julio99

detected items won't move to quarantine or delete

Recommended Posts

   After I finish either a custom scan or Threat scan none of the detected items will go to quarantine and they won't delete. I just extracted the emergency kit again to my Flash drive to see if a new one will work. It's the same KIT it just overwrote the older software. I never had a problem like this before it always put stuff in Quarantine, (where ever that is when you use a Flash drive) and where do things go when you delete them when you use this from a flash drive?

Share this post


Link to post
Share on other sites

I am having the same problem. Tried downloading package again but no change. Cannot quarantine or delete. It acts as though it wants to but nothing changes.

Share this post


Link to post
Share on other sites

Very strange indeed. Tried a second scan with same new install and again click quarantine and nothing happens, so I am at a loss till someone in the know or if you find out post and let us know.

Share this post


Link to post
Share on other sites

There were some issues with deleting detected items that were fixed in Emsisoft Anti-Malware, but not all of those fixes have made it into the Emsisoft Emergency Kit yet. If you want to attach the log from the scan to a reply (you can get to the attachment controls by clicking the More Reply Options button to the lower-right of where you type in your reply), then I can write a script for OTL to delete the detections.

Emsisoft Emergency Kit saves its logs in \Run\Reports (so if it's on your C: drive then it would be "C:\EEK\Run\Reports").

Share this post


Link to post
Share on other sites

I did a few stupid things that we'll talk about at a later time. No harm no foul. Here are the logs if that's what you were asking for. Is this going to be fixed soon enough? I run this off a Flash drive so I had to get the logs off of that after searching C:/ EEK for an hour, DUH!!!! What a dummy I am! You told me it was on C IF I was running it on C. I am running it on F like a dumb ass. Live and learn right? If I run this Kit off of a Flash Drive where does the quarantine file reside? I guess what I'm trying to say is do I have to run this off of C:/ ????

 

a2scan_140407-171151.txt

Share this post


Link to post
Share on other sites

The Quarantine folder should be in the 'Run' folder just like the Reports folder was.

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

  • Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:

    OTL_Script.txt

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  • After your computer has restarted, OTL should automatically open a log showing the results of running the script. Please attach that log to a reply. You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Share this post


Link to post
Share on other sites

   OK my friend, I do believe I did everything you asked for correctly. I did want to know if Emsisoft is planning on making their EK scanner and quarantine right anytime soon. Not that hard working guys like you aren't appreciated but it is much simpler to just quarantine and delete at the moment, right. Anyway here is the latest log. Please let me know if it worked out ok. By the way I never used the "Cleanup" button so I hope that wasn't on the list.

 

OTL.Txt 

Share this post


Link to post
Share on other sites

That's a full OTL log, and not a log from running the script. That log should have opened in Notepad after the computer restarted (and the computer should have restarted since the "[EMPTYTEMP]" command was in the script, and that forces a restart). Did you run a scan in OTL after running the script, or did you run a scan instead of running the fix script?

Share this post


Link to post
Share on other sites

OK Reran the scan and did everything over and now I have the Log you asked for (I hope) but here is the problem I see anyway. There are a whole list of errors that say unable to interpret. Does that mean that nothing was quarantined. Remember that I run this off of a Flash Drive. It says right on the app, "To be run on a flash drive". I tried to run it off of my C Drive and it wouldn't work. I have never had so many problems with this since it stopped working normally after whatever changes and I still have yet to see a post, but that doesn't really mean anything because I have been working with you. Try and let me know what to do here if anything. Thanks.

 

04092014_132646.log

04102014_114940.log

04102014_125352.log

Share this post


Link to post
Share on other sites

It looks like you copied the OTL log into OTL rather than the OTL script from my post. ;)

Share this post


Link to post
Share on other sites

   OK tell me how to do this. "Run Scan" The results are a OTL log. You said to paste that into the box at the bottom of the OTL app. Then I run the "Fix" Now you can't start the pc until you open the log and save it from the Fix. My laptop wouldn't restart until I clicked OK and opened the Log from the Fix and saved it. Then I restarted and sent you the log from the Fix. What else am I supposed to do? Is this app ever going to work again or should I just get rid of it? The Emergency Kit I mean.

