Overview:
Sometimes, applications as games, small customized apps or even business software are erroneously flagged as dangerous, even though they are safe to use. This may happen when an application is not digitally signed.
In a perfect world, all legitimate software would be digitally signed. Code signing is the process of digitally signing executables and scripts to confirm the software author and to guarantee that the code has not been altered or corrupted from the moment of his publication.
Malware is known for not being digitally signed. For this reason, unsigned apps will be flagged by your Anti-Malware as a precaution, giving you the choice to allow them into your system or block them.

How do deal with quarantined program:
If a program is flagged as dangerous and you are not sure if it is safe to use or not, it is best to leave it in the Quarantine.
Emsisoft gives you the possibility to share the info of this software to our lab for analysis directly, comfortably from the Quarantine panel. Here’s how:

1. Open the local Emsisoft app on the computer.
2. Click on: Quarantine in the blue tab: Scan & Clean
3. Highlight the file
4. Then click on: False Detection. Please include your accurate email address so we can reply. Please make sure to also fill out the info about the alert and the program.
5. Then please click the: Send button

Once our lab receives the files information, we can analyze how safe that software is.
If it is safe, we will then whitelist it if it is legitimate and allow it through the anti-malware. Will reply to you, so that you can then restore the file by clicking on the file in the Quarantine and by clicking: Restore.

You can also submit the file causing the detection via email to our lab: fp@emsisoft.com so we can analyze and correct the suspected false detection.
If the file is too large to send, please upload it to Virustotal and send us the web address of the scan result via email to submit@emsisoft.com or send us the file via wetransfer.com to submit@emsisoft.com

Files that were tested by us and are not digitally signed need to be added to Monitoring Exclusions, otherwise it will be flagged again each time it is updated without the necessary certificate.
If you are CERTAIN that the program is OK, you can add it directly to the Monitoring Exclusions.

The post False positives: Why did Emsisoft quarantine a safe program? appeared first on Emsisoft Help.

At Emsisoft, we will help you remove malware from your computer, free of charge. This can be done by sending an email to support@emsisoft.com.

Some guidelines to help the process go as smoothly and safely as possible:

• Refrain from making any changes to your computer including installing/uninstalling programs, deleting files, modifying the registry, and running scanners or tools on your own, other than as directed. Doing so could cause unexpected changes to the system, possibly prolonging the time required to finish, or even damaging the system in extreme cases.
• Let us know right away if you are being helped elsewhere for this issue. Once we start, please do not take any advice relating to this computer from any other source for the duration of the fix, as unintentionally conflicting advice can lead to even more problems.
• If you do not understand any step(s) provided, please do not hesitate to ask us before continuing. We would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow our instructions and reply back until we give you the “all clean”. It is possible for the machine to feel fine when it is not yet, resulting in the system reinfecting itself.
• The logs that you send should be attached to your message whether using the forum or our support email system, instead of being pasted directly into the message. This is for your safety as well as convenience, as there can sometimes be personal information visible in the logs. We value your privacy, but if posted in our forums, anyone can read pasted logs. Attached logs can only be read by staff. Emailed information can only be read by staff, but please attach regardless.
• All scans should be run in normal boot mode unless we ask you to do otherwise. If we do, instructions on how to boot to safe mode can be found at: https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
• If you are unable to download the tools using the infected system, the tools can be saved using another computer, copied to a USB flash drive, and then transferred to the infected system. The logs requested can be transferred back in the same way.

Read and follow these instructions carefully:

NOTE: You may want to print these instructions for reference, since scans are best done when all web browsers are closed. This is an information gathering stage. We will begin guiding you through removing the malware once we review the contents of the logs.

Let’s get started:

1. If Emsisoft Anti-Malware or Emsisoft Emergency Kit is already installed on the computer, use it for these instructions. Otherwise, download Emsisoft Emergency Kit (direct link on our site). We recommend saving the file in an easy to find location such as your desktop, and not running it directly from the web browser. Run the saved EmergencyKitScanner.exe program to unpack it, by default to C:\EEK\. It should open automatically after the unpacking process is complete, but can be run manually by double-clicking its primary program, C:\EEK\Start Emergency Kit Scanner.exe.
2. Open Emsisoft Emergency Kit or Emsisoft Anti-Malware. If you’re not sure how, instructions can be found here for Emsisoft Emergency Kit, or here for Emsisoft Anti-Malware.
3. Click yes to update the Emsisoft program if it asks, or click the ‘Update now’ link in the lower right corner if it doesn’t, and wait for the update to finish. It is possible, especially with Emsisoft Anti-Malware, that no updates will be available since it keeps itself up to date automatically.
4. On the Scan & Clean tile, select “Malware scan”. The scan will proceed automatically. When finished, click the “View report” button and save the file somewhere convenient if you prefer, such as your desktop, to be attached to your reply later. IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted yet.
5. If you forget to view and save the report, it is also saved automatically to C:\EEK\Reports\ if you unpacked Emsisoft Emergency Kit to the default location during install, or within the hidden folder C:\ProgramData\Emsisoft\Reports\ in the case of Emsisoft Anti-Malware.
6. Exit Emsisoft Emergency Kit or Emsisoft Anti-Malware using the ‘x’ in the top right corner of the program.
7. Download and run a scan with Farbar Recovery Scan Tool (FRST), by following the instructions at this help page.
8. Attach the following logs to an email to support@emsisoft.com, and we will reply as soon as possible:

Emsisoft Emergency Kit Scan log, named similarly to “scan_123456-123456.txt”, which can be found in the folder C:\EEK\Reports\ by default, or the location you saved it to earlier if you chose a different location.

FRST.txt, which can be found in the same folder the FRST program is in, and also the same file named with the scan date in C:\FRST\Logs\.

Addition.txt, which also can be found in the same folder the FRST program is in, and also the same file named with the scan date in C:\FRST\Logs\.

The post How to get help when malware can not be removed automatically appeared first on Emsisoft Help.

If Emsisoft Anti-Malware is unable to remove an infection, you will see a message indicating that something could not be removed, or may be dangerous to remove automatically when you attempt to “Delete objects” or “Quarantine objects” after a scan or alert.

Before contacting us, please read the following article, as it outlines the information we will need before proceeding with malware removal: How to get help when malware cannot be removed automatically. We can help via our support forum or email to support@emsisoft.com. You can also search for a similar issue with a solution on our support forum if the same infection has already been covered, but keep in mind many situations involve multiple types of malware simultaneously.

If the detection involves a file or files that you’re sure should not have been detected, please read our article about false positives, which includes how to report them.

We provide fast, personal and professional support in less than 24 hours.

The post My Emsisoft product is unable to remove an infection. What should I do? appeared first on Emsisoft Help.