We will help!
At Emsisoft, we will help you remove malware from your computer, free of charge. This can be done via our support forums, or by sending an email to [email protected] For personal and private email help, keep reading this page. For publicly visible forums where resolutions may help visitors later, please visit this forum post, which will explain how to submit a post and what information needs to be included.
Some guidelines to help the process go as smoothly and safely as possible:
- Refrain from making any changes to your computer including installing/uninstalling programs, deleting files, modifying the registry, and running scanners or tools on your own, other than as directed. Doing so could cause unexpected changes to the system, possibly prolonging the time required to finish, or even damaging the system in extreme cases.
- Let us know right away if you are being helped elsewhere for this issue. Once we start, please do not take any advice relating to this computer from any other source for the duration of the fix, as unintentionally conflicting advice can lead to even more problems.
- If you do not understand any step(s) provided, please do not hesitate to ask us before continuing. We would much rather clarify instructions or explain them differently than have something important broken.
- Even if things appear to be better, it might not mean we are finished. Please continue to follow our instructions and reply back until we give you the “all clean”. It is possible for the machine to feel fine when it is not yet, resulting in the system reinfecting itself.
- The logs that you send should be attached to your message whether using the forum or our support email system, instead of being pasted directly into the message. This is for your safety as well as convenience, as there can sometimes be personal information visible in the logs. We value your privacy, but if posted in our forums, anyone can read pasted logs. Attached logs can only be read by staff. Emailed information can only be read by staff, but please attach regardless.
- All scans should be run in normal boot mode unless we ask you to do otherwise. If we do, instructions on how to boot to safe mode can be found at: https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
- If you are unable to download the tools using the infected system, the tools can be saved using another computer, copied to a USB flash drive, and then transferred to the infected system. The logs requested can be transferred back in the same way.
Read and follow these instructions carefully:
NOTE: You may want to print these instructions for reference, since scans are best done when all web browsers are closed. This is an information gathering stage. We will begin guiding you through removing the malware once we review the contents of the logs.
Let’s get started:
- If Emsisoft Anti-Malware or Emsisoft Emergency Kit is already installed on the computer, use it for these instructions. Otherwise, download Emsisoft Emergency Kit (direct link on our site). We recommend saving the file in an easy to find location such as your desktop, and not running it directly from the web browser. Run the saved EmergencyKitScanner.exe program to unpack it, by default to C:\EEK\. It should open automatically after the unpacking process is complete, but can be run manually by double-clicking its primary program, C:\EEK\Start Emergency Kit Scanner.exe.
- Open Emsisoft Emergency Kit or Emsisoft Anti-Malware. If you’re not sure how, instructions can be found here for Emsisoft Emergency Kit, or here for Emsisoft Anti-Malware.
- Click yes to update the Emsisoft program if it asks, or click the ‘Update now’ link in the lower right corner if it doesn’t, and wait for the update to finish. It is possible, especially with Emsisoft Anti-Malware, that no updates will be available since it keeps itself up to date automatically.
- On the Scan & Clean tile, select “Malware scan”. The scan will proceed automatically. When finished, click the “View report” button and save the file somewhere convenient if you prefer, such as your desktop, to be attached to your reply later. IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted yet.
- If you forget to view and save the report, it is also saved automatically to C:\EEK\Reports\ if you unpacked Emsisoft Emergency Kit to the default location during install, or within the hidden folder C:\ProgramData\Emsisoft\Reports\ in the case of Emsisoft Anti-Malware.
- Exit Emsisoft Emergency Kit or Emsisoft Anti-Malware using the ‘x’ in the top right corner of the program.
- Download and run a scan with Farbar Recovery Scan Tool (FRST), by following the instructions at this help page.
- Attach the following logs to an email to s[email protected], and we will reply as soon as possible:
Emsisoft Emergency Kit Scan log, named similarly to “scan_123456-123456.txt”, which can be found in the folder C:\EEK\Reports\ by default, or the location you saved it to earlier if you chose a different location.
FRST.txt, which can be found in the same folder the FRST program is in, and also the same file named with the scan date in C:\FRST\Logs\.
Addition.txt, which also can be found in the same folder the FRST program is in, and also the same file named with the scan date in C:\FRST\Logs\.
Note: If you are being helped in the Emsisoft support forums, please provide the topic link (web address of your topic) in the email.