Share this post


Link to post
Share on other sites

It looks like you copied the OTL log into OTL rather than the OTL script from my post. ;)

It only takes me a few slaps before I get this right. Tried and looked at what I was doing wrong and never thought that your script file was right up my you know what and it 3 days to see it. i downloaded it and placed it in the box ran the fix and here is what came out....................................

04112014_133452.log

Share this post


Link to post
Share on other sites

OK, aside from one registry key and the cookies in Google Chrome, it looks like everything was removed.

Note that you'll see the files that OTL 'deleted' when you scan in a folder named "_OTL" in the root of the C: drive, because OTL saves backup copies of any files it deletes. If you are certain that there is nothing that was removed that you want to restore, then you can delete that folder.

Share this post


Link to post
Share on other sites

OK, aside from one registry key and the cookies in Google Chrome, it looks like everything was removed.

Note that you'll see the files that OTL 'deleted' when you scan in a folder named "_OTL" in the root of the C: drive, because OTL saves backup copies of any files it deletes. If you are certain that there is nothing that was removed that you want to restore, then you can delete that folder.

   I take it that if I choose to use EKS that I will need to use your tool? It seems that your partners there at Emsisoft for some reason refuse to let me know why this tool will not work properly for me. 2 responses this is what they gave me:but for some reason it didn't seem to be able to create its driver that it uses to delete stuff on your computer (or at least that's what it looked like from the OTL log you had posted). So I don't know what else to ask if they won't tell me why. I appreciate the work you have done and I guess if all else fails I can always fall back to your great tool. They should be glad and lucky to have you on their support team.

----------------------------------------------------------------------

Share this post


Link to post
Share on other sites

It might be easier for you to use BlitzBlank, which comes with the Emsisoft Emergency Kit. That way you don't have to write a script by hand like I did.

As for the response you got, I was the one that gave it to you. ;)

The OTL log does show that a driver is missing, and it is the cleanhlp driver that the Emergency Kit Scanner registers to delete things. Without that driver it will fail to delete anything. It's possible that Norton Internet Security may be blocking registration of the driver, but I don't know that for certain.

Share this post


Link to post
Share on other sites

It might be easier for you to use BlitzBlank, which comes with the Emsisoft Emergency Kit. That way you don't have to write a script by hand like I did.

As for the response you got, I was the one that gave it to you. ;)

The OTL log does show that a driver is missing, and it is the cleanhlp driver that the Emergency Kit Scanner registers to delete things. Without that driver it will fail to delete anything. It's possible that Norton Internet Security may be blocking registration of the driver, but I don't know that for certain.

I'm just going to keep the tool as is for now. Can you answer me this please. I have used this tool a long time and I never had this hiccup before. That said though, when we were doing this and I think you may have mentioned disabling Norton and MBAM which I did and I still got the same result. When I download this Kit I was extracting it to my Flash drive. Is that how it is supposed to be installed because it defaults when I click open to C:/EEK. I always just let it install to the Flash instead. Is there a way to tell if the Driver you speak of gets registered?

Share this post


Link to post
Share on other sites

I'm just going to keep the tool as is for now. Can you answer me this please. I have used this tool a long time and I never had this hiccup before. That said though, when we were doing this and I think you may have mentioned disabling Norton and MBAM which I did and I still got the same result. When I download this Kit I was extracting it to my Flash drive. Is that how it is supposed to be installed because it defaults when I click open to C:/EEK. I always just let it install to the Flash instead. Is there a way to tell if the Driver you speak of gets registered?

I just did a quick scan with EEK and ended up with one bad file. I wanted to look at Blitz Bank and I don't think I have enough knowledge to start hacking stuff without really knowing how to use it. Now that I said that I had to run your .OTL Script.txt and when I did that I noticed that the log had all the bad things left over in the log. Not active but as you can see in the log file I have enclosed that there is a lot of things that were already done still in the log plus the one new file it deleted (Conduit) Reg Key. What I take from that is he script should be re-written every time or you'll end up with a log of all the stuff you have ever deleted, correct? It still works, you just end up with a lot of extra reading.

 

04152014_114355.log

Share this post


Link to post
Share on other sites

Extracting the EEK to a USB flash drive shouldn't cause any problems with it, as it is designed to be able to run from USB flash drives (we actually sell it on 16GB USB flash drives with licensing to be used for commercial purposes).

