Jump to content

Which EXE should I run?


Recommended Posts

Quote

 

I am looking for an old version of EEK 12 because new versions never work for me.
I have tested on many different computers and there is always Scan: 16%
I installed new EEK and always the same problem.
I asked tech support for my ASUS PC and it actually doesn't work and nothing else they can help.
EEK does not work and ASUS recommended me, for example, Malwarebyes, which always works.
But how do I want to use EEK.


SSD 120 GB
Windows 7 64-bit

How to Run EEK?

Which EXE should I run?

Installation Path:

E:\EEK\bin64\a2emergencykit.exe 
E:\EEK\bin32\a2emergencykit.exe
E:\EEK\Start Emergency Kit Scanner.exe

 

Is there a  LOG to check what object is stopping (stuck) all the time?

 

Hundreds of users report similar problems:

 

https://support.emsisoft.com/search/?q=STUCK&quick=1

Link to post
Share on other sites
5 hours ago, maki said:

Hundreds of users report similar problems:

https://support.emsisoft.com/search/?q=STUCK&quick=1

 

No they don't.  Those hits on the word "stuck" are on questions right across the whole forum - eg some are in the "my files are encrypted" subforum (eg when people say they're stuck becaue their files are inacessible), some in the Beta forum, most in the EAM forum, some in others...

Link to post
Share on other sites

EEK (Polish Interface)

Problem detected
[ENABLED / ON] Skanuj w poszukiwaniu rootkitów <== This option causes a stuck!

 

Yes. I'm sure because I tested the simulation of all settings [ON / OFF]

 

 

 

Ustawienia skanera:

Typ skanu: Własne
Obiekty: Rootkity, D:\

Wykrywanie PNP: Wyłączone
Skanowanie plików skompresowanych: Wyłączone
Skanuj archiwa poczty: Wyłączone
Skanowanie ADS: Wyłączone
Bezpośredni dostęp do dysku: Wyłączone

Skanowanie uruchomiono:    26-11-20 18:51:23

Przeskanowano:    6
Wykryto:    0

Koniec skanu:    26-11-20 18:52:14
Skan trwał:    0:00:51

*** Skanowanie przerwane przez użytkownika ***

 

 

Link to post
Share on other sites

If a scan hangs or freezes, then it is most commonly due either to filesystem issues, or another program interfering with the Emergency Kit Scanner.

If you have any Anti-Virus software (or other security software) installed, then try adding the EEK folder to the exclusions to see if that resolves the issue.

Link to post
Share on other sites

 EEK Unhandled Exception = stuck! Not continue scanning

but ESET, Malwarebytes  and other tools - handles such exceptions without any problems! So it continues scanning

Quote

[4] The object could not be opened. It may be used by another application or operating system.



 

Quote

 

C:\Documents and Settings\*\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db - nie można otworzyć [4]
C:\Documents and Settings\....\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db - nie można otworzyć [4]
C:\Documents and Settings\.....\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db - nie można otworzyć [4]
C:\Documents and Settings\....AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db - nie można otworzyć [4]
C:\Documents and Settings\.........\_secret-codes.js » JSPACKED » unpacked.js - nieobsługiwana opcja

C:\Program Files (x86)\ByteScout PDF Multitool\Template Editor\ByteScout.DocumentParser.dll » BABEL » deobfuscated.exe - uszkodzone archiwum
C:\Program Files (x86)\ByteScout PDF Multitool\Template Editor\Bytescout.PDFViewer.dll » BABEL » deobfuscated.exe - uszkodzone archiwum

 

 

 

Bez-tytu-u-fgbgb-fgb.png

Link to post
Share on other sites

@maki  - I am not sure if you are talking about one problem or several problems.

An "unhandled exception" would normally be bad code in a program (eg dividing by zero, or trying to access memory not owned by the running process).  If EEK stops for that sort of reason there should be an eventlog record describing the problem, giving the address of the program instruction that was trying to do something invalid.

Do you have any eventlog records for the problems you are seeing?

 

EEK not being able to examine files that are in use by other programs: you say you think that ESET, Malwarebytes don't have this problem.  That could mean one of two things:

(1) when ESET/Malwarebytes cannot look at in-use files, they don't tell you that, but just skip them and carry on

(2) that ESET/Malwarebytes somehow force access to those files.  That (I think) would be a file-system integrity violation.  Is it even possible?  For example could ESET etc read the disk hardware directly rather than ask the OS to "open the file"?   I don't know if that's possible (I mean: of course it's possible to read disks directly, but a secure OS shouldn't allow it without first checking that the program trying it is allowed to). 

