Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window’s Defender, Emsisoft and Ransom. Win32/Nemreq.A


  • Please log in to reply
2 replies to this topic

#1 umen

umen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:05:24 PM

Posted 21 January 2017 - 01:18 AM

All day long, Window’s Defender has been detecting multiple instances of the, Ransom. Win32/Nemreq.A Trojan. I have removed over 14 of them and still more are being detected. All of my systems are working and I need to be sure that Window’s Defender or the free version of Emsisoft isn’t corrupt and that my computer is free of this malware. I downloaded Rogue Killer and it found 4 files which were quarantined and finally deleted. I also ran Emsisoft several times and it detected nothing. In the past hour Windows Defender has found two more instances of this malware. 

 

Yesterday morning I ran Emsisoft to check for malware. A window appeared asking if I wanted to learn more about ransom ware. I had seen this Emsisoft window appear many times in the past during a scan so I clicked on it. I read the article about ransom ware. The Emsisoft window popped up informing me that it had detected nothing. I turned off the computer. Later when I turned on my computer I began receiving messages from Windows Defender, WD, telling me that it had detected malware and was removing it to quarantine. I opened WD and was surprised to discover the same Trojan that I read about earlier in the day.  I removed six instances of that Trojan. I then began receiving notices from Emsisoft informing me that it couldn't connect to the internet. After clicking that window off  (because there was nothing wrong with my internet connection) WD picked up seven more Trojans. This has been going on all day long. Two more alerts from WD just appeared. 

 

My computer is an HP notebook running Windows 10 Pro, with Chrome as my Browser and Google as my search provider.

Sincerely,

umen



BC AdBot (Login to Remove)

 


#2 umen

umen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:05:24 PM

Posted 21 January 2017 - 05:39 AM

I am relieved to tell you that the Trojan scare on my computer was a false/positive and that Emsisoft knew about the problem. My last update for Windows Defender was yesterday morning at 7.55AM. Emsisoft put out a fix at 5.55PM and then answered my letter I sent to them informing them of the problems I encountered between Windows Defender and their program. Emsisoft’s answer is below:

 

‘Hello,
many thanks for reporting this issue.
Windows Defender has been incorrectly detected (false positive) on one of our file recently, a2hooks32.dll. However, I checked this is already fixed in their latest update. Please try to update your Windows Defender database to avoid further detections. :)
If you still have the issue, please let me know.
Best Regards,
Arief Prabowo
Malware Analyst’

 

I updated Windows defender and ran a scan, nothing was detected. Thanks to those who were beginning to look into this problem.  I am happy to report that I do not have any Ransom Ware programs on my computer.

Sincerely,

umen



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:24 PM

Posted 22 January 2017 - 06:42 AM

Yes, this detection has already been reported and should be resolved by now....see here.

For those finding their way to this topic, read these related topics.
Nemreq.a
Windows Defender thinks a2hooks32.dll is a trojan

Statement from GT500, Authorized Emsisoft Representative (Security Colleague) posted in the Emsisoft topic..

Just to give an official response, our management team was aware of the issue on Friday morning. I haven't specifically been told if Microsoft has fixed the issue yet, however from the posts at Microsoft Answers (thank you @quietman7 for the links) it sounds like Microsoft has more than likely fixed it. If you're still having trouble, try updating the database in MSE or Windows Defender manually, and if that doesn't help then please post a screenshot showing the detection, and if possible a log as well. Note that since it is the weekend, you will more than likely receive faster help by e-mailing support@emsisoft.com than you will on the forums.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users