The EEK registers its driver when it tries to delete stuff. When a driver is registered, it's the same as creating a service, and a registry entry is created to define the driver and allow it to be loaded. Some software (such as Autoruns from Microsoft) can show you what drivers and services are registered on a computer running Windows without you needing to know how to check the registry or how to use utilities such as OTL. For reference, here's a screenshot of the driver highlighted in Autoruns (click on the screenshot to make it bigger):

post-18745-0-35593400-1397649801_thumb.p
Download Image

The OTL script was written to delete specific files and registry entries that were in your EEK log from earlier, so those are the only things it will tell OTL to delete. Basically, unless the exact same files and registry entries end up back on your computer, then the OTL script is essentially only useful once.

Share this post


Link to post
Share on other sites

   First on the OTL script that I left you yesterday. If you notice the 3rd entry down on the registry files that has /Software/Conduit/? That was the only piece of malware that came up on the scan yesterday so it looks like it might have worked again because it says it deleted it successfully. Even though it added all the other files that it had taken out the scan before, it still got the one from yesterday. Strange?

    As for when the driver registers. When you download and extract or when you click Quarantine? By the way thanks for answering these questions. You have been a lot of help.

Share this post


Link to post
Share on other sites

First on the OTL script that I left you yesterday. If you notice the 3rd entry down on the registry files that has /Software/Conduit/? That was the only piece of malware that came up on the scan yesterday so it looks like it might have worked again because it says it deleted it successfully. Even though it added all the other files that it had taken out the scan before, it still got the one from yesterday. Strange?

Actually it isn't strange. Conduit is a very popular framework for creating toolbars for web browsers, so something probably recreated that registry key.

 

As for when the driver registers. When you download and extract or when you click Quarantine?

It is registered the first time you click the 'Quarantine' or 'Delete' buttons.

Share this post


Link to post
Share on other sites

Actually it isn't strange. Conduit is a very popular framework for creating toolbars for web browsers, so something probably recreated that registry key.

 

It is registered the first time you click the 'Quarantine' or 'Delete' buttons.

Just on the first topic with the Conduit post. What I meant was when I first used your script to delete all those bad entries the "Conduit" line was not in there. It only became part of the bad stuff on the second go around and your script deleted it. I guess what I am trying to get at was when you first replied to me I understood by your reply that your script was only good for the first time you used it? When I added the one piece of malware,"Conduit" on the second go around your script deleted it. So I guess what I am trying to figure is that your script works more than once even though it includes the log of the stuff that it deleted the prior time? It appears that it worked twice for me because the Conduit line was the only thing added the second time and it did delete it.

Share this post


Link to post
Share on other sites

... I guess what I am trying to get at was when you first replied to me I understood by your reply that your script was only good for the first time you used it? ...

OTL doesn't have any way to know you've already run the script, so it will run it again if you copy and paste it into OTL and click the button to run the fix. What I was trying to say earlier was basically that, once you have run the script, everything should be deleted. Once everything is deleted, running the script just gives you a bunch of error messages because it couldn't find the stuff.

So I guess what I am trying to figure is that your script works more than once even though it includes the log of the stuff that it deleted the prior time? It appears that it worked twice for me because the Conduit line was the only thing added the second time and it did delete it.

You see the full list every time you run it because the full list is in the script. Basically, OTL tries to process each line of the script, and if it cannot then you will see it in the log with an error message (such as "Not found") listed right behind the path to whatever it was supposed to delete.

Share this post


Link to post
Share on other sites

OTL doesn't have any way to know you've already run the script, so it will run it again if you copy and paste it into OTL and click the button to run the fix. What I was trying to say earlier was basically that, once you have run the script, everything should be deleted. Once everything is deleted, running the script just gives you a bunch of error messages because it couldn't find the stuff.

You see the full list every time you run it because the full list is in the script. Basically, OTL tries to process each line of the script, and if it cannot then you will see it in the log with an error message (such as "Not found") listed right behind the path to whatever it was supposed to delete.

I understand what you said both times. What I am trying to say to you is I have run 2 different scans on 2 separate occasions. The first time I ran it it worked and kicked all the malware. The second scan, different day I ran through the same procedure of copying and pasting in the box with the one new piece of Malware from the new scan. It also deleted that besides not finding all that other stuff. So it actually worked 2 separate times for me and I was under the impression that you told me it was on good to work the one time, but that Conduit entry that it deleted was the only piece of Malware from the second go round. I can use this script numerous times?

