Included in the emergency kit are a disc scanner to check and clean infected systems, a command line scanner that offers the same functionality but without the graphical user interface, a version of HiJackFree, which provides an in depth analysis of the system and a cleanup software called BlitzBlank which can delete data that cannot be deleted by normal means.

emsisoft emergency kit

The starting interface displays a selection screen, each program listed can be launched with a double-click. It is also possible to launch the programs individually and directly from the kit’s directory.

Some programs, like the virus scanner, want to retrieve the latest definition files from an online server, it is recommended to allow this.

The main interface of the scanner displays the current security status of the system as well as update and scan buttons.

emergency kit

The scan button displays a new page, with options to perform a quick, smart, deep or custom scan of the system.

• Quick Scan: Scans all active programs, spyware traces and tracking cookies
• Smart Scan: Scans same as Quick Scan plug programs and Windows files
• Deep Scan: Scans all files on the hard drive
• Custom Scan: Option to perform a custom scan of the PC

With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.

Run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found Malware can be moved to quarantine or finally deleted.

HiJack Free performs a thorough identification of processes, open ports, autorun items, services and other system items.

Each entry is analysed, and the results are color coded directly in the listing. Green for instance is given to safe entries. Information are retrieved from an online database.

hijackfree

The process, port and services listings provide an excellent first analysis of the current situation. It is possible to react in the interface right away, by killing processes, or stopping and disabling services.

HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system.

The Emergency Toolkit provides users with solid options to clean and analyse infected computer systems. The kit is flexible as it provides access to a command line scanner as well.

Emsisoft Emergency Kit is compatible with 32-bit and 64-bit editions of the Microsoft Windows operating system. The fully portable version can be downloaded from the official program website.

It is however not possible to fix the item directly in HijackThis. A portable software program called LSP-Fix comes to the rescue. It has been primarily designed to fix Winsock errors.

The program is interesting in this case as it can be used to remove the nwprovau.dll dynamic link library from the computer system. The box “I know what I’m doing” has to be checked before that option becomes available. The program lists the currently installed dll files in the left column, nwprovau.dll should be one of them. All that needs to be done is to select this dll and click on the arrow that is pointing to the right to move it to the Remove column. Keep in mind that this will remove the dll permanently from the computer system (creating a backup before proceeding might be a good idea)

A click on the Finish button will complete the process and remove all files that are listed in the Remove column from the computer system.

Most users tend to post their logs in forums so that experienced users can take a look at them and recommend actions. There are actually several forums that can be used.

If you would like fast results you could also use the software HijackReader which analyzes an HijackThis logfile and tries to make the distinction between good and bad results automatically. The HijackReader uses mainly two lists to analyze the logfile.

Those two lists are the CLSID list by Tony Klein and the Startup info list by Paul Collins. A single html file is created after the analysis has finished displaying information and recommendations about the found elements. Attributes can either be OK (no fix needed), FIX IF UNKNOWN (check for more information if you do not know the element), FIX (CHECK NOTES!) (read the description and fix the issue because it is indeed malicious) and UNDETERMINED (find out for yourself).

The HijackReader application can be of help especially if items are found that are marked as Fix (Check Notes). The user can fix those without having to wait for someone else to analyze his logfile and tell him the exact same thing. It does not help that much for elements that are undetermined or marked as fix if unknown and users will still have to get professional help or do extensive research before they can be sure if the item is malicious or not.

It is aimed at novice users who suspect that something is wrong with their computer but do not have the knowledge to interpretate and fix the issues by themselves. The Classic Mode is giving the user more information and a way to quickly fix common problems. It does not provide full information like the Expert Mode that displays lots of information.

Users of all three modes can always use a service called Online Malware Analysis which can be of great help. It compares the MD5 hash of the scanned files on the user’s system with those in the Runscanner database. MD5 hashes have to be the same if the same unaltered program version is used.

The Online Malware Analysis uses green, purple and red icons to rate the item. Green items are checked and safe, purple items are not yet checked and red items are not safe.

This is a great way of getting more information about current services, programs and processes on your system without having to consult another person.

Runscanner has several features that make it stand out even more. It offers right-click options to compare the MD5 hash with authority websites like Castle Cops and File Advisor, perform a Google search on the item, upload the file to Virus Total and open the file folder and Registry location.

Another aspect that is worth mentioning are so called Run files. As I said earlier novice users can create a log file that they can send to experts who analyze it. These experts can create a so called Fun file specifically designed to be run in Runscanner. The novice user can load the run file and execute the fixes that the expert has authorized.

Oh, it is free of course and portable. You can run it from any location on your computer.

It is no security software for beginners but excellent for advanced users and users who know someone who is able to draw the right conclusions from the security logs that have been generated. Another way to receive fast results would be to use the online script Hijack This logfile analysis. You can paste the logfile into the form field or upload the log from your computer and the script analyzes the logfile of Hijack This automatically.

It uses user input to determine whether something is a potential threat or not. This works most of the time but leads sometimes to unjustified ratings. I installed AV Antivir in a custom directory and the analyzer used this to indicate a possible problem. I think the best way to cope with this situation would be to briefly analyze the elements that could be malicious and decided if that is really the case. To use the above example: I knew that I did install it in that directory and therefor decided that the warning was not justified in this case.

If you are insecure about a certain setting ask in the well frequented support forum or search the internet for clues on the subject. Hijack This has a similar analyze this button build in which takes you to the website of the developer of Hijack This. They display information about everything that was found on your computer and how frequent it was found in other computers.

This could be an indicator for safeness but I would suggest that you perform additional searches to be on the safe side. You can download the newest version of Hijack This from TrendSecure by following the link in the first paragraph.