Carelia 0 Posted November 5, 2015 Report Share Posted November 5, 2015 Emsisoft Anti-Malvare announce that two kernel-files are infected. It also recommended not to do any attempt to fix situation by my self. Those kernel-files are following: C:\Windows\System32\wuaueng.dll C:\windows\System32\wucltux.dll So, what suggest You me to do to fix that problem? FRST.txt Addition.txt scan_150919-151252.txt Link to post Share on other sites
Kevin Zoll 309 Posted November 6, 2015 Report Share Posted November 6, 2015 Karzan, Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2554905722-472262917-501087458-1001\...\RunOnce: [Application Restart #4] => C:\Users\Kari\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-clie (the data entry has 547 more characters). 2015-10-12 15:43 - 2015-10-12 15:43 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-11-04 21:03 - 2015-07-14 03:14 - 00000000 ____D C:\Users\Kari\AppData\Local\Pokki C:\Users\Kari\AppData\Local\Temp\Extract.exe C:\Users\Kari\AppData\Local\Temp\oct9B41.tmp.exe C:\Users\Kari\AppData\Local\Temp\SP72853.exeClose Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Link to post Share on other sites
Carelia 0 Posted November 6, 2015 Author Report Share Posted November 6, 2015 Hello Kevin, After saving the Fixlog to my desktop, and pressing first time the fix button of FRST64, Emsisof-Antimalware show the behavior warning and suggested to quarantine the program, and that I also did before understanding whats happened. Ok, I returned FRST64 back from the qurantine and tried the same again. The warning appeared again but this time I pres the ”allow once” button and the Fixlog.txt appeared to desktop. Why there is not bossibility to add an attachement to THIS message? Last time I had pressed the "More Reply Options"- button (there right dawn corner) and there had opened a new reply area with the possibility to add an attachement, but I dont know has it come at the destination! Best regards, Karzan Link to post Share on other sites
Kevin Zoll 309 Posted November 9, 2015 Report Share Posted November 9, 2015 Support Topic closed. Transferred to Help Desk. Link to post Share on other sites
Recommended Posts