Jump to content

Search the Community

Showing results for tags 'Closed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Malware Research Center
    • Help, my files are encrypted!
    • Help, my PC is infected!
    • Malware and Computer Security
    • Malware submissions
  • Company & Products
    • Customer Support
    • Beta Community
    • False positives
    • Emsisoft News
  • Other Languages
    • German Support - Deutscher Support
  • Private Zone

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







  1. My Desktop icons and taskbar periodically just disappear, leaving only my wallpaper image visible. The only way I have found to recover (without a power-off/on hard boot) is to bring up Task Manager and log off, then log back on at which point my Desktop is restored. "Windows Explorer has Stopped Working" keeps popping up in mid-session, the only recovery option being to Restart Windows Explorer, thereby losing whatever I had been working on. I have run sfc /scannow to see if any Windows files were corrupt, but it reports no problems found. The only common factor I can find in the various "solutions" found on various sites for both of these issues is Malware, so here I am, on bended knee- "Help me, Obi-Wan Kenobi, you're my only hope!" Logs are attached, please help. Thanks. Addition.txt FRST.txt scan_200417-182828.txt
  2. Hi. so i have a problem started this morning, a strange error keep popping up on the startup i will attach a screenshot of it and the name of the file causing the error is Win32 Cabinet Self-Extractor, not sure if i got kind of virus or its just windows itself kidding me. scan_200423-233248.txt FRST.txt Addition.txt
  3. Hi There! In the interest of keeping this short and to the point, I believe I have some sort of persistent malware / rootkit / keylogger, which apparently, is able to survive a clean format and installation of Windows 10. Right now, I have a relatively clean installation (as far as I can ascertain) of Windows 10 Home 64bt, along with some minimal software: Chromium based Edge Browser Office 365 OneDrive Windows Defender I've attached the Emsisoft Rescue Kit and Farbar Recovery Scan logs per the instructions. --- Below is the, not so short, possibly irrelevant details about what was happening prior to the current configuration... I've been dealing with a stalker situation offline. Specifically, my upstairs neighbor. That along with some curious behavior from my laptop, led me to suspect malware. Additionally, I live in a city with an unusually robust community of hackers. There are over a dozen of hacking/coding/security boot camps within a 1 mile radius of where I live. It is not out of the realm of possibility here, as it might be elsewhere. I've also observed various fishy incidents: For instance, in one such incident, Windows Update, one day, notified me of a keyboard driver update, all of a sudden out of nowhere. When I went to verify these drivers with the manufacturer, there were no such drivers. (When I reinstalled Windows, as noted above, and updated all drivers, this same driver wasn't offered again.) When I initiated a support chat with Microsoft, the support technician directed me to a shady non-Microsoft site to get more information about this driver. It could just be Microsoft being cheap and hiring inexperienced support people, but it was extremely strange, and immediately set off alarm bells in my head. (I have screenshots of this incident if you would like to see. ) A terminal window starting popping up on every startup, apparently running some script, before quickly closing My BIOS admin/user password along with the startup lock disappeared all by itself Various suspicious Wi-Fi networks probing the area, and repeated disconnections, as might happen during a deauthorization attack. All this leading me to use ethernet instead instead of Wi-Fi. Numerous other incidents, which in retrospect were extremely suspicious and should have set off alarm bells. Before reinstalling Windows 10 from scratch*, for the final time, the following security software was installed on another clean installation of Windows 10: Sophos AV novirusthanks OS Armor Voodoo Shield malwarebytes Windows Firewall Control This resulted in a weird Windows "black screen of death" crash: Logon was normal Post Logon was greeted with a black screen showing only my mouse cursor, that's all (almost as if a remote desktop session had been initiated, but this is Windows 10 Home and I had disabled all remote access... CTRL+ALT+DEL did not work SHIFT + Power Button also didn't work Safe Mode Threw Errors when I tried to restore to an earlier restore point I consider myself relatively computer savvy, so yes, you can assume I tried all the usual tricks to boot into Windows, nothing worked. I did this a couple of times, installing only Sophos, or only OS Armor and VooDoo shield. They all ended with this black screen of death after an initial period of working. So I'm thinking, maybe those security programs set off some sort self-defense mechanism? So I started from scratch* and came here for help to see if perhaps I am missing something. I did notice in the Farbar logs something about a modified boot sector, but I'll leave the analysis to you... * Well, I started from scratch as much as I could. Normally, in this situation, I would have removed the drive entirely and attached it to another computer running Linux or something, and done full format, making sure I had overwritten everything, unfortunately, on this laptop, the main drive is an NVMe SSD located in a very difficult area to reach. Instead, in this case, I tried to overwrite everything using the Windows installation software on a USB stick I had made for me from a Microsoft Store in town. Addition.txt FRST.txt scan_200419-184855.txt
  4. Win 10 1909 via autoupdater. No issues so far. Took a little while for readings to settle down after beta update but they are fine now.