Link to post
Share on other sites

EEK doesn't have any logs, so there is no information about the scanned item!
Which is a huge drawback.
All old EEK versions work, only new EEK versions don't work.
Please link to version e.g. 2018
There is an identical problem in the IT service.
Seeing that users are having a lot of "stuck" problems, this disqualifies a tool that will NEVER stuck.


The tool does not work on the IT Service
The tool doesn't work for me.
The tool did not work for 2 colleagues.
Everything was tested so it is closed to discussion.
So the problem is this tool on Windows 7 computers

Link to post
Share on other sites

15:52:57.560    16980                DoImp: 1; LastError = 87(Parametr jest niepoprawny)
15:52:57.560    16980          <- DoImpersonated(0)= 0; p:0; t:0
15:52:57.560    16980             Warning: GetProcessUserFullName: DoImpersonated call failed, using direct call

Link to post
Share on other sites

@maki  - I'm a /user/ not an Emsisoft support person.

Is your comment about EEK not having logs in response to my question about eventlogs?   Eventlogs are part of Windows.  If EEK is crashing because of unhandled exceptions there should be eventlog records describing that.  You need to look for those.   You say you're using Windows 7, so see: https://www.sevenforums.com/tutorials/226084-event-viewer-open-use-windows-7-a.html

 

Please explain EXACTLY what you mean by: "There is an identical problem in the IT service."      What is "the IT service"?

 

You say:  "Seeing that users are having a lot of "stuck" problems, this disqualifies a tool ..."

THIS IS NOT THE CASE.    In English, people say "things are stuck" for all sorts of reasons.  When you searched for the word "stuck" and got lots of hits it DOES NOT prove that Emsisoft products often get stuck.  For example, hits in the "my files are encrypted" subforum HAVE NOTHING TO DO WITH EAM or EEK.

 

When you say: "Everything was tested so it is closed to discussion." ... do you mean (just) that your systems repeatedly have this problem?  If so, hopefully Emsisoft can work with you to find out why.

 

What do you think is significant about these three lines:

    15:52:57.560    16980                DoImp: 1; LastError = 87(Parametr jest niepoprawny)
    15:52:57.560    16980          <- DoImpersonated(0)= 0; p:0; t:0
    15:52:57.560    16980             Warning: GetProcessUserFullName: DoImpersonated call failed, using direct call

Link to post
Share on other sites
15 hours ago, maki said:

EEK doesn't have any logs, so there is no information about the scanned item!

Scan logs don't contain debug information.

 

10 hours ago, maki said:

I am asking for a quick diagnosis of the problem /

Did adding exclusions to your Anti-Virus software help?

If not, then we're going to need debug logs and scan engine debug logs (they're two different kinds of logs saved in two different places). While debug logs can be enabled in the EEK settings, scan engine debug logs must be enabled via a registry entry, so it would be best to just use a batch file to enable both. You can download it at the following link, and the instructions for using it are below:
https://www.gt500.org/emsisoft/Debug_Log_Batch.zip

  1. Once you've downloaded and opened that file, double-click on Emsisoft_Debug_Tool to run the batch file.
  2. Make sure to click "Yes" when Windows asks if you want to allow the Windows Command Processor to make changes to your computer. Administrator rights are required in order to create and delete the registry entries for debug logging.
  3. Once the batch file is ready, you will see a menu like in the screenshot below (the shade of blue may be brighter on Windows 10).
  4. Enter the number 1 for general debug logs and then press Enter on your keyboard.
  5. Press any key (spacebar, Enter, etc) to return to the menu.
  6. Enter the number 3 for Scan Engine logs and press Enter again.
  7. Press Enter twice to close the tool, or click the X button.

Once both forms of logging are enabled, run your scan in EEK again. Once you're confident the scan is "stuck", you can close EEK and collect the logs. They are located in the following paths:

  • E:\EEK\bin64\ScanEngineDebug.log
  • C:\ProgramData\Emsisoft\Logs\a2emergencykit_....log (assuming Windows is installed on the C:\ drive)

Here's the screenshot showing what the batch file's menu is supposed to look like:

debug_log_batch_file_64-bit.png

Link to post
Share on other sites
4 hours ago, maki said:

a2engine_20201129074333.zip

It made a log with a size of 256 GB (!!!) and I had to break the log because the error was endlessly duplicating (infinitely duplicate entries error)

 

ScanEngineDebug.log (NOT CREATED)

It doesn't create a log here because I have a different tool than EmsisoftAntiMalware.
I have EEK

 

I'm surprised you think that the Scan Engine debug log wasn't created ... when you've attached a file named "a2engine..."     Surely that file IS the /engine/ log?

