Recommended Posts

Which version of EEK?     Is it one you downloaded, or one you created using a new option in EAM?     What OS were you running it on?

  • Thanks 1

Share this post


Link to post
Share on other sites

Standalone EEK Ver 2018.3.0.8532 stable [zh-cn]
OS: Windows 10 (Version 10.0, Build 16299, 64-bit Edition) X64

I just downloaded it before use and updated the signatures. 

The last log is:

---------------------------------

2018/4/3 18:09:55
扫描主引导区...

2018/4/3 18:09:55
扫描系统文件夹 'CSIDL_DRIVERS'...

2018/4/3 18:09:57
扫描内存 ...

2018/4/3 18:10:05
扫描残留痕迹 ...

2018/4/3 18:10:10
扫描文件夹 ...

---------------------------------

End with scanning folders.
Scan setting(in picture):

Snipaste_2018-04-03_21-47-27.png
Download Image

Share this post


Link to post
Share on other sites

We'll probably need a memory dump from a2emergencykit.exe. You can save one by using Process Hacker. When the Emergency Kit Scanner crashes, simply open Process Hacker and look for a2emergencykit.exe in the list (there's a search field to make it easier). If you right-click on a2emergencykit.exe and select Create dump file it will allow you to save the memory dump. Just be sure to do this before clicking anything in the dialog that tells you the Emergency Kit Scanner crashed, other wise Windows will unload a2emergencykit.exe from memory and you won't be able to find it in Process Hacker.

Once saved, you can ZIP the memory dump, and send it to us. If it's too big to attach to a reply then you can use a file sharing service to send it (send me a link in a private message).

  • Thanks 1

Share this post


Link to post
Share on other sites

OK, I will do some research to make a memory dump after scan my machine using other scanner to secure it. Thanks for replies. And please forgive my pool English. XD

Share this post


Link to post
Share on other sites

Is the scan able to complete after disabling Direct Disk Access and/or the option to scan NTFS Alternate Data Streams?

  • Thanks 1

Share this post


Link to post
Share on other sites

I disable Direct Disk Access and it can work properly...But I did made the crash again with the old setting(Direct Disk Access and NTFS Alternate Data Streams enabled).

When it crash the memory usage in Windows's Task Manager down to 0.1MB, but in Sysinternals' s vmmap was 1303788K ? I packed the screenshot into the 7z file.

And I used Sysinternals' s procdump64 to make some dump files without update the EEK (Because processhacker's virustotal scan result is a little scary... ). 3 full dumps(1.22GB) and 3 miniplus dumps(184MB).

I will PM you the Google drive link to the dump files. There are also include some screenshot of procdump' s output and file samples of where EEK crashed in the 7z file.

 

Share this post


Link to post
Share on other sites
On 4/5/2018 at 2:58 AM, haixing said:

I disable Direct Disk Access and it can work properly...But I did made the crash again with the old setting(Direct Disk Access and NTFS Alternate Data Streams enabled).

OK, that's more than likely a bug we're already aware of in Emsisoft Anti-Malware, and since EEK was updated at the same time they have the same root cause (even if the symptoms are a bit different). Hopefully we'll have a solution available soon.

 

On 4/5/2018 at 2:58 AM, haixing said:

And I used Sysinternals' s procdump64 to make some dump files without update the EEK (Because processhacker's virustotal scan result is a little scary... ). 3 full dumps(1.22GB) and 3 miniplus dumps(184MB).

Some of our developers and malware analysts use Process Hacker. It's safe, and many find it more useful than Process Explorer from Sysinternals. ;)

  • Thanks 1

Share this post


Link to post
Share on other sites

Our developers just confirmed that this is the issue we are already aware of, and that you can try installing the latest beta version to see if that resolves it:

  1. Open Emsisoft Emergency Kit.
  2. Click on Settings below the Scan tile.
  3. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
  4. Return to the Overview screen by clicking Overview in the menu at the top.
  5. Have Emsisoft Emergency Kit check for updates.

  • Thanks 1

Share this post


Link to post
Share on other sites

FYI: I've been told that the beta update to address this issue has not yet been published for EEK, and that for now you will have to either turn off Direct Disk Access or scanning for Alternative Data Streams in order for the scans to complete without issues.

  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.