ohollenbeck

Trouble removing or Quarantining

Recommended Posts

I've gotten 2 Trace registry hits on every scan since I installed EAM 2 days ago.

 

They are Trace Registry hits.

 

When I try to remove or quarantine, EAM starts a small screen showing that it's working, then it stops without any messages, and nothing has changed.

 

So I can't quarantine or remove these two hits, "Trace.Registry.EZ Game Cheats (A)", and "Trace.Registry.Freeze (A)"

 

 

Am I doing something wrong?

 

Can anyone point me to a solution, I'd like to get rid of these hits asap...

 

TANX...

Share this post


Link to post
Share on other sites

I would need the scan log to be certain, however I suspect that the issue is a known problem with how the scanner handles the differences between 32-bit and 64-bit registry entries. Since the part of Emsisoft Anti-Malware that deletes threats (the "Cleaning Engine") handles them differently, there are times when they will not be deleted. Our developers are working on this issue, and hopefully will have it fixed soon.

For now, I'll need for you to post the scan log for me so that I can take a look at the detections that aren't being deleted, and then we can use another program to get rid of them.

Here are instructions for posting the scan log:

  • Open Emsisoft Anti-Malware.
  • Click on Logs in the menu on the left.
  • Go to the Scan tab (it may take a minute for the list of scan logs to load).
  • Select the scan log from the list.
  • Click on the View details button to open the log.
  • Click on File and then Save As to save it on your desktop.
  • Attach the scan log you saved on your desktop to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.

Share this post


Link to post
Share on other sites

OK, this is definitely the 64-bit issue. I'll just write a script for OTL that will delete those registry entries (if you need to, you may download OTL from this link), and here are the instructions for running OTL with the script:

  • Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  • After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Share this post


Link to post
Share on other sites

Here it is, there were a few errors while running OTL after reboot, (screen shot attached).  but when they cleared OTL finished and created the log file you want to see.

 

 

 

 

Share this post


Link to post
Share on other sites

The log doesn't look bad. Are you still seeing those detections when you run a scan?

Share this post


Link to post
Share on other sites

The log doesn't look bad. Are you still seeing those detections when you run a scan?

 

No, evidently OTL using your copy & paste instructions did the trick, the last scan came up clean.

 

Thanks for the help and have a great week-end...

Share this post


Link to post
Share on other sites

You're quite welcome.

Just for the sake of completeness, I'm going to leave a copy of my "final instructions" below, and then close this topic. Even if your computer was not seriously infected, they are still good steps to follow. ;)

Please note that if you need any further assistance, just send me a Private Message, and I will be happy to unlock this topic.

1. Make Sure Java is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Uninstall a program.
  • Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed.
  • Click on this link and download and install the latest Java (the Windows Online download will be faster).

2. Make Sure Adobe Flash is Updated:

  • Click on this link and download the latest version of Adobe Flash Player for your web browser.
  • You will need to close your web browser when installing Flash.

3. Make Sure Adobe Acrobat Reader is Updated:

  • Click on the Start button.
  • Click on Control Panel.
  • Click Uninstall a program.
  • Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it).
  • Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader.

(please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader)

4. Make Sure Your Computer Has The Latest Windows Updates:

  • Click on the Start button.
  • Go to All Programs.
  • Click on Windows Update.
  • Click Check for updates in the menu on the left (should be near the top).
  • Once it is done checking for updates, click the Install updates button on the right.
  • Make sure that if your computer wants to restart after the updates are done, that you allow it so.

5. Web Of Trust Extension:

While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database.

6. Empty The System Restore:

  • Click on the Start button.
  • Right-click on Computer
  • Select Properties from the list.
  • In the window that pops up, click on the System protection link in the menu on the left.
  • The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button.
  • Click the button near the bottom-right that says Delete to clear all System Restore data.
  • Once finished, click OK to close that window.
  • Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point.
  • Fill in a name for the restore point, and click the Create button.
  • Once it is done, you can close the windows that were opened to get to the System Restore settings.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.