 

There is no reason to emphasise that you're using EEK rather than EAM.  Everyone reading this knows that.  And, @GT500 repeatedly referred to EEK in his instructions.

Link to post
Share on other sites

These are all logs generated with this BAT tool. There are no others, but I can see a million errors in the log

I opened a TXT file in EmEditor and I see 50,000,000 entries!!! 😠 that repeat themselves

     The thread tried to read from virtual address 000000000000002C at 000000005045E5E0
[a2engine][06:45:45][0x000035ac][   0][error][basecrawler.cpp - BaseCrawler::ReadNext:139]:  SEH exception! Reason:

     The thread tried to read from virtual address 000000000000002C at 000000005045E5E0
[a2engine][06:45:45][0x00001638][   0][info ][api.cpp - StopScanTask:377]:  Received request to control task 2 state

Link to post
Share on other sites

> These are all logs generated with this BAT tool.

No.  The BAT tool sets Emsisoft-specific registry keys.  Then /EEK/ generates the two kinds of logs.

 

It's good that the logs seem to show a problem.  But bear in mind that although that exception does look significant - if it's prevented EEK from properly terminating a scan - logs often record 'failures'.  Code might eg look in a set of different places to see if some flag is set, and not find it in most of them, but will still show that it did look in those places. 

Link to post
Share on other sites

Error BAT tool message:

Emergency Kit Scanner - not support?

'ECHO'

- problem

Quote

Nazwa 'ECHO.' nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne,
program wykonywalny lub plik wsadowy.
============================
= Emsisoft Debug Tool v1.1 =
============================
Nazwa 'ECHO.' nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne,
program wykonywalny lub plik wsadowy.

General debug logging has been turned on.
Nazwa 'ECHO.' nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne,
program wykonywalny lub plik wsadowy.
Please note that if you have Emsisoft Anti-Malware or Emsisoft Internet
Security
installed, that your computer will need to be restarted for the
changes to take effect.

Nazwa 'ECHO.' nie jest rozpoznawana jako polecenie wewnętrzne lub zewnętrzne,
program wykonywalny lub plik wsadowy.
Aby kontynuować, naciśnij dowolny klawisz . . .

 

Link to post
Share on other sites
22 hours ago, maki said:

ScanEngineDebug.log (NOT CREATED)

Sorry, our developers appear to have changed the log name and path. The file you attached was the scan engine debug log.

From what I'm seeing in that log, the scan isn't able to start. It could be that you have a corrupt file in your copy of EEK, or another application on your computer is interfering with it.

You can try deleting your current copy of EEK and downloading a fresh copy:
https://www.emsisoft.com/en/home/emergencykit/

That being said, you've still not told me if you've added exclusions for EEK to your Anti-Virus software.

Link to post
Share on other sites

I checked with a new copy of the EEK - it also does not work.
A problem for several years.

At the same time, I changed my computer several times, Laptop and the tool still doesn't work. I also ran without all security, no AV / Firewall and still can't start scanning.
I checked with 'ASUS Support' specialists and it also does not work.

Link to post
Share on other sites
21 hours ago, maki said:

I checked with 'ASUS Support' specialists and it also does not work.

Perhaps it's one of their software packages that is causing the problem? I also use ASUS hardware (motherboard, video card, etc) however I don't install most of their software, and I don't run into such issues on my system.

Note that the only known compatibility issue is with Emsisoft Anti-Malware. EEK can't run on a computer where Emsisoft Anti-Malware is installed. I would believe it has to do with them using different versions of our Emsisoft Protection Platform driver.

Link to post
Share on other sites

First. But what are the logs for if your developers can't read them?
Secondly. Okay, on ASUS it doesn't work
and why on a Lenovo Laptop - the tool does not work.
or on the Gigabyte platform - does not work either? I tested on a different computer platform and it always stops scan on file number 6.
I use MSCONFIG in safe mode, all unnecessary services disabled and still stuck on file number 6

EEK is the only tool on the Internet that stops without showing an error message.
If the EEK doesn't register errors, then this tool sucks.

