leissner

CLOSED My Emsi-Soft will not open on my computer

Recommended Posts

I have Emsi-Soft anti-malware software on my computer with a current license.  I suddenly had a problem where my Microsoft Office products (Outlook, Word, Excel) closed and will not re-open.  I ran my Norton Anti-Virus scan with no problems reported.  I wanted to run an Emsi-Soft scan, but the program does not appear to be working and would not run.  When I tried to go to Emsi-soft.com for support, my browser redirected me to other, unrelated websites.  This led me to conclude I may have a malware problem.  I found and followed the Emsi-Soft emergency kit instructions.  However, the scan log showed no problems or results.  The OTL notepads are attached.  Thank you for your help.

Share this post


Link to post
Share on other sites

Download ComboFix from Link

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

!!! IMPORTANT !!! Save ComboFix to your Desktop

NOTE: ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything left over. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**NOTE: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

NOTE:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Attached is the combo fix log.  I am sending from another computer, because after the affected computer rebooted, nothing, including the internet will open.

 

Check that, after rebooting again, things appear to be working.  Sorry if I missed that step.

Share this post


Link to post
Share on other sites

Sorry, but the exact same original problem reappeared this morning.  Everything was working fine, then suddenly the Microsoft products stopped working again, and Emsi-Soft software "disappeared" again.

 

Should I re-run the Combo-Fix application, or do you have another suggestion?  Thank you.

Share this post


Link to post
Share on other sites

Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.

    tdss1.png

  • Click Change parameters

    settings20121003115955.png

  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    tdss3.png

  • Click on the Start Scan button to begin the scan and wait for it to finish.

    NOTE: Do not use the computer during the scan!

  • During the scan it will look similar to the image below:

    tdss4.jpg

  • When it finishes, you will either see a report that no threats were found like below:

    tdss5.jpg

    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.

  • If any infection or suspected items are found, you will see a window similar to below:

    tdss7.jpg

    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:

    tdss6.jpg

    Reboot immediately if TDSSKiller states that one is needed.

  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach this log to your next reply.

Share this post


Link to post
Share on other sites

Download avz4.zip from here

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: AVZupdate.jpg
  • Click Start to begin the update

    Note: If you receive an error message, chose a different source, then click Start again

  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Analysis
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Share this post


Link to post
Share on other sites

Can you tell me if you have identified my specific problem, and why my Emsi-soft software did not prevent it?

Still hoping to find a solution here.  Thank you.

Share this post


Link to post
Share on other sites

You are running both Norton Anti-Virus and EAM?

One Anti-Virus should be installed, not 2 or more.

Share this post


Link to post
Share on other sites

The Norton is anti-virus, and Emsi-soft is anti-malware.  The firm that designed and built my computer recommended and always uses this combination, and I understand this should create no conflict.

 

Now back to my problem, the Norton continues to function but Emsi-soft does not.  Have you been able to identify the source of my problem thru all of the steps taken thus far?  I'm still in need of a solution and explanation why the EMsi-soft product I have purchased is no longer functioining or working.

 

Thank you.

Share this post


Link to post
Share on other sites

The Norton is anti-virus, and Emsi-soft is anti-malware.  The firm that designed and built my computer recommended and always uses this combination, and I understand this should create no conflict.

The firm that built your computer is wrong. Emsisoft Anti-Malware has 2 engines, one of which is an Anti-virus engine.

Now back to my problem, the Norton continues to function but Emsi-soft does not. Have you been able to identify the source of my problem thru all of the steps taken thus far? I'm still in need of a solution and explanation why the EMsi-soft product I have purchased is no longer functioining or working.

That is what I am attempting to do. There is no malware in your logs. So, therefore something else is the issue. Disable Norton and tell me if EAM will now run.

Share this post


Link to post
Share on other sites

I disabled Norton. 

 

Emsi-soft still does not function, icon disappears from the tray when I try to open it, and same MS Office problem persists.

Share this post


Link to post
Share on other sites

Going back through your logs EAM doesn't appear to be installed. OTL shows a2guard present, but nothing else.

Changing tools.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

Share this post


Link to post
Share on other sites

I'm not sure I understand, are you suggesting I need to repair/reinstall my entire original Windows operating system?

No, I am not. Reread my post.

Share this post


Link to post
Share on other sites

Thank you for your efforts, but I no longer trust your advice.

 

I'll be seeking help elsewhere for my problem. Emsisoft is a bit of a disappointment.

Share this post


Link to post
Share on other sites

Thank you for your efforts, but I no longer trust your advice.

 

I'll be seeking help elsewhere for my problem. Emsisoft is a bit of a disappointment.

That's your prerogative, but you didn't actually read what I posted, did you.

The tool I want you to use is to be ran from the Windows Recovery Environment. The Windows Recovery Environment is not just for repairing/reinstalling Windows.

Share this post


Link to post
Share on other sites

I read your post!  Did you read mine? 

 

I said I didn't understand! I'm not an expert in this, which is why I needed help.  But all you told me was to "re-read" your post.

