Recommended Posts

I'm not following these directions as it seems they are for advanced users.

- Open a command prompt window (Run: cmd.exe)
- Switch to the drive of the USB Stick (e.g.: f:), then to the folder of the executable files (e.g.: cd run)
- Run the scanner by typing: a2cmd.exe
This is the part I don't understand:
"then to the folder of the executable files (e.g.: cd run)"

So I ask, what is "cd run" that's a horrible example, and certainly only good for the technically inclined.  They are saying the name of the folder containing EEK is called "run"?

So "cd foldercontainingEEK", then type "a2cmd.exe"?

Thanks in advance

Share this post


Link to post
Share on other sites

The CD command changes directory. In the example "run" is the name of a folder, and you should substitute the name of the folder you want to switch to. The example does assume a certain level of understanding of how the Command Prompt and command-line programs work, so if there's ever anything you don't understand then please feel free to let us know and we'd be happy to assist you. ;)

When you run a2cmd.exe you need to specify what options you want to use. For instance, if you want to see the documentation for a list of supported command line parameters, you would run the following command:

a2cmd.exe /?


If you just want to scan all files on a specific drive (for example the F: drive), then you would run the following command (capitalization not required):

a2cmd.exe F:


If you want to scan a specific drive and also scan within archives (ZIP, RAR, 7z, etc), then you would run the following command:

a2cmd.exe F: /a

 

Here's the documentation displayed when you run a2cmd.exe /? (taken from the version bundled with Emsisoft Anti-Malware, which is almost identical to the standalone version of a2cmd.exe):

a2cmd.exe [path] | [parameters]

Scan types (can be used together):

   /f=[], /files=[path]   Scan files. Full path to file or folder required
   /quick                 Scans all active programs and Spyware Traces
   /malware               Good and fast result, but only important folders will
                          be scanned
   /rk, /rootkits         Scan for active Rootkits
   /m,  /memory           Scan Memory for active Malware
   /t,  /traces           Scan for Spyware Traces

   /fh=[handle] /pid=[PID]            Scan file by handle. Process ID of the
                                      handle is required
   /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID
                                      are required

Scan settings (used with scan types):

   /pup                        Alert Potentially Unwanted Programs (PUP)
   /a, /archive                Scan in compressed archives (zip, rar, cab)
   /am                         Scan in mail archives
   /n, /ntfs                   Scan in NTFS Alternate Data Streams
   /cloud=[]                   If it is "1" then scanner will use cloud 
                               requests (defaul value is "1")
   /dda, /directdiskaccess     Use direct disk access
   /l=[], /log=[filepath]      Save a logfile in UNICODE format
   /la=[], /logansi=[filepath] Save a logfile in ANSI format
   /x=[], /ext=[list]          Scan only specified file extensions, comma
                               delimited
   /xe=[], /extexclude=[list]  Scan all except the specified file extensions
   /wl=[], /whitelist=[file]   Load whitelist items from the file
   /d,     /delete             Delete found objects including references
   /dq,    /deletequick        Delete found objects quickly
   /q=[], /quarantine=[folder] Put found Malware into Quarantine
   /rebootallowed              Allows automatic OS restart, if this is required
                               to remove found threads
   /s, /service   Run scan via windows service and keep the engine loaded

Malware handling (standalone parameters):

   /ql, /quarantinelist            List all quarantined items
   /qr=[], /quarantinerestore=[n]  Restore the item number n of the quarantine
   /qd=[], /quarantinedelete=[n]   Delete the item number n of the quarantine

Online updates:

   /u, /update                Update Malware signatures
   /uf=<feed>,
   /updatefeed=<feed>         Update from specified update feed
                              Applicable only to standalone a2cmd package.
   /proxy=[proxyname:port]    Proxy address and port number
   /proxyuser=[username]      Proxy user name
   /proxypassword=[password]  Proxy user password

General commands:

   /?, /help            Show help message

Result codes:

   0 - No infections were found
   1 - Infections were found

 

Share this post


Link to post
Share on other sites

Thanks GT500, I'll test er out here soon.  If "run" is the assumed folder I got it.  I would think a bootable device would be better, that's what I've been testing, other bootable devices.  But I'm a novice so maybe I'm missing why this would be as good or better than a bootable device?  I can also see the advantage of running it from a USB, but what if one is not able to run a command prompt?