 

What is File 6 ?

The tool should include additional features:
Extra info: What file is scanned?
Am I a clairvoyant and do I know what file 6 means?
Where are the logs? I'm asking what is this file that is stopping?
I am not a wizard or a magician, how do I know what is this file?

After 1000 hours of scanning, why still show: 6?

Why is there no other information. Why didn't the developers try to show more information?
Why is this tool so ineffective?

Screen-Shot-12-01-20-at-08-44-AM.jpg

 

 

Link to post
Share on other sites

@makisaid: "First. But what are the logs for if your developers can't read them?"

GT500 did not say that the logs can't be read.  He said that "From what I'm seeing in that log, the scan isn't able to start" which means they CAN be read.

 

Also: "EEK is the only tool on the Internet that stops without showing an error message."

It's not.  Many programs, including some provided by Microsoft as part of Windows, produce no error messages at all if they crash.  The system Eventlogs contain details of the crash.  Have you looked at those yet?

Link to post
Share on other sites

This is not a crash, only Deadlock - it occurs when thread A waits for thread B to finish its operation and thread B waits for thread A to finish its action. In such a situation, of course, the algorithm will never finish the operation because the threads are waiting for each other.

Link to post
Share on other sites

You can use abstract concepts, but what I'm most interested in is why the tool doesn't work as intended.
I want to know the solution to the problem. That's all.
But maybe, this tool is completely unnecessary for me since it never detects dangerous files.
This means that UAC - a very high setting - is the best solution for malware. And I never have viruses on my PC since 5 years installation.

Link to post
Share on other sites

We're all interested in why it doesn't work for you.  But stating that the cause is such-and-such, without evidence, does not help.   /If/ you'd actually found evidence of deadlock I am sure the developers would have been interested in that - because you seem to be the only person having this problem.

When you say EEK doesn't find dangerous files - do you mean that it has scanned dangerous files and not detected them? ... in which case you should explicitly report that and send examples of those files to Emsisoft.   Or do you mean that, because - for you - the scans are getting stuck - they're not scanning anything?

UAC will not protect you from malware.  It might stop malware from corrupting system files but will not prevent it from corrupting files in normal user data locations.

Link to post
Share on other sites

I do not know. I am not a specialist! I'm just guessing.
Why should I use EEK? Since it doesn't work.
I've used all the free tools and the best part is they always work, always!
There is no point in using a tool that sucks and it is useless anyway since everything works fine in my system and I have never had any problems.
The system works stably and has never required re-installation or repair. (2015-2020) 

Link to post
Share on other sites
21 hours ago, maki said:

What is File 6 ?

It's not a file, it's the number of objects scanned. It lists the file being scanned above the progress bar.

 

13 hours ago, maki said:

Because it is scanning all the time and there is no finish of the scanning operation

Actually, from what I saw in your logs, the scan engine is failing to load and EEK is trying over and over to load it.

The odds are that something on your computer is causing this, and I will probably need to see logs from FRST to determine what that might be. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

 

10 hours ago, maki said:

I do not know. I am not a specialist! I'm just guessing.
Why should I use EEK? Since it doesn't work.
I've used all the free tools and the best part is they always work, always!
There is no point in using a tool that sucks and it is useless anyway since everything works fine in my system and I have never had any problems.
The system works stably and has never required re-installation or repair. (2015-2020) 

Please keep in mind that you're the only one I am aware of reporting this issue. We have corporate clients that use EEK on their computers, and on customer computers, and if it wasn't working we'd get flooded with complaints.

If you're willing to continue trying to debug the issue we might be able to figure out what's causing it.

Link to post
Share on other sites

EEK does not require any additional tools. The EEK should operate directly without the use of third party tools.
EEK is not a powerful tool?
Just add better error handling like developers in other tools and no third party tools are required.

 

If developers can't read their own Emsisoft logs, maybe you should hire better experts who learn to read their own logs?

EEK does not show the log of what objects are scanned, for comparison ESET Internet Security shows the scan log, why EEK does not have the object scan log?
EEK is a very limited and very truncated tool - I would not trust this tool at all.

Link to post
Share on other sites

@maki  What PRECISELY do you mean by "If developers can't read their own Emsisoft logs, maybe you should hire better experts who learn to read their own logs?"

What makes you think they can't read the logs?  No-one has said that.

