We will help!
At Emsisoft, we will help you remove malware from your computer, free of charge. This can be done via our support forums, or an email to [email protected] For personal and private email help, keep reading here. For publicly visible forums where resolutions may help visitors later, please visit this forum post, which will explain how to submit a post and what needs to be included.
Some guidelines to help the process go as smoothly and safely as possible:
- Refrain from making any changes to your computer including installing/uninstalling programs, deleting files, modifying the registry, and running scanners or tools on your own, other than as directed. Doing so could cause unexpected changes to the system, possibly prolonging the time required to finish, or even damaging the system in extreme cases.
- Let us know right away if you are being helped elsewhere for this issue, and once we start, please do not take any advice relating to this computer from any other source for the duration of the fix, as unintentionally conflicting advice can lead to even more problems.
- If you do not understand any step(s) provided, please do not hesitate to ask us before continuing. We would much rather clarify instructions or explain them differently than have something important broken.
- Even if things appear to be better, it might not mean we are finished. Please continue to follow our instructions and reply back until we give you the “all clean”. It is possible for the machine to feel fine when it is not yet, resulting in the system reinfecting itself.
- The logs that you send should be attached to your message whether using the forum or our support email system, instead of being pasted directly into the message. This is for your safety as well as convenience, as there can sometimes be personal information visible in the logs. We value your privacy, but if posted in our forums, anyone can read pasted logs. Attached logs can only be read by staff. Emailed information can only be read by staff, but please attach regardless.
- All scans should be run in normal boot mode unless we ask you to do otherwise. If we do, instructions on how to boot to safe mode can be found at: https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode
- If you are unable to download the tools using the infected system, the tools can be saved using another computer, copied to a USB flash drive, and then transferred to the infected system. The logs requested can be transferred back in the same way.
Read and follow these instructions carefully:
NOTE: You may want to print these instructions for reference, since scans are best done when all web browsers are closed. This is an information gathering stage. We will begin guiding you through removing the malware once we review the contents of the logs.
Download two programs, and save them on your Desktop:
Please do not run these straight from your web browser. Save them instead, preferably to your desktop or other folder you can easily get to later on in the process.
- Emsisoft Emergency Kit (direct link on our site)
- Farbar Recovery Scan Tool (FRST) (link at Bleeping Computer)
To choose which FRST program to download, you’ll need the one compatible with your Windows version. If you are not sure which version applies to yours, download and try the 64 bit version first. If it won’t run for you, try the 32 bit one. When you click the download button on that page, wait for the download to start without clicking anything else. Close the page after downloading and trying to run FRST. We’ll refer to this program as FRST, whether the file downloaded is FRST or FRST64.
Let’s get started:
- Install and Run Emsisoft Emergency Kit (EEK):
- Double click EmergencyKitScanner.exe to ‘install’ Emsisoft Emergency Kit. It is a fully portable application that will not create an uninstall entry in Windows, so it can be removed just by deleting the folder it was unpacked into. Removal information can be found here if you have any trouble deleting its folder later.
- When the installation of Emsisoft Emergency Kit is complete, the Emergency Kit scanner will run. If it does not, run the program manually by double-clicking on its main program file. By default, it will be here: C:\EEK\Start Emergency Kit Scanner.exe
- Click “Yes” to Update Emsisoft Emergency Kit if it asks, or click the “Update now” tile if it doesn’t, and wait for the update to finish.
- On the scan tile, select “malware scan”. The scan will proceed automatically. When finished, click the “View report” button. The report is saved automatically to C:\EEK\Reports\ if you unpacked Emsisoft Emergency Kit to the default location during install. Save the file somewhere convenient if you prefer, such as your desktop, to be attached to your reply later.
- IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted yet.
- Save the scan log somewhere that you can find it so you can send it to us for review.
- Exit Emsisoft Emergency Kit.
- Run Farbar Recovery Scan Tool (FRST):
- Double-click the downloaded FRST program to run it. When the tool opens click yes to the disclaimer if you wish to continue. Allow the program to update if it needs to. When it is ready, it will say “The tool is ready to use” in the upper-left corner. Make sure it has its check boxes configured exactly like the image below. For non-English Windows, the check boxes will be in the same locations:
- Press the Scan button without doing anything other than verifying the check boxes are correctly selected. The ‘fix’ button won’t do anything unless an expert has created a script specifically for your computer. Do not run any fix script with FRST that has not been provided by an expert specifically for you – doing so can be dangerous.
- Wait for the scan to finish. Usually this takes less than five minutes, but can be longer on some systems. FRST will automatically time out if 40 minutes has passed, so please wait if it seems to be taking a long time. When the scan is nearly finished, an alert will appear telling you FRST.txt is finished. Press OK on that alert and wait.
- Wait again. The next alert will appear telling you that Addition.txt is finished. Press OK.
- Close both Notepad windows that appear. There’s no need to save them, because FRST already saved them in the same folder (desktop for example) the FRST program was when you ran it.
- Farbar Recovery Scan Tool will have produced the following files by default: FRST.txt and Addition.txt. We will need both of those files.
- Attach the following logs to an email to [email protected], and we will reply as soon as possible:
- Emsisoft Emergency Kit Scan log, named similarly to “scan_123456-123456.txt”, which can be found in the folder C:\EEK\Reports\, or the location you saved it to earlier if you chose a different location.
- FRST.txt, which can be found in the same folder the FRST program is in.
- Addition.txt, which also can be found in the same folder the FRST program is in.