haixing 0 Report post Posted April 3, 2018 I used EEK to run a custom scan to scan full disk for 2 times and it crash in same file (in picture): Hope help to solve bugs. Download Image Quote Share this post Link to post Share on other sites
JeremyNicoll 47 Report post Posted April 3, 2018 Which version of EEK? Is it one you downloaded, or one you created using a new option in EAM? What OS were you running it on? 1 Quote Share this post Link to post Share on other sites
haixing 0 Report post Posted April 3, 2018 Standalone EEK Ver 2018.3.0.8532 stable [zh-cn] OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition) X64 I just downloaded it before use and updated the signatures. The last log is: --------------------------------- 2018/4/3 18:09:55 扫描主引导区... 2018/4/3 18:09:55 扫描系统文件夹 'CSIDL_DRIVERS'... 2018/4/3 18:09:57 扫描内存 ... 2018/4/3 18:10:05 扫描残留痕迹 ... 2018/4/3 18:10:10 扫描文件夹 ... --------------------------------- End with scanning folders. Scan setting(in picture): Download Image Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 4, 2018 We'll probably need a memory dump from a2emergencykit.exe. You can save one by using Process Hacker. When the Emergency Kit Scanner crashes, simply open Process Hacker and look for a2emergencykit.exe in the list (there's a search field to make it easier). If you right-click on a2emergencykit.exe and select Create dump file it will allow you to save the memory dump. Just be sure to do this before clicking anything in the dialog that tells you the Emergency Kit Scanner crashed, other wise Windows will unload a2emergencykit.exe from memory and you won't be able to find it in Process Hacker. Once saved, you can ZIP the memory dump, and send it to us. If it's too big to attach to a reply then you can use a file sharing service to send it (send me a link in a private message). 1 Quote Share this post Link to post Share on other sites
haixing 0 Report post Posted April 4, 2018 OK, I will do some research to make a memory dump after scan my machine using other scanner to secure it. Thanks for replies. And please forgive my pool English. XD Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 5, 2018 Is the scan able to complete after disabling Direct Disk Access and/or the option to scan NTFS Alternate Data Streams? 1 Quote Share this post Link to post Share on other sites
haixing 0 Report post Posted April 5, 2018 I disable Direct Disk Access and it can work properly...But I did made the crash again with the old setting(Direct Disk Access and NTFS Alternate Data Streams enabled). When it crash the memory usage in Windows's Task Manager down to 0.1MB, but in Sysinternals' s vmmap was 1303788K ? I packed the screenshot into the 7z file. And I used Sysinternals' s procdump64 to make some dump files without update the EEK (Because processhacker's virustotal scan result is a little scary... ). 3 full dumps(1.22GB) and 3 miniplus dumps(184MB). I will PM you the Google drive link to the dump files. There are also include some screenshot of procdump' s output and file samples of where EEK crashed in the 7z file. Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 6, 2018 On 4/5/2018 at 2:58 AM, haixing said: I disable Direct Disk Access and it can work properly...But I did made the crash again with the old setting(Direct Disk Access and NTFS Alternate Data Streams enabled). OK, that's more than likely a bug we're already aware of in Emsisoft Anti-Malware, and since EEK was updated at the same time they have the same root cause (even if the symptoms are a bit different). Hopefully we'll have a solution available soon. On 4/5/2018 at 2:58 AM, haixing said: And I used Sysinternals' s procdump64 to make some dump files without update the EEK (Because processhacker's virustotal scan result is a little scary... ). 3 full dumps(1.22GB) and 3 miniplus dumps(184MB). Some of our developers and malware analysts use Process Hacker. It's safe, and many find it more useful than Process Explorer from Sysinternals. 1 Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 6, 2018 Our developers just confirmed that this is the issue we are already aware of, and that you can try installing the latest beta version to see if that resolves it: Open Emsisoft Emergency Kit. Click on Settings below the Scan tile. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list. Return to the Overview screen by clicking Overview in the menu at the top. Have Emsisoft Emergency Kit check for updates. 1 Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 6, 2018 FYI: I've been told that the beta update to address this issue has not yet been published for EEK, and that for now you will have to either turn off Direct Disk Access or scanning for Alternative Data Streams in order for the scans to complete without issues. 1 Quote Share this post Link to post Share on other sites
haixing 0 Report post Posted April 7, 2018 Thanks a lot! I will try it later. Love your software! Quote Share this post Link to post Share on other sites
GT500 505 Report post Posted April 10, 2018 Just to let you know, this issue should now be fixed in the latest stable version of EEK:https://blog.emsisoft.com/en/30914/emsisoft-emergency-kit-2018-3-1/ If you switched to the Beta update feed, then feel free to switch back to the Stable update feed and check for updates. Quote Share this post Link to post Share on other sites