  5. I ran Emsisoft and received the message that it was unable to remove "C:\Program Files (x86)\IdeaBadaga\IdeaBadaga.exe" I then ran the required 3 tools as your forum requests. I have the 3 files but no idea how to "attach" them here. Any help is appreciated! (This is for my mother-in-law's computer in case the different email matters - hers is ********* KATIE scan_200408-134044.txt Addition.txt FRST.txt
  6. My 23rd day with trouble; Apps don't install, or they crash after a few seconds. Apart from that, the system is 100% stable. No "traditional bluescreen"/system crash. I am far from an expert in many fields, but I have fixed all kind of computer problems myself, since 1983, within a day or two. This time I'm really stuck. Latest: MS Defender now (not shown before) report "HackTool: Win32/AutoKMS, 10.04.2020 17:46 (Active)" - "Start Actions - Hacktool: Win32/keygen ....High". I'm unsure what Defender did about it. I try to follow this : https://malwaretips.com/blogs/remove-hacktool-win32-autokms/ , but MBSetup.exe crash as soon as "Installing" starts. Only the two M.2's installed/connected, Everything I have tried to install the past weeks is licensed software, and/or free software. (Emissoft, EaseUS Todo Backup, EaseUS Partition Master, Macrium Reflect, Faststone image viewer/capture (free, but I have licenses for both) ++ Online scan (F-secure, Eset): Downloading install file OK, but installing (as adimin or not) leads to crash within 5-30 secs, during installation or performing the task. I reboot a lot. Secure boot is set to UEFI, boot manager on M.2 as the only boot option. More info, written earlier today: Many of the installed programs also crash (when I restore old images) Usually Werfault.exe report something like "Instruction ...referred memory at address..... Memory could not be read /...could not be written." All Microsoft programs works OK (Outlook, Excell, Notepad...). Edge, Chrome, Emisosoft, EaseUs Partition Master and some other program work OK. Installers for online scans (Eset, F-secure) crash. EEK crash It doesn't matter if I start anything normally, or as admin. I have also had a lot of these errors WDDMStatus, AliyunWrapExe, NVIDIA Web Helper, AISuite3, SearchProtocolHost, DipAwayMode, acrobat_sl, unins000, epm0, FXC_ProxyProcess ++, but not so many of these lately. I have made several clean install of Windows Pro 10/64. Problems persists. Install image from july 2019. Problems persists. Update Windows. Problems persists. Roll back Windows build 1909. Problems persists. 4 x 16 RAM, Corsair . Have tried 2x16 GB in slot A1/2, or only B1/B2. I have run several memory tests. BIOS, HWInfo and laser thermometer show low temperatures. OCCT stress test OK. HWInfo report CPU 2.2 GHz in "security mode". 3.7 GHz otherwise. I now run with only two M.2's installed. All HDD's USB's are disconnected. ASUS ROG Crosshair Hero VII Wifi (july 2019). Replaced a few days ago with ASUS X570-PRO AMD Ryzen 7 2700x Samsung M.2 (2016) replaced with Samsung M.2 SSD 970 EVO+. Clean install of OS. Problems persist. Update Win, problems persist. Install image from july 2019 (no problems), problems persist. GPU Nvidia GeForce GTX 1660 Ti. Tried both "Gamer-driver" and "Studio-driver". Now unable to reinstall/change driver. I also started a thread at Tom's hardware March 23rd (https://forums.tomshardware.com/threads/lot-of-programs-installers-crash-lot-of-werfault-exe.3584615/#post-21660305 )
  7. Hello, I am trying to help my father with a virus on his computer. Your tool detected the subject trojan and I am following your guide on how to get support for the removal. Please find the attached files requested. Thank you, Stu Addition.txt FRST.txt scan_200406-040502.txt