Thanks

Share this post


Link to post
Share on other sites

Scanning from a bootable disk or USB flash drive (assuming that's what you were referring to) would mean the scanner doesn't have access to the registry, at least not without a lot of special work to get access to that registry. In addition to that, normal system file protection built in to the scanning and cleaning engines wouldn't really be very effective from a bootable environment. It's best to scan the system while the OS installed on the drive you're scanning is booted and running normally. Infections that can protect themselves from the scanner are extremely rare these days, and should be removed manually anyway (removing them can be dangerous).

Share this post


Link to post
Share on other sites

You make a good point, thanks for reminding me of this aspect!  I will use Emsisoft to see how well I get on with it.  I know it is a good product but am very wary of using Malware tools as they take a long time, then still end up with a damaged file system by malware anyhow.  I don't know well enough how to fix the broken file system other than the usual sfc and DISM.

Thanks

Share this post


Link to post
Share on other sites

Some infections do alter system files, registry entries, etc. which can cause odd symptoms (or even boot failures) after removal. SFC and DSIM can repair a lot of those issues, and are not bad tools to turn to when there's an issue.

That being said, if our scanner detects something that it thinks might be dangerous to remove, it won't remove it. Instead it will tell you that it couldn't be removed and advise that you seek removal support on our forums. You can also contact us via e-mail if you prefer.

Share this post


Link to post
Share on other sites

We prefer to do it that way rather than risk damaging someone's computer. If there's any possibility of that, then we'd rather have the customer in contact with one of our malware removal experts when it happens, that way we can assist them with getting it fixed.

Share this post


Link to post
Share on other sites

I'm a little confused now on how to use this tool.  I thought it's main function was to be run from a USB, but, it is an Executable,  so in my ignorance I installed it to my pc.  I guess my problem is not knowing the lingo, and not thinking an .exe is something that is Extracted, but installed.

1. First off, did it really install files all over my pc, or did it just Extract itself to a Folder in my C: Drive, because that is where I see it.

Now I'm trying to "Install" to the same folder I had the .exe in on the USB Drive, is this correct?  I don't get it, the documentation is really horrible on this little tool that you guys are proposing as so super?  Installation is still going quite slow, maybe due to the 2.0 USB I'm using?  I really like Emsisoft and reading all their articles, and I believe that you are a very good company, so don't let me down guys haha, thanks.

2. Install done, I will give it a try, but will someone confirm for me if I am correct in "Installing", and I say Installing because it is an .exe, and not a zip or other archive type file.

Thanks, I hope this is going to be a good experience but so far not for a noob like me.

Share this post


Link to post
Share on other sites

1. Now I'm updating what I thought was Definitions.  It is going on forever.  The progression bar says it is working, but the Big Green Square, first Icon, Updater says it is "Installing" "last update 20min ago" "Software up to Date" what is going on here?  I can also see my USB is active, so something must be still working here right?  

Could this really be the Definitions still Downloading or Installing?

Share this post


Link to post
Share on other sites

Confused:  an .exe file, an "executable", is just a program that can be run.  Sometimes, if that program is an installer for something else it will indeed unpack a set of files somewhere and then copy/move them around (eg installing them into folders that belong to Windows).   Sometimes it will just run itself.

A program does not need to be "Installed to" anywhere if it is designed to just run from wherever it is.  So I'd expect the EEK executable to be happy on a USB drive, and if you chose to copy it somewhere else, I'm sure it'd be happy there too.

If you copied the EEK executable to your C drive, then ran it, and it unpacked itself into a set of files... that's all you'd need to do.  One of those files will be a different .exe  named a2cmd.exe (or something like that, I think), and that's the program you then run to run EEK itself.  If you're now trying to install that set of files to the USB drive you're going round in circles.  All you needed to do was double-click the .exe on the USB drive, have it unpack some files, then run the unpacked .exe.

