tparkhill

Emergency Kit not responding after "Quarantine Selected Objects" clicked

Recommended Posts

System got infected with FBI ransomware (Reveton) this morning. Per http://www.bleepingc...ypak-ransomware I rebooted to Safe Mode w Networking, then downloaded and ran EEK. EEK found screen locker, a Java exploit, Reveton and some malware in old emails. After EEK finished scan I clicked "Quarantine Selected Objects," and EEK began quarantine. After q'ing several items (emails & Reveton) EEK froze/hung leaving two items in its list, screen locker & java exploit. Unfortunately I do not have a screen shot of remaining items, just my own memory. :(

Should I kill EEK and run again, or what? Memory in use by EEK (process/image name: a2emergencykit.exe *32) is 299,764K. CPU usage shows zero percent.

Emsisoft Emergency Kit (downloaded today & updated)

Windows 7 Professional + SP1, 64-bit, 4gb RAM

MS Security Essentials

Java 6, update 20 (I plan to uninstall Java entirely, if possible, not sure if any prog. I have needs it.)

Share this post


Link to post
Share on other sites

Okay, I forced EEK to close, then reloaded it. Here is quarantine list, showing all items were qt'd. I'm going to rerun EEK and see if anything new pops up.

Emergency Kit v. 2.0.0.9

© 2003-2012 Emsisoft - www.emsisoft.com

ID Object

0 C:\Users\JPFM\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Inbox\Divers\Interface\337960F8-00000001.eml Worm.Win32.Sircam!E2

1 C:\Users\JPFM\AppData\Local\Temp\roper0dun.exe Trojan.Win32.Reveton!E2

2 c:\users\jpfm\appdata\roaming\microsoft\windows\start menu\programs\startup\ctfmon.lnk Trace.File.screenlocker!E1

3 C:\Users\JPFM\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Inbox\Offices of 773\FGTO\0778216C-00000001.eml Email-Worm.Win32.Magistr!E2

4 C:\Users\JPFM\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Inbox\AIRLINES\Solomon Air e2b\02B92DFF-00000004.eml Worm.Win32.Sircam!E2

5 C:\Users\JPFM\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6993b4e1-627f275f Exploit.Java.CVE!E1

6 C:\Users\JPFM\AppData\Local\Microsoft\Windows Live Mail\Storage Folders\Inbox\AIRLINES\Solomon Air e2b\0A8B6400-00000005.eml Worm.Win32.Sircam!E2

Share this post


Link to post
Share on other sites

If you need assistance cleaning up an infection, then please follow the instructions at this link (you can skip the part to run the EEK if you are not able to do so), and one of our malware removal experts will take a look at your logs.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.