Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nemreq.a


  • Please log in to reply
5 replies to this topic

#1 Stefkom2

Stefkom2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 20 January 2017 - 12:46 PM

Hello

 

I have had a virus called Nemreq.a on my computer- it was detected and removed by Microsoft Security (three times!) today and appears to have gone. I use Windows 7. Can anyone suggest how I can ensure it has been removed? 



BC AdBot (Login to Remove)

 


#2 Fabian Wosar

Fabian Wosar

    Authorized Emsisoft Representative


  • Security Developer
  • 744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:57 PM

Posted 20 January 2017 - 12:59 PM

Do you happen to use Emsisoft Anti-Malware or Internet Security and the file that was detected had the name a2hooks32.dll?
Best regards,

Fabian Wosar [Development]
Emsisoft Team - www.emsisoft.com

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 PM

Posted 20 January 2017 - 04:11 PM

Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), appends an obvious extension to the end of encrypted filenames, changes Windows wallpaper, and demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If there are no obvious extensions appended to your file names, no ransom notes, no demands of payment and your data is not actually encrypted, then you most likely are dealing with something else such as a false positive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 PM

Posted 20 January 2017 - 07:25 PM

Detection reported at Emsisoft... Windows Defender thinks a2hooks32.dll is a trojan and at Microsoft Answers forum
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 21 January 2017 - 01:25 AM

Hi Thank you so much both of you - Security Developer- no I have a free version of Emsisoft but it didn't detect it- Microsoft Security Essentials did- Hi Global Monitor that's correct but I have had the message again today and Microsoft Security Essentials has cleaned it. But Nemreq.a does seem to exist so I'm not sure what to do- I want to ensure it has been removed (or to know it's definitely a false alarm)



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 PM

Posted 21 January 2017 - 07:37 AM

Statement from GT500, Authorized Emsisoft Representative (Security Colleague) posted in the Emsisoft topic..

Just to give an official response, our management team was aware of the issue on Friday morning. I haven't specifically been told if Microsoft has fixed the issue yet, however from the posts at Microsoft Answers (thank you @quietman7 for the links) it sounds like Microsoft has more than likely fixed it. If you're still having trouble, try updating the database in MSE or Windows Defender manually, and if that doesn't help then please post a screenshot showing the detection, and if possible a log as well. Note that since it is the weekend, you will more than likely receive faster help by e-mailing support@emsisoft.com than you will on the forums.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users