  8. hi all, i'm back, android emulated on my Windows of my two computers on MEmu are infected by the malicious apps on/of that link: https://www.breakingnews.fr/technologie/supprimez-ces-applications-android-desagreables-qui-peuvent-se-connecter-a-vos-comptes-google-et-facebook-des-maintenant-220819.html which infected the two pc, memu, hijacked and hacked my gmail accounts, because of that infections &bbugs, camtasia/snagit freezes and crash, i have licenses of eset drive security installed on 3 usb disks: -the 4gb Kingston privacy datatraveller vault -the 40GB portableapps datashur -and my winsows to go workspace 64 Gb Kingston workspace with portabilized Windows (my 3RD pc) its partnership with clevx, only eset license i have is drivesecurity, this forums and disinfection here is accepted.possible for eset drivesecurity license detenders ? eset, avg & emsisoft installed have also two bugs on two others devices (ray) : the 64 GB SD Card & the Acer R1 Series Monitor: i have bug on acer r1 series monitor on desktop pc:if/when i turn on the screen it's takes between 10 minutes & 1 hour to turn on the screen (longtime black screen with at certains time a energy star logo) the 64 GB sd infected it's impossible to take with sony cybershot my important video the april 10Th:"database error" my DNS is Comodo TrustConnect THanks...
  9. Via manual updates Win 10 1909 running EAM binary (10100 !!) Can you give a clue as to any of the fixes?
  10. Installed via autoupdates on Win 10 1909. GUI seems to behave a bit better By the way, how many times during a malware scan should it say 'enumerating files' ?
  11. Win 10 1909 with all updates. Updated beta enabled 10048 to 10065 without issue. Did a malware scan and again Defender caught eicar first (debug logs and screenie attached) There is no trace of eicar on machine now even though I selected for Defender to allow it. Can confirm that right-click delete now works on EEK folder using Win10 Downloaded and installed EEK again. I noticed in Forensics that it says ''detect pups has been changed to enabled'' It didn't ask me about that!! Logs.zip
  12. hi all., we are new in the forum of antivirus, if i import videos with camtasia the application freeze, it causes i can't produce and upload in youtube with camtasia in MEmu android emulator on pc a notification "MEmu (rocket cleaner) 99.0 mb" appears repetitively but rocket cleaner is malicious app installed on MEmu whichs causes hacking of Google accounts, the speed clean and G5 Gamebox malicious android apps on MEmu virtual android on windows more info here: https://www.breakingnews.fr/technologie/supprimez-ces-applications-android-desagreables-qui-peuvent-se-connecter-a-vos-comptes-google-et-facebook-des-maintenant-220819.html En bref Dans MEmu tous ça à piraté le pc, camtasia freeze et comme on est français et sur forum antivirus multilingue the traduction i installed google translate: salut à tous., nous sommes nouveaux dans le forum des antivirus, si j'importe des vidéos avec camtasia, le freeze de l'application, ça fait que je ne peux pas produire et télécharger sur youtube avec camtasia dans l'émulateur Android MEmu sur PC, une notification "MEmu (Rocket Cleaner) 99,0 Mo" apparaît de manière répétitive mais Rocket Cleaner est une application malveillante installée sur MEmu, ce qui provoque le piratage des comptes Google, speed clean et G5 Gamebox malveillantes applications android sur MEmu virtual android sur windows Plus d'infos ici: https://www.breakingnews.fr/technologie/supprimez-ces-applications-android-desagreables-qui-peuvent-se-connecter-a-vos-comptes-google-et-facebook-des-maintenant-220819.html [/blue] avanquest uninstalled & thanks/merci...
