Jump to content

Win defender quarantines Emsisoft Anti-Malware\a2hooks64.dll


Recommended Posts

I turned on PC this morning and have both Emsisoft and a perodic scan using Windows Defender enabled (Been set that way for some time now) anyway Defender uprooted its ugly head this morning over a file in Emsisoft:

I know this file is part of Emsisoft antimale, but could it have really become infected with some ransom crap or is this a false finding with Windows Defender: results of scan below


Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

file:C:\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll

curios of those running Win 10 64 Bit and emsisoft, if you run a windows denfender scan are you getting this as well?


Perhaps Microsoft at its game again: Eliminate all competition even if disassembling a great A/V to risk customers potential Bull-Shit invasions that defender has no idea how to handle, and curls up in a fetal position while your Pc is ravaged, raped of data and destroyed. sold on the black market to who knows who and your credit and life become a dark blanketed cesspool of pain and burden.. No Thanks defender I am not quarantining or disabling this until get the word from Emsisoft to do so! 


PC O/S: Windows 10 Version 1607 for x64-based Systems

Emsisoft Antimalware: Version 2017.1.0.7125

windows Defender info:

Antimalware Client Version: 4.10.14393.0

Engine Version: 1.1.13407.0

Antivirus definition: 1.235.1637.0

Antispyware definition: 1.235.1637.0

Network Inspection System Engine Version: 2.1.12706.0

Network Inspection System Definition Version:

Link to comment
Share on other sites

I also encountered this shortly after you posted your message... My Microsoft Security Essentials/Windows Defender indicated that Ransom:Win32/Nemreq.A was detected in a2hooks64.dll. As I am typing my current message, another notification from Microsoft Security Essentials came up and displayed the same message (as described by RSLCS) with a different directory:


And, Microsoft Security Essentials just kept popping up the same message after some minutes again and again... Someone please kindly advise!

BTW, I am running Windows 7 64-bit and have both Emsisoft Internet Security and Microsoft Security Essentials active.

Link to comment
Share on other sites

Just to clarify, this is a false positive from Windows Defender. The problem is that if this file keeps getting deleted, your computer will be at risk because without this file Emsisoft products cannot properly protect your computer. If possible I would either disable Windows Defender or create an exclusion in Windows defender for this file to avoid possible problems.

Link to comment
Share on other sites

As a follow up, only the a2hooks64.dll file in the stable version of EAM/EIS is detected (the same file in beta is not detected). According to MS malware protection:


SHA1 92CBB4204FB774FCC61342DF2FCF7123B53D8BF5
Detection Status Ransom:Win32/Nemreq.A
Alert Level severe
File a2hooks64.dll

Let's hope they will fix this ASAP.

Link to comment
Share on other sites

I have a customer on beta it was also detected on his machine a well. so the above is in correct


Also my point  about the Windows defender finding was, Yes many users and customers only have Emsisoft running, however many a Windows update will indeed turn on Windows Defender, also noted  at times while on some computers I have been servicing remotely or on site I have seen cases were customer has a really slow internet connection and there is a big lag between updating and applying the new services Windows  thinks there is no antivirus installed so it turns on Windows Defender as well.


And for these folks whom have Defender on ( like it or not or even not aware it is running) the needed a2hooks64.dll get either quarantined or even worse removed then Emsisoft isn't running at all.


RSL Computer Solutions, LLC


Link to comment
Share on other sites

Any chance you can check if the hash of the file (in beta version) is the same as the one I posted above? Unfortunately besides reporting this to Microsoft and hoping they'll fix it ASAP, there is very little we can do about it. Even if the file is deleted, any update should redownload the file, so as long as you disable Windows Defender or create an exclusion for the file you should be okay.

FTR, Microsoft FPs can be reported here: https://www.microsoft.com/en-us/security/portal/submission/submit.aspx

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...