Share this post


Link to post
Share on other sites

The script can be used as often as you want, but I have to assume that OTL won't find most of the items in the script (just like the second time you ran it).

Share this post


Link to post
Share on other sites

The script can be used as often as you want, but I have to assume that OTL won't find most of the items in the script (just like the second time you ran it).

That "Conduit" file was the only item that was detected in the second scan so the the "Script" did it"s job as it deleted the conduit file.

Share this post


Link to post
Share on other sites

The script can be used as often as you want, but I have to assume that OTL won't find most of the items in the script (just like the second time you ran it).

This is the second post today. Sorry for going on but I'd like to try and get to the root of why this cleaning helper driver will not register. I uninstalled Norton and MalwareBytes today completely to see if this was the cause and I ran scans with EEK on the Flash and then off of the C drive. Both times it failed to register the driver. What would you do? Is this EEK still messed up or is it something in my system that is preventing this from working? I have a Kaspersky Rescue disk that I thought might be worth running to see if it's some piece of Malware that is embedded deep and is preventing the driver from registering. If you have another answer please feel free to give it to me if you would.

Share this post


Link to post
Share on other sites

There are been some computers that would not allow us to create some of our drivers, even though they were clean. In those cases, even when we tried to manually create them from the command line it didn't work. It's possible that it is a registry permissions issue, but in that case other software would have the same issue (such as Malwarebytes Anti-Malware and Norton).

There are tools, such as Windows Repair (All In One), which can reset registry permissions. Just be sure to run through the backup steps before running any fixes in tools like that.

Share this post


Link to post
Share on other sites

There are been some computers that would not allow us to create some of our drivers, even though they were clean. In those cases, even when we tried to manually create them from the command line it didn't work. It's possible that it is a registry permissions issue, but in that case other software would have the same issue (such as Malwarebytes Anti-Malware and Norton).

There are tools, such as Windows Repair (All In One), which can reset registry permissions. Just be sure to run through the backup steps before running any fixes in tools like that.

I went to the Windows Repair page that you linked me to and noticed that the Registry permissions line was highlighted. Was that you or just an example from webpage designers? The reason I ask is there are 28 plus boxes that could be checked. Is this the one that you think is most likely the culprit? I just need to know which one you think I should click? I have about a months worth of Acronis backups so I'm not afraid to make a mistake. Would rather not but there has to be a reason this is happening.

Share this post


Link to post
Share on other sites

There are been some computers that would not allow us to create some of our drivers, even though they were clean. In those cases, even when we tried to manually create them from the command line it didn't work. It's possible that it is a registry permissions issue, but in that case other software would have the same issue (such as Malwarebytes Anti-Malware and Norton).

There are tools, such as Windows Repair (All In One), which can reset registry permissions. Just be sure to run through the backup steps before running any fixes in tools like that.

I just downloaded and ran it again off of a Flash drive and it wanted to work but would not put the tracking cookies in Quarantine or delete them. I went into Autoruns to see about the driver and this time it was there but the box next to it was unchecked. What do you think?

 

post-25650-0-08639100-1398196458_thumb.png
Download Image

Share this post


Link to post
Share on other sites

I just downloaded and ran it again off of a Flash drive and it wanted to work but would not put the tracking cookies in Quarantine or delete them. I went into Autoruns to see about the driver and this time it was there but the box next to it was unchecked. What do you think?

 

attachicon.gifEMSISOFT.PNG

Got another one for you. I ran the Repair tool to that you linked for me and  I fixed the registry files. Or re-registered them and I re-ran the EEK. It actually worked for the one piece of Malware that it found but it won't quarantine or delete the tracking cookies. The checkmark is now in the driver box of Autoruns and it is checked, but it will not delete these tracking cookies. The 1 piece of Malware went right awayt to quarantine but the tracking cookies just stayed. What is up??? I am losing my mind with this. Aren't these cookies supposed to delete otherwise why ask if I want to search for them?