 

Re-read something I said I didn't understand??  That's helpful!

Share this post


Link to post
Share on other sites

The instructions I gave you are as straight forward and as simply as they can possibly get. There was nothing complicated about what I asked you to do. Several other malware removal forums use the same instructions for running that tool.

Your logs are not showing malware. However, something is responsible for uninstalling EAM. We need to figure out what that is and the best chance of figuring that out is running tools that don't require Windows to be running.

Share this post


Link to post
Share on other sites

leissner, I'll be taking over for Kevin. ;)

Lets get started with a fresh OTL log. Please run OTL by following the instructions below:

  • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  • Please make sure that the OTL.txt file is saved on your desktop, and then attach it to a reply so that we can take a look at it.

Share this post


Link to post
Share on other sites

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

  • Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  • After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Share this post


Link to post
Share on other sites

Okay, this step is complete. 

 

I attached the OTL log, but I also attached another notepad that opened after the computer rebooted, in case that is relevant too.

 

Thank you!

Share this post


Link to post
Share on other sites

Great. Lets try a third-party anti-virus scan just to make sure that we didn't miss anything. Please run an online virus scan through ESET by following the steps below:

  • Turn off your anti-virus software.
  • Click on this link.
  • Click on the ESET Online Scanner button.
  • Put a check in the box that says YES, I accept the Terms of Use.
  • Click the 'Start' button just to the right of the checkbox.
  • Uncheck the box that says Remove found threats (this is very important).
  • Click on Advanced settings.
  • Put a check in the box that says Scan for potentially unsafe applications.
  • Verify that Scan for potentially unwanted applications is also checked.
  • Verify that Enable Anti-Stealth technology is also checked.
  • Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  • When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
  • Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
  • Close the ESET online scan.
I will take a look at the log, and let you know if anything needs removed.

Share this post


Link to post
Share on other sites

OK, that just had three things that could be removed (one of them wasn't actually malicious and another was already in the ComboFix quarantine).

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

  • Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  • After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Share this post


Link to post
Share on other sites

Okay, this step is complete. 

 

I attached the OTL log, but I also attached the other notepad that opened after the computer rebooted, in case that is relevant too.

 

Thank you!

 

Share this post


Link to post
Share on other sites

OK, that looks good. I just want to do one last check, to see if there are some modified registry entries that will need to be repaired. We'll use OTL for this scan, but we're going to paste something into the Custom Scans/Fixes box before we run the scan. Go ahead and lunch OTL, and then copy and paste the contents of the following box into the Custom Scans/Fixes box at the bottom of the OTL window:

HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
Note: If all of that appears on one line after you paste it into OTL, then let me know. Each line in the box should be on its own line in OTL.

After pasting that into the Custom Scans/Fixes box in OTL, go ahead and click the Run Scan button and let it run its scan. When it's done, it will open the OTL log in Notepad, and save it on your desktop for you. Please attach that log to a reply for me to review.

Share this post


Link to post
Share on other sites

That looks good to me.

Here's some final instructions for you:

1. Make Sure Java is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Uninstall a program.
  • Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.
  • Click on this link and download and install the latest Java (the Windows Online download will be faster).

2. Make Sure Adobe Flash is Updated:

  • Click on this link and download the latest version of Adobe Flash Player for your web browser.
  • You will need to close your web browser when installing Flash.

3. Make Sure Adobe Acrobat Reader is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Uninstall a program.
  • Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it).
  • Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

(please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)

4. Make Sure Your Computer Has The Latest Windows Updates:

  • Click on the Start button.
  • Go to All Programs.
  • Click on Windows Update.
  • Click Check for updates in the menu on the left (should be near the top).
  • Once it is done checking for updates, click the Install updates button on the right.
  • Make sure that if your computer wants to restart after the updates are done, that you allow it so.

5. Web Of Trust Extension:

While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.

6. Empty The System Restore:

  • Click on the Start button.
  • Right-click on Computer
  • Select Properties from the list.
  • In the window that pops up, click on the System protection link in the menu on the left.
  • The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button.
  • Click the button near the bottom-right that says Delete to clear all System Restore data.
  • Once finished, click OK to close that window.
  • Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point.
  • Fill in a name for the restore point, and click the Create button.
  • Once it is done, you can close the windows that were opened to get to the System Restore settings.

Share this post


Link to post
Share on other sites

Now that I think about it, Kevin had you run ComboFix, so lets uninstall that as well. Here are the instructions:

  • Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog.
  • Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK
  • ComboFix should take care of the rest.
Feel free to create a new System Restore Point after doing that. ;)

Share this post


Link to post
Share on other sites

All steps complete, with the exception of the ComboFix Uninstall.  It stated it could not find it.

 

However, I completed everything else you suggested and everything appears to be running well again.

 

Thank you so much for all of your help and clear suggestions.  I truly appreciate it!

Share this post


Link to post
Share on other sites

You're quite welcome. ;)

Since everything seems OK, I am going to go ahead and close this topic.

Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.