I'm not sure about your second question; I'm wondering if somehow you've got Windows confused with several copies of EEK in different places.

 

Share this post


Link to post
Share on other sites

In this case, did it install files and folders elsewhere, or just in One Folder in Local Disk > C Drive?  I see know that an .exe can be an installer or what I consider sort of an Unpacker.  But still, this does not answer the question.  Are other files installed, or was it just Unpacked to the EEK Folder in C?

49 minutes ago, JeremyNicoll said:

A program does not need to be "Installed to" anywhere if it is designed to just run from wherever it is.  So I'd expect the EEK executable to be happy on a USB drive, and if you chose to copy it somewhere else, I'm sure it'd be happy there too.

I guess I need to search for files all over File Explorer, why don't they just be more clear about the type of program it is?  The Tutorial really needs a tune up, or at least the one I looked at .

 

41 minutes ago, JeremyNicoll said:

I'm not sure about your second question; I'm wondering if somehow you've got Windows confused with several copies of EEK in different places.

 

You say this, but then below you said:

51 minutes ago, JeremyNicoll said:

If you're now trying to install that set of files to the USB drive you're going round in circles.

Please keep it simple for me, is this program designed to run from a USB or not?  Because when I did, the Updates would never stop.  I will post the Errors once I'm done running the one from the C Drive.  The one I Extracted to on the C Drive seemed to Update Correctly, but had one error/fail for some reason.

The whole reason for me doing this was to see if it would run from a USB, but am happy to have it on my pc also.

Share this post


Link to post
Share on other sites

As far as I know it's meant to run from anywhere, including a USB stick.  That's what the instructions at the top of this post say.  Perhaps it would help if you said you actually did at the start.  Presumably you downloaded EEK from this website and ended up with something named   EmsisoftEmergencyKit.exe   then put that on your USB drive and double-clicked it to run it?

I've not run it because I'm not certain I can do so without - maybe - altering something about how EAM runs here.  But looking at what's inside  EmsisoftEmergencyKit.exe  I think it would create a couple of folders of files named  bin32 and bin64,  a readme file,  and two other .exe's.   When you read the contents of the readme file it tells you three ways to run EEK itself. 

I don't know why "the updates would never stop"...   unless there's a problem with the USB stick itself - if it's full or can't be written to?

  • Like 1

Share this post


Link to post
Share on other sites

EEK is a portable program. It does not install in the accepted understanding of the word, instead it unpacks itself when you double-click on the download to a folder in C drive. So it will be C:/EEK.

You can move this folder to a USB stick if you wanted (or copy it and have one on the machine and one on the USB

 I don't use the command line scanner in the EEK folder, I use the other scanner which opens the graphic user interface (so you can see what you are doing:)

When you want to remove EEK you just delete the folder because it's portable and didn't install, it just ran from the folder.

  • Like 1

Share this post


Link to post
Share on other sites

That's what I'm understanding now stapp.

I wonder if it is not accepted to Extract Back to the same folder on the USB where is was downloaded to in the first place?

Next time I will try to Copy over the Extracted Folder from C:/EEK back to the USB.  Or, now that I know, will just Extract to the Target pc and leave it there.  Though, it takes longer to Extract and Update, so I wonder if I can use the same Folder from C:/EEK to drop into any of my pc's?

Either way I think I got it now, though I did not understand the install method at first.

Share this post


Link to post
Share on other sites

I deleted all the files on my USB, and now I cannot download another one.  Keeps asking me to Subscribe to the Newsletter but I already have.  I forget which files came with the download or else I could copy them back from my C:/EEK...maybe.  No, don't see the original .exe there....Arrgggg

Okay, finally got it.  Boy today has been one of those frustrating days for sure!

Share this post


Link to post
Share on other sites
4 hours ago, Mackattack said:

1. First off, did it really install files all over my pc, or did it just Extract itself to a Folder in my C: Drive, because that is where I see it.

