Emsisoft Emergency Kit

[David H. Lipman]

From: "G. Morgan" <sealteam6@osama-is-dead.net>

> David H. Lipman wrote:
>
>> From: "G. Morgan" <sealteam6@osama-is-dead.net>
>>
>>> Retired wrote:
>>>
>>>>>>> I'll clone his drive and then run this amazing new "free" tool on the
>>>>>>> cloned drive, just to make sure.
>>>>>>>
>>>>>>> I've been waiting on a free miracle tool for a long time!
>>>>>>
>>>>>> 4 hours to run...
>>>>>> http://mewnlite.com/emsisoft.jpg
>>>>>> At least it didn't cripple it. We'll see if MBAM and SAS can find any
>>>>>> remnants.
>>>>>
>>>>> Please report your findings back. :-)
>>>>
>>>> MBam only found one item. It was the shortcut on the dektop for the phony
>>>> security app. It was dead anyway. SAS found a couple hundred cookies.
>>>> That's normal.
>>>>
>>>> Emsisoft did a good job even though it took forever. It updated the
>>>> definitions on the memory stick before it started. I think it scanned every
>>>> file on the computer.
>>>>
>>>> I can't cut it down except for the time involved. It was thorough.
>>>
>>> Excellent review. I D/L'ed it and think I'll let it have a run at my
>>> lappy. I wonder if its going to flag some Nirsoft and Sysinternals
>>> utilities as PUPs?
>>>
>>> I'll post a report too.
>>>
>>
>> Emsisoft command line scanner is one of the scanners in my Multi-AV Scanning Tool.
>
> Aww, heck. I know yours works, I ran it the day you updated it.
>
>

;-)



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[StevieO]

Say Ole Chap.

How is your lawsuit coming against the poster in the
other group?

Has he/she been served?

Got a court date?

Were you just running your mouth and
no such lawsuit exists?


"G. Morgan" <sealteam6@osama-is-dead.net> wrote in message
news:gcckc71k7hrdohcpcab9efum1hlqjelp12@Osama-is-dead.net...

[G. Morgan]

G. Morgan wrote:

>
>I'll post a report too.

Scanned

Files: 950782
Traces: 401423
Cookies: 949
Processes: 63
Found:

Files: 165
Traces: 9
Cookies: 24
Processes: 0
Registry keys: 0

Scan end: 11/21/2011 3:08:30 PM
Scan time: 4:44:14

All were false positives except this:
savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
* Trojan.Crypt!IK

It thought this file was bad :-(
http://www.virustotal.com/file-scan/...f96-1321894516



--

"I don't like to discriminate against terrorists based on nationality.
If you declare war on the United States and you want to kill us,
We're going to kill you first, period."

October 19, 2011 - Ali Soufan (Colbert Report)

[David H. Lipman]

From: "G. Morgan" <sealteam6@osama-is-dead.net>

>
> All were false positives except this:
> savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
> * Trojan.Crypt!IK
>
> It thought this file was bad :-(
> http://www.virustotal.com/file-scan/...f96-1321894516
>
>

Please submit that file, if you still have it, to http://www.uploadmalware.com/



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[Shadow]

On Mon, 21 Nov 2011 15:20:25 -0600, G. Morgan
<sealteam6@osama-is-dead.net> wrote:

>G. Morgan wrote:
>
>>
>>I'll post a report too.

Mine:
Scanned

Files: 469482
Traces: 439265
Cookies: 0
Processes: 29

Found

Files: 285
Traces: 27
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 21/11/2011 19:47:53
Scan time: 6:48:54

>All were false positives except

the ones in my collection ....(very few, I back them up and
delete them)
Most were nirsoft, I have a series of nirsoft_packages
[]'s
I was not impressed.

[David H. Lipman]

From: "Shadow" <Sh@dow.br>

> On Mon, 21 Nov 2011 15:20:25 -0600, G. Morgan
> <sealteam6@osama-is-dead.net> wrote:
>
>> G. Morgan wrote:
>>
>>>
>>> I'll post a report too.
>
> Mine:
> Scanned
>
> Files: 469482
> Traces: 439265
> Cookies: 0
> Processes: 29
>
> Found
>
> Files: 285
> Traces: 27
> Cookies: 0
> Processes: 0
> Registry keys: 0
>
> Scan end: 21/11/2011 19:47:53
> Scan time: 6:48:54
>
>> All were false positives except
>
> the ones in my collection ....(very few, I back them up and
> delete them)
> Most were nirsoft, I have a series of nirsoft_packages
> []'s
> I was not impressed.