  13. Win 10 1909 all updates. Autoupdated without issue. Noticed that whenever I choose Settings.... Permissions, it shows Updates as underlined in the GUI. It may correct itself perhaps after a reboot. Just looking around at the moment. What do you mean by 'Setting the Administrator password''? Do you mean that setting wasn't working as expected in some cases?
  14. Hi, My windows 10 PC is infected and I followed your guidelines. I installed emergency kit but was unable to run emergency application as malware prevented it from running. Please find attached three .txt files. Two from Farbar Recovery Scan Tool produced the following logs: FRST.txt Addition.txt And I was able to run rogue killer, log file from that is attached too. Thanks for your help, appreciate. Addition.txt FRST.txt as_B931.tmp.txt
  15. Hi there! My computer is infected. I have rootkit Wdf34078.sys Please help me. I can't delete it. What can I do? My name Gönczi László from Humgary. Thank you, have a good day.
  16. Is there any beta testing being done for IMac computers
  17. I've got a threat called Win32/Packed.VMProtect.ABO I want to know if it's actually harmful or it's the default for the antiviruses to see it as a threat scan_200313-154937.txt Addition.txt FRST.txt
  18. Win 10 1909 Updated to new beta.. no issues with update. 1.....Did a malware scan and something odd happened. EEK always catches my eicar.txt file in downloads. This time it didn't, instead during the EEK scan Windows Defender notified me and I told it to allow it (see screenshot). EEK scan then did not catch the eicar file in the scan. Does it pick up on Defender allowing it? 2..... Why is there a Emsisoft folder in ProgramData? It is called Updates and has only BD definitions listed in there but both files are empty. It does not get deleted with the other things in C\EEK obviously. 3.... When will I be able to use right-click delete on the C\EEK folder without being told it in in use? (I am using new beta 10048) I just tested the deletion and ended up having to use sc delete epp Logs of scan attached plus WD screenie. logs.zip
  19. I updated my 100025 version through the beta updates.. no problem. Did a malware scan with 100032... no problem. Thought I'd check out doing a clean install of 100032 to check license issue fix... problem C/EEK would not delete. First I had deleted shortcut to it from my desktop. Then went to C/EEK right-click delete. It got to a certain point and said it couldn't delete as it was still in use. I did a restart of machine to 'unlock' it. It still wouldn't delete. So I ran Emsiclean and deleted EEK through it and did the requested restart of the machine. After restart C/EEK was still there. So I right-click deleted it again and this time it went. I shall install 100032 as a clean install now and report in another post.
  20. Is there any problem in my computer now after I've restored my data scan_200228-214808.txt FRST.txt Addition.txt
  21. Beta update went in well. I like the way the GUI is now, it's much easier to navigate. I may be wrong, but doing a manual scan seemed to go from 4 of 5 to finish very quickly. On EAM it goes to 5 of 5 and takes a little while there. Not sure what logs would show this, have attached a couple anyway. logs.db3 scan_200226-073709.txt
  22. Win 10 1909 via autoupdates. No problems so far.
  23. I'm seeing focus changes again (as in: https://support.emsisoft.com/topic/30648-window-focus-is-changing-after-dismissing-notification-pane ). Anyone else? It's been happening, I think, for a few days, but I've been quite sleepy, and only just realised it was happening again...
  24. Win 10 1909 9977 installed after an autoupdate. No issues so far.
  25. EEK stable on Win 10 64 bit 1909. When installing and running for first time, the Recommended Reading slide appears and the first date shown is 1/1/1970 Not a big error but I thought I'd let you know.
  • Create New...