 

EAM also doesn't generate a log of all the files scanned.   It DOES list all the files that are thought to be infected/malware though, and give the reasons.

What use would a log of all files scanned be?  When I do a custom scan here, about 1.4 million files are examined.  What would I do with a list of 1.4 million filenames?

Link to post
Share on other sites
On 12/2/2020 at 7:00 AM, maki said:

If developers can't read their own Emsisoft logs, maybe you should hire better experts who learn to read their own logs?

Our developers can read our logs. Those logs don't contain the same information that's in the FRST logs. I'm looking for an incompatible program on your computer, and that's something that debug logs won't tell us, because they don't collect general system information like FRST does.

 

On 12/2/2020 at 7:00 AM, maki said:

EEK does not require any additional tools. The EEK should operate directly without the use of third party tools.
EEK is not a powerful tool?

EEK is an automated malware removal tool. If something is interfering with its operation, then other tools may be necessary to figure out what is going on (assuming whatever is causing issues with EEK won't also cause issues with other diagnostic tools).

 

On 12/2/2020 at 7:00 AM, maki said:

Just add better error handling like developers in other tools and no third party tools are required.

You may want to take a look at the Malwarebytes forums, and all of the topics where they ask people to run FRST and other advanced diagnostic tools...

Link to post
Share on other sites
  • 2 weeks later...

I've already said what's causing the problem, but you're not listening.
If the EEK considers the some file "can't open", which will make EEK stop! The EEK should skip the problematic file and continue running, but it doesn't.

 

Example:

C::4c4943454e5345 - nie można otworzyć [4]
Translate:

C::4c4943454e5345 - can't open [4]

 

Skanowane dyski, foldery i pliki: Pamięć operacyjna;Sektory startowe/UEFI;Baza danych WMI;Rejestr systemowy;C:\Sektory startowe/UEFI;C:\;D:\Sektory startowe/UEFI;D:\
C::4c4943454e5345 - nie można otworzyć [4]

C:\Documents and Settings\XXX\Documents\smutny list , płakałam czytając - ojka1415_files\_secret-codes.js » JSPACKED » unpacked.js - nieobsługiwana opcja

Translate:

»JSPACKED» unpacked.js - unsupported option

 

 

C:\Program Files (x86)\ByteScout PDF Multitool\Template Editor\ByteScout.DocumentParser.dll » BABEL » deobfuscated.exe - uszkodzone archiwum
C:\Program Files (x86)\ByteScout PDF Multitool\Template Editor\Bytescout.PDFViewer.dll » BABEL » deobfuscated.exe - uszkodzone archiwum

 

Link to post
Share on other sites
23 hours ago, maki said:

I've already said what's causing the problem, but you're not listening.

No, you haven't. We need logs to determine what's going on. Beyond the scan engine log, you're refusing to get me the logs I need to debug this. Instead, you're being abusive and going off on tangents that are not helping with debugging or understanding the problem.

If you want help, then supply the requested logs. Without them, I can't help you.

 

23 hours ago, maki said:

If the EEK considers the some file "can't open", which will make EEK stop! The EEK should skip the problematic file and continue running, but it doesn't.

I already told you the log showed EEK wasn't stuck trying to scan a file. The issue is happening before the scan engine can even load. It's trying over and over to load the scan engine, and failing every time. I need more logs to determine what is causing this.

I want to start with an FRST log, and move on to regular debug logs if FRST doesn't show me anything relevant. Instructions for FRST can be found at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

 

As for regular debug logs, here's how to enable them:

  1. Open the Emergency Kit Scanner.
  2. Click on Settings.
  3. Select Advanced to expand the advanced settings.
  4. Scroll down to Debug logging (should be at the bottom) and enable it for 1 day.
  5. Run your scan again.
  6. After the scan has hung, close the Emergency Kit Scanner.

The logs will be saved in the following location:

C:\ProgramData\Emsisoft\Logs\

The debug logs should have a name that starts with a2emergencykit_ and ends in a long number.

Note: Please be sure to turn debug logging back off after getting the logs, as they can use a lot of hard drive space.

Link to post
Share on other sites

FRST doesn't make changes to your computer (aside from creating some temporary files and saving log files) unless an expert writes a script for it to run, and it will only run that script if you click the "Fix" button. It's completely safe to run a scan with FRST.

We're not the only ones who ask users for FRST logs. Malwarebytes for instances has a pinned topic on their forums with instructions to run it before asking for malware removal help.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...