Emsisoft Emergency Kit has been around for a long time and ranks high in my troubleshooting arsenal. It has been a while since it was reviewed on gHacks.
So, let's take a tour of the latest version and I'll also tell you how it helped me with a problem I ran into recently.
First, the basics: the emergency kit is available for Windows 7 and Windows Server 2008 R2 or newer client and server versions including Windows 10 and Windows Server 2019. The download has a size of 326 Megabytes at the time of writing. The program comes as a self-extracting installer; it does not need to be installed but is extracted to a location when you execute it. You may then run the program from that location, even if it is on a USB drive.
Tip: any copy is set up to join the "Anti-Malware Network" automatically which includes "online processing of statistics on detected malware and program behavior". You can turn this off in the Settings under Privacy.
The "Start Emergency Kit Scanner.exe" is for the GUI version, which we will discuss here. Optionally, you can use the command line scanner should you want to. The interface of Emergency Kit consists of four sections:
The Update option allows you to keep Emsisoft Emergency Kit and its virus-definitions up-to-date. You can see the time-stamp when the last update was done on the banner and may want to run a check for updates on first start to make sure virus definitions and program modules are up to date.
The Scan option is the heart of the program. There are 3 types of scans that you can run using Emsisoft Emergency Kit.
Select a scan to run it, and wait for the results screen to be displayed. The Settings menu in Emergency Kit can be accessed just below the Scan banner. You can set it to detect potentially unwanted programs, use more system resources for scanning, and set a post-scan option (report, quarantine, report + shutdown, quarantine + shutdown). The options may be simple, but the scanning and malware removal process is very efficient; it might save your otherwise unobtainable data.
The Quarantine is the malware vault, where the program isolates any threats that were detected. You can use it to analyze the malware, delete the contents, or restore files. You can manually quarantine suspicious files using the "Add files" option.
The Logs section keeps a record of all scans that were run (including the results), updates that were completed, etc. The License option can be used to convert the freeware license to a paid one, if you decide to buy the real-time version of the program. There is a news ticker on the bottom (or middle right) of the antivirus' interface which links to blog articles on the company's website. They can be turned off with a click on "don't show again".
Emsisoft Emergency Kit is a portable antivirus, you don't have to install it on your computer. It can be used even if you have another antivirus installed on the computer, and the applications won't conflict because Emergency Kit does not have a real-time protection feature.
By default, the program's self-extractor places the content in the C:\EEK folder. You can run the program to scan your PC for malware and disinfect it for free. You can copy this folder to a USB drive and use it to disinfect other computers as well. The best part of course, is that Emsisoft Emergency Kit is free.
Emissoft Emergency Kit displays a prompt when it finds suspicious files that suggests to install one of its core products that extends the functionality of the emergency kit on the device. The prompt makes no mention of the fact that agreeing to the installation installs a trial product, Emisoft Anti-Malware Home