Emsisoft Emergency Kit 10 available

Where did you send the email to and when was it sent?

 

It is said WHEN. Sent it here: support@emsisoft.com

 

Can you send me your email address you sent your message from in private so I can check out what happened to your message?

 

Ok, in a minute.

 

Okay, I found your email. You sent it to the normal customer support which is only available on weekdays instead of using the false positive report address that anon posted for you here:

https://www.wilderssecurity.com/threads/emsisoft-emergency-kit-10-available.377228/#post-2500477

In any case, I have disabled the signature. The driver name we flag there is used by Qhosts, but it is so generic ("newdriver") that collisions with other applications or just self-written drivers are possible. The update is already available via online update.

 

Ok, thank you!
I wasn't sure it's FP, so it was logical to send it to the normal customer support.

 

You are welcome. I just wanted to make sure your mail wasn't somehow lost.

 

Just downloaded this in my Online Armor snapshot... Must try it out.

 

So, far so good...

 

Scan completed a short time ago...nothing untoward that I can see.

 

Is EEK autostarting at boot or something?
Getting an alert at boot about a2hooks.dll being started by rundll32.

 

EEK does not install anything permanently. The file you mentioned is part of EAM/EIS.

 

Not sure if anyone else is seeing this but on opening EEK version 10 (both the gui and cmd line) i seem to get the file transfer window flash up (top left) about 2 or three times then the loading malware signatures windows appears...Windows 8.1 64Bit

Managed to get a screenie, looks like it`s the drivers loading.


p.s Congrats on the release, it loads the sigs a lot quicker now

 

But EIM/EIS is not installed and it started after installing EEK.

 

Yes, I've noticed that window also. It's opened only for a fraction of a second.

 

Can you please send me the exact message you get about RunDLL32 trying to load the DLL? Preferably with the full path of the DLL it tries to load being visible. Thanks

 

Correct. The driver is loaded through an INF file instead of installing it directly. One of the unfortunate side effects of doing it, is that the copy file dialog appears briefly.

 

It's from AppGuard:
"06/24/15 09:33:28 Prevented process <a2hooks64.dll | C:\Windows\System32\rundll32.exe> from launching from <c:\users\XXXX\documents\tools\emsisoftemergencykit\run>.

 

Thanks. Will be looking into it shortly. It appears the driver thinks it is part of EAM.

 

The scan is fast and has very little disk read/write, but the update process is the opposite which defeats the purpose

 

We published an update today that should fix this particular issue.

 

Confirmed fixed, thanks

 

You are very welcome .