I tried all the usual tricks to boot into Windows, nothing worked. I did this a couple of times, installing only Sophos, or only OS Armor and VooDoo shield. They all ended with this black screen of death after an initial period of working. So I'm thinking, maybe those security programs set off some sort self-defense mechanism? So I started from scratch* and came here for help to see if perhaps I am missing something. I did notice in the Farbar logs something about a modified boot sector, but I'll leave the analysis to you... * Well, I started from scratch as much as I could. Normally, in this situation, I would have removed the drive entirely and attached it to another computer running Linux or something, and done full format, making sure I had overwritten everything, unfortunately, on this laptop, the main drive is an NVMe SSD located in a very difficult area to reach. Instead, in this case, I tried to overwrite everything using the Windows installation software on a USB stick I had made for me from a Microsoft Store in town. Addition.txt FRST.txt scan_200419-184855.txt
  • Who's Online   0 Members, 0 Anonymous, 53 Guests (See full list)

    • There are no registered users currently online
  • Create New...