COVID-19 UPDATE: We are offering free ransomware help for healthcare organizations during the Coronavirus outbreak. Click here for more information.

How to get help when malware can not be removed automatically

  • December 11, 2014
  • 5 min read

We will help!

At Emsisoft, we will help you remove malware from your computer, free of charge. This can be done via our support forums, or by sending an email to [email protected] For personal and private email help, keep reading this page. For publicly visible forums where resolutions may help visitors later, please visit this forum post, which will explain how to submit a post and what information needs to be included.

Some guidelines to help the process go as smoothly and safely as possible:

Read and follow these instructions carefully:

NOTE: You may want to print these instructions for reference, since scans are best done when all web browsers are closed. This is an information gathering stage. We will begin guiding you through removing the malware once we review the contents of the logs.

Download two programs, and save them on your Desktop:

Please do not run these straight from your web browser. Save them instead, preferably to your desktop or other folder you can easily get to later on in the process.

Let’s get started:

  1. Double click EmergencyKitScanner.exe to ‘install’ Emsisoft Emergency Kit. It is a fully portable application that will not create an uninstall entry in Windows, so it can be removed just by deleting the folder it was unpacked into. Removal information can be found here if you have any trouble deleting its folder later.
  2. When the installation of Emsisoft Emergency Kit is complete, the Emergency Kit scanner will run. If it does not, run the program manually by double-clicking on its main program file. By default, it will be here: C:\EEK\Start Emergency Kit Scanner.exe
  3. Click “Yes” to Update Emsisoft Emergency Kit if it asks, or click the “Update now” tile if it doesn’t, and wait for the update to finish.
  4. On the scan tile, select “malware scan”. The scan will proceed automatically. When finished, click the “View report” button. The report is saved automatically to C:\EEK\Reports\ if you unpacked Emsisoft Emergency Kit to the default location during install. Save the file somewhere convenient if you prefer, such as your desktop, to be attached to your reply later.
  5. IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted yet.
  6. Save the scan log somewhere where you can find it so you can send it to us for review.
  7. Exit Emsisoft Emergency Kit.
  1. Double-click the downloaded FRST program to run it. When the tool opens click Yes to the disclaimer if you wish to continue. Allow the program to update if it needs to. When it is ready, it will say “The tool is ready to use” in the upper-left corner. Make sure it has its check boxes configured exactly like the image below. For non-English Windows, the check boxes will be in the same locations:
  2. Press the Scan button without doing anything other than verifying the check boxes are correctly selected. The ‘fix’ button won’t do anything unless an expert has created a script specifically for your computer. Do not run any fix script with FRST that has not been provided by an expert specifically for you – doing so can be dangerous.
  3. Wait for the scan to finish. Usually this takes less than five minutes, but can be longer on some systems. FRST will automatically time out if 40 minutes has passed, so please wait if it seems to be taking a long time. When the scan is nearly finished, an alert will appear telling you FRST.txt is finished. Press OK on that alert and wait.
  4. Wait again. The next alert will appear telling you that Addition.txt is finished. Press OK.
  5. Close both Notepad windows that appear. There’s no need to save them, because FRST already saved them in the same folder (desktop for example) the FRST program was when you ran it.
  6. Farbar Recovery Scan Tool will have produced the following files by default: FRST.txt and Addition.txt. We will need both of those files.
  1. Emsisoft Emergency Kit Scan log, named similarly to “scan_123456-123456.txt”, which can be found in the folder C:\EEK\Reports\, or the location you saved it to earlier if you chose a different location.
  2. FRST.txt, which can be found in the same folder the FRST program is in.
  3. Addition.txt, which also can be found in the same folder the FRST program is in.

Similar topics