Share this post


Link to post
Share on other sites

Got another one for you. I ran the Repair tool to that you linked for me and  I fixed the registry files. Or re-registered them and I re-ran the EEK. It actually worked for the one piece of Malware that it found but it won't quarantine or delete the tracking cookies. The checkmark is now in the driver box of Autoruns and it is checked, but it will not delete these tracking cookies. The 1 piece of Malware went right awayt to quarantine but the tracking cookies just stayed. What is up??? I am losing my mind with this. Aren't these cookies supposed to delete otherwise why ask if I want to search for them? Here is the log to show you that it worked with the file but left the tracking cookies alone . Why??a2scan_140422-203914.txt

 

Share this post


Link to post
Share on other sites

I am waiting for them to fix the problem of not being able to delete the tracking cookies as well.  I updated the Emergency Kit just now, but it still hasn't been fixed.  Hopefully it will be fixed soon as I use this feature frequently. 

Share this post


Link to post
Share on other sites

I am waiting for them to fix the problem of not being able to delete the tracking cookies as well.  I updated the Emergency Kit just now, but it still hasn't been fixed.  Hopefully it will be fixed soon as I use this feature frequently. 

Wow someone else that had issues with this. I have been trying to get this tool to work the way it used to for the longest time now. One of their support people had me re-register my registry files but the reason I had to do that was because I couldn't get the tool to register the driver that sends the stuff to Quarantine. I finally got it to work last night but I still can't get rid of the tracking cookies. Let me know if you find anything out new. I will do the same .

Share this post


Link to post
Share on other sites

Actually, the issue with not being able to delete tracking cookies isn't going to be fixed, since the cookie scan is going to be removed.

I recommend using something such as Ghostery to prevent tracking cookies, as that is a lot more effective than relying on an on-demand scanner to detect and remove them after the fact.

Share this post


Link to post
Share on other sites

Actually, the issue with not being able to delete tracking cookies isn't going to be fixed, since the cookie scan is going to be removed.

I recommend using something such as Ghostery to prevent tracking cookies, as that is a lot more effective than relying on an on-demand scanner to detect and remove them after the fact.

Thank you. So this isn't just me? Man I worked my ass of trying to figure this out.

Share this post


Link to post
Share on other sites

Yes, there are a number of people who are having the issue with not being able to remove tracking cookies.

Share this post


Link to post
Share on other sites

Emsisoft employee Christian Peters has verified that there is a problem with the latest version (1.0.0.175) of the Cleaning Engine (clean32.dll).

It may be causing your problems.

See http://support.emsisoft.com/topic/14233-emsisoft-cls-ver-81031-does-not-perform-scans/

 

Moderator note: Quoted post moved here to avoid hijacking this topic.

 

I was told that the whole search and delete of the COOKIES is going to be a thing of the past very soon. As I was having problems with both cookies and malware deleting or quarantining I have finally got my cleaning driver to work again. All except for the cookies and I was told not to sweat that as it would be a thing of the past soon enough. Any idea when hat might happen? By the way thanks for the heads up!

Share this post


Link to post
Share on other sites

You're welcome.  I don't know when tracking cookies detection will be removed.

 

As GT500 mentioned in post #35, Ghostery is an alternative.
Ever since I installed Ghostery and DoNotTrackMe add-ons in Firefox, tracking cookies are rarely found by EEK scans.

Share this post


Link to post
Share on other sites

You're welcome.  I don't know when tracking cookies detection will be removed.

 

As GT500 mentioned in post #35, Ghostery is an alternative.

Ever since I installed Ghostery and DoNotTrackMe add-ons in Firefox, tracking cookies are rarely found by EEK scans.

I have DoNotTrackMe installed in Chrome and Firefox, although I use Chrome as my primary browser. As I only ran scans with EEK maybe once a month they only found 10 tracking cookies in the search and I'd say that's not bad after a month. I do run CCleaner on a scheduled task 2 times a week at night so that probably helps and if my browser history gets too full I'll run google chromes default cleaner. Pretty easy like you said to get rid of those so I won't use EEK for that anymore. Just malware.

Share this post


Link to post
Share on other sites

Wondering if this bug has been patched yet? Really enjoy the product besides this issue, deep scanned my i7 with Samsung EVO SSD in under 15 min. Essentially 2 scans in one with dual Emsisoft and Bitdefender engines. :wub:

Share this post


Link to post
Share on other sites

One of the issues reported in this topic was fixed, but the one related to removing tracking cookies was not fixed since the cookie scan is going to be removed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.