thebigeasytraveler 0 Report post Posted November 13, 2018 Software continuously keeps catching these infections and places into quarantine. Happening every minute or so. Are they safe? What can be done to stop the pop-up every 1 minute and/or get rid of these files if they are harmful? 1. Medium risk Malware "Behavior.Spyware" in "C:\Program Files (x86)\Common Files\System Sll\sll.exe" quarantined by user 2. Medium risk Malware "Behavior.FirewallModification" in "C:\Program Files (x86)\Common Files\System Sll\checkFirewall.exe" quarantined by user Window 8.1, Emsisoft version 2018.10.1.2096 Many thanks in advance. Quote Share this post Link to post Share on other sites
stapp 130 Report post Posted November 13, 2018 You could follow the steps here https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/ 1 Quote Share this post Link to post Share on other sites
GT500 585 Report post Posted November 13, 2018 If you could do the following, I could try and see if I can find information about the file in question: Open Emsisoft Anti-Malware. Click on Logs. Type sll.exe into the search field at the top. Find an entry in the list from the Behavior Blocker showing it detecting suspicious behavior for sll.exe and double-click on it for more information. The third line should be enclosed in parenthesis and should have SHA1: followed by a long string of numbers and letters. Copy this line, and paste it into a reply. 1 Quote Share this post Link to post Share on other sites
thebigeasytraveler 0 Report post Posted November 13, 2018 9 minutes ago, GT500 said: If you could do the following, I could try and see if I can find information about the file in question: Open Emsisoft Anti-Malware. Click on Logs. Type sll.exe into the search field at the top. Find an entry in the list from the Behavior Blocker showing it detecting suspicious behavior for sll.exe and double-click on it for more information. The third line should be enclosed in parenthesis and should have SHA1: followed by a long string of numbers and letters. Copy this line, and paste it into a reply. Thank you. Here's the information requested (SHA1: A2F4F2214750149DE0AFFBFE11253C5CEE9594B5) Quote Share this post Link to post Share on other sites
thebigeasytraveler 0 Report post Posted November 13, 2018 32 minutes ago, stapp said: You could follow the steps here https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/ Thank you Quote Share this post Link to post Share on other sites
GT500 585 Report post Posted November 14, 2018 I'm not finding any matches for that SHA1 hash. If you restore the file from the Quarantine in Emsisoft Anti-Malware, then you can upload it to VirusTotal and have them scan it, then post a link to the analysis here for us to review:https://www.virustotal.com/ Here's how to restore something from the Quarantine: Open Emsisoft Anti-Malware. Click on Quarantine in the Scan & Clean tile, or click on the icon on the far left (sidebar) that looks like a square with a white circle in it. Click on the file you'd like to restore from the list to select it (it should be highlighted in light blue when selected). Click on the Restore button in the lower-left. Quote Share this post Link to post Share on other sites
thebigeasytraveler 0 Report post Posted November 14, 2018 @GT500, I followed the directions that @stapp listed and I am working in another post with another staff member. I don't want to confuse issues so please close this until we work through other potential issues from the beginning. Thank you for your help. hope this makes sense. Quote Share this post Link to post Share on other sites
GT500 585 Report post Posted November 15, 2018 OK. Kevin may want to see the file in question as well, however it's probably best to wait until he asks for it (if he hasn't already). Quote Share this post Link to post Share on other sites
