Solved Emisoft Emergency Kit found maleware?

[Article 86]

I just ran EEK (freeware) and it reports 4 items. Should I quarantine them, remove them, or just tag them as "allowed".

1) Application.AdTool (A) says "No Risk"
2) Application.Win32.WSearch (A) says "No Risk"
3) Setting.DisableTaskMgr (A) suggests nothing
4) Setting.DisableRegistryTools (A) suggests nothing

I searched the Emisoft site for these and there is nothing about them ... figures. I have no other virus programs running when I scan. Norton 360 is the only tool that I normally leave active and it finds nothing. I also ran Windows Defender and it reports nothing. With EEK, I have seen #1 and #2 before and I just left them alone as it claims "No Risk". Why would they flag something in a scan if it wasn't a problem? #3 and #4 are new and have me worried. One other thing, I run CCleaner Free regularly and clean purportedly problem registry items. It shows no registry issues. Could this be related? Is EEK worthwhile? Are these false positives? EEK did find a MBR rootkit years ago that others did not, so I kept it. Any help/suggestions are greatly appreciated.
- Art

 

[Borg 386]

Any reference to AdTool is suspicious at the least. A Google search reveals 1 & 2 to be adware. Also, it appears your registry tools & task manager have been disabled, a trick employed by adware/malware.

D/L & run AdwCleaner. Next, to rule out the possibility of rootkits, D/L & run TDSSkiller & RKill.

NOTE: When running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.

Also recommended, after you run those tools, D/L & run Malwarebytes. The free version will work fine. Be sure to uncheck the "Start free trial of pro version" at the end of the installation & let it scan your system. Quarantine anything it finds.

 

[Article 86]

I followed your directions, but found that the RKill program is a DOS program, the first run of RKill did find some files that it did delete. Not knowing if I had run the program properly, I ran it again and unfortunately it had overwritten the original log file so I can't show you the original text file. The second text file shows that no files were found, so I again assume that all is well. I also ran AdwCleaner and TDSSKiller which reported nothing, and I then ran MalewareBytes (Free) and also found nothing.

I should add, I forgot to mention that I previously ran MalewareBytes before all of this and it reported nothing then too. At his point I assume that all is well. I have to say that this forum seems far better than the Windows Knowledge Base. The people here are very responsive and knowledgeable, and it makes me wonder what, if any, connection to Microsoft you have. If not, Microsoft should be paying you for your excellent support of their products. You guys and gals are great! Thank you so much.

- Art

 

[Borg 386]

I forgot to add the following info, which is mentioned on the page about RKill. It should be run & then the system should be scanned with malware scanners without rebooting. That fact that it found something means there may be some kind of rouge process was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

Just to be sure, run RKill, do not reboot, & then scan with Malwarebytes, TDSSKiller & AdwCleaner again.

 

[Layback Bear]

At the bottom of every page.

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 

[Borg 386]

The people here are very responsive and knowledgeable, and it makes me wonder what, if any, connection to Microsoft you have. If not, Microsoft should be paying you for your excellent support of their products. You guys and gals are great! Thank you so much.

- Art

Yes, there are great people in here always willing to help someone & also excellent tutorials that you can look at.

http://www.sevenforums.com/tutorials/