BTW: Anything that has the !Ik suffix in the detection name means it's based upon Ikarus
signatures.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <sealteam6@osama-is-dead.net>
>
>>
>> All were false positives except this:
>> savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
>> * Trojan.Crypt!IK
>>
>> It thought this file was bad :-(
>> http://www.virustotal.com/file-scan/...f96-1321894516
>>
>>
>
>Please submit that file, if you still have it, to http://www.uploadmalware.com/

Done.

Came from:

C:\cygwin\lib\python2.6\lib-dynload\_functools.dll

detected: Trojan.Win32.Possador.AMN!A2
--

"I don't like to discriminate against terrorists based on nationality.
If you declare war on the United States and you want to kill us,
We're going to kill you first, period."

October 19, 2011 - Ali Soufan (Colbert Report)

[David H. Lipman]

From: "G. Morgan" <sealteam6@osama-is-dead.net>

> David H. Lipman wrote:
>
>> From: "G. Morgan" <sealteam6@osama-is-dead.net>
>>
>>>
>>> All were false positives except this:
>>> savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
>>> * Trojan.Crypt!IK
>>>
>>> It thought this file was bad :-(
>>> http://www.virustotal.com/file-scan/...f96-1321894516
>>>
>>>
>>
>> Please submit that file, if you still have it, to http://www.uploadmalware.com/
>
> Done.
>
> Came from:
>
> C:\cygwin\lib\python2.6\lib-dynload\_functools.dll
>
> detected: Trojan.Win32.Possador.AMN!A2


Looks like an Emsisoft (A2) False Positive detection. Cygwin tools are known for
generating occasional False Positives.


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

[G. Morgan]

David H. Lipman wrote:

>From: "G. Morgan" <sealteam6@osama-is-dead.net>
>
>> David H. Lipman wrote:
>>
>>> From: "G. Morgan" <sealteam6@osama-is-dead.net>
>>>
>>>>
>>>> All were false positives except this:
>>>> savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
>>>> * Trojan.Crypt!IK
>>>>
>>>> It thought this file was bad :-(
>>>> http://www.virustotal.com/file-scan/...f96-1321894516
>>>>
>>>>
>>>
>>> Please submit that file, if you still have it, to http://www.uploadmalware.com/
>>
>> Done.
>>
>> Came from:
>>
>> C:\cygwin\lib\python2.6\lib-dynload\_functools.dll
>>
>> detected: Trojan.Win32.Possador.AMN!A2
>
>
>Looks like an Emsisoft (A2) False Positive detection. Cygwin tools are known for
>generating occasional False Positives.

Thanks for the confirmation. I left it alone.

--

"I don't like to discriminate against terrorists based on nationality.
If you declare war on the United States and you want to kill us,
We're going to kill you first, period."

October 19, 2011 - Ali Soufan (Colbert Report)

[G. Morgan]

G. Morgan wrote:

>David H. Lipman wrote:
>
>>From: "G. Morgan" <sealteam6@osama-is-dead.net>
>>
>>> David H. Lipman wrote:
>>>
>>>> From: "G. Morgan" <sealteam6@osama-is-dead.net>
>>>>
>>>>>
>>>>> All were false positives except this:
>>>>> savedsites\hxxp___mynews.ath.cx\http://www.vanbasco.com\downloads\va...ad_chinese.exe
>>>>> * Trojan.Crypt!IK
>>>>>
>>>>> It thought this file was bad :-(
>>>>> http://www.virustotal.com/file-scan/...f96-1321894516
>>>>>
>>>>>
>>>>
>>>> Please submit that file, if you still have it, to http://www.uploadmalware.com/
>>>
>>> Done.
>>>
>>> Came from:
>>>
>>> C:\cygwin\lib\python2.6\lib-dynload\_functools.dll
>>>
>>> detected: Trojan.Win32.Possador.AMN!A2
>>
>>
>>Looks like an Emsisoft (A2) False Positive detection. Cygwin tools are known for
>>generating occasional False Positives.
>
>Thanks for the confirmation. I left it alone.

BTW... Are you in a position to contact Emsisoft and get them to correct
all these false-positives? They should not pick on Nirsoft or
Sysinternals tools. Someone who just "selected all" could **** up their
system based on all the false's. You really have to know what you're
doing to use that utility safely.

I give it a 7/10, for excellent detection but lost points for false
positives.

Can not recommend to end-users.

--

"I don't like to discriminate against terrorists based on nationality.
If you declare war on the United States and you want to kill us,
We're going to kill you first, period."

October 19, 2011 - Ali Soufan (Colbert Report)