Sign in to follow this  
xman68

Weakness In Delete Malware In USB Disk

Recommended Posts

hello

Scan My USB Disk With EAM

But EAM Dosnt Clean Virus In USB Disk , EAM Order by Restart System

EAM Was not able to clean Virus after the restart.

But Nod32 AntiVirus Clean Virus In USB Disk Easily

Share this post


Link to post
Share on other sites

if i'm not wrong the reason is what you said.i think nod32 has already deleted the virus.so when emsisoft anti-malware tries to delete the virus there is no virus to be deleted !!!

Scan With EAM And EAM Dont Deleted , Then Scan With Nod 32 , Deleted Easily

Share this post


Link to post
Share on other sites

We will probably need a scan engine debug log to see what is going on. I have attached a ZIP archive to the message which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator):

After running the batch file, please restart your computer, and try your scan again. Once it freezes, please check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.

Share this post


Link to post
Share on other sites

EAM Can Remove Malware In USB Disk In Windows Boot process ???

As long as the USB drive is properly mounted when it loads, EAM's Delete on Reboot driver should be able to delete files from the drive.

EAM Can Remove Malware In Write protected USB Disk ???

Nothing should be able to delete files that are stored on a write protected USB drive (although, if the write protection is being simulated using NTFS file permissions, then that is not always true, as bootable disks would not respect those permissions, and neither would the NTFS driver for Linux).

Share this post


Link to post
Share on other sites

Hello.

another case:

The EAM detect a malware in "C:\WINDOWS\system32\regserv.exe" but the EAM couldn't remove it.

Kaspersky detect a malware in "C:\WINDOWS\system32\regserv.exe" and removed it, easily.

Why the EAM couldn't remove that? In my point of view, the EAM doesn't any ability for removing the malware!!!!!!!!!!!!

Share this post


Link to post
Share on other sites

Unfortunately I am not able to speculate on why a particular file was or was not removed unless I can take a look at the file, and perhaps forward it on to our researchers and dev team for analysis. Would it be possible for you to upload the file to VirusTotal and send me the link to the analysis, or perhaps ZIP the file and send it to me in a private message?

Share this post


Link to post
Share on other sites

Unfortunately I am not able to speculate on why a particular file was or was not removed unless I can take a look at the file, and perhaps forward it on to our researchers and dev team for analysis. Would it be possible for you to upload the file to VirusTotal and send me the link to the analysis, or perhaps ZIP the file and send it to me in a private message?

Unfortunately, I couldn't copy, upload and delete that file. but, KAV could remove that.

Share this post


Link to post
Share on other sites

Do you know where the file came from? Was it something that you downloaded, or does it appear to have been created by another program?

Also note that, if you cannot access the file normally in Windows to copy it or upload it, then you should be able to do so from a bootable disk (UBCD4Win, BartPE, Windows PE, Linux, etc). UBCD4Win and certain Linux Live CD's (such as Kubuntu and the KDE edition of Fedora) will be the easiest to use, and the Linux downloads are the easiest because the bootable disks based on Windows (such as UBCD4Win) require that you have a Windows XP disk in order to build the boot disk from the files on the Windows CD, whereas the Linux Live CD's you simply download and burn to a CD.

You can also try starting the computer in Safe Mode With Networking, and see if you can access the file that way. Here's a link to instructions on how to do that.

Share this post


Link to post
Share on other sites

Do you know where the file came from?

Was it something that you downloaded, or does it appear to have been created by another program?

I do not know where the file from. In fact, that file was in a personal lap top which remove by KAV.

Share this post


Link to post
Share on other sites

BleepingComputer has some information on regserv.exe (assuming that that truly is the same infection that was on your computer), so I will ask our research if they know why this particular threat may not have been removable.

Share this post


Link to post
Share on other sites

After talking a bit with our research team, there are a lot of instances where this regserv.exe file is not actually malicious. Without a sample of the file, it is impossible to know whether or not it is malicious and why Emsisoft Anti-Malware was unable to remove it. If you could at least provide us with an MD5 or SHA1 hash for the file, then we should be able to find the file on our own.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.