The "installer" is a self-extracting RAR archive. It only extracted files to the folder specified during the "installation" process. You can copy that folder to another location (including a USB flash drive) and run EEK from there if you want. EEK is completely portable, so moving it around isn't a problem, even from computer-to-computer (no installation required). ;)

 

4 hours ago, Mackattack said:

Now I'm trying to "Install" to the same folder I had the .exe in on the USB Drive, is this correct?

You can install it wherever you want. Default is to "install" (or "extract") the files to a folder named "EEK" in the root of the drive, however you don't have to do it that way if you don't want to. It's entirely up to you, and whether or not you intend to have other things on the USB drive.

 

5 hours ago, Mackattack said:

I don't get it, the documentation is really horrible on this little tool that you guys are proposing as so super?

Most of the documentation had been moved to the help file within the product itself. I would believe we moved most of the documentation to our helpdesk as well recently, and you can find the EEK section at this link.

 

1 hour ago, Mackattack said:

I deleted all the files on my USB, and now I cannot download another one.  Keeps asking me to Subscribe to the Newsletter but I already have.  I forget which files came with the download or else I could copy them back from my C:/EEK...maybe.  No, don't see the original .exe there....Arrgggg

If it helps, we have a ZIP download as well:
http://dl.emsisoft.com/EmsisoftEmergencyKit.zip

Just extract it to wherever you want, and run EEK.

  • Like 1

Share this post


Link to post
Share on other sites

Those are good links GT500, very much appreciate it.  I could not find those on my own.  It's been a rough day so apologies for being irritated.  I know you guys are a good group of people and write some really good articles also.  I think I got the hang of it now.

Don't know why I was not able to Update it after Extracting to the same location that it was downloaded to, a USB?  I'll give it another go on another day.  For now am happy to have another good tool just in case.  It seems to run very fast and I was able to easily Right Click and Whitelist a few files.  All in all, I like things that are simple and run fast, and of course I know you guys make good products.  I will try to make a donation soon if that is an option, if so where is the link please?

Thanks guys for sticking with me and helping me learn how to use EEK!

Share this post


Link to post
Share on other sites
On 7/24/2018 at 6:16 PM, Mackattack said:

I will try to make a donation soon if that is an option, if so where is the link please?

I don't think we have an option for donations. Just premium license keys for our products.

 

On 7/24/2018 at 6:28 PM, Mackattack said:

I wonder if my Avast AV was preventing me from Updating EEK from the USB, I'll read up on that, already found the link, thanks.

That's possible. If so, it should be logged somewhere in Avast Anti-Virus.

Share this post


Link to post
Share on other sites

Hello

I want to run Emergency kit from a bootable USB stick.

What sysop os needed to support EEK tools ?

Thanks a lot

Horacio

Share this post


Link to post
Share on other sites
6 hours ago, HBB said:

Hello

I want to run Emergency kit from a bootable USB stick.

What sysop os needed to support EEK tools ?

Thanks a lot

Horacio

Do you mean "what operating system"?    Windows.

You can't boot linux or some other special recovery enviroment, then run EEK.   You need to boot a Windows system.

Share this post


Link to post
Share on other sites
20 hours ago, HBB said:

I want to run Emergency kit from a bootable USB stick.

What sysop os needed to support EEK tools ?

If I'm not mistaken, I would believe your question was already answered via live chat. I'll go ahead and leave an answer here as well, in case anyone else is curious about this.

EEK currently requires Windows 7, Windows 8.1, or Windows 10 (with all current Windows Updates installed). It also runs on Windows Server 2008 R2 and newer (again with all current Windows Updates installed).

That being said, we do not recommend running EEK from a bootable environment. There are certain system file protection mechanisms built in to the scanner which may only function correctly when EEK is run while the OS on the drive you're scanning is booted. EEK's scanner will also be less effective if it is run without access to the registry of the infected OS install. Ideally it is best to run your scans while Windows is booted normally on the infected system, however Safe Mode is a reasonable alternative if running Windows normally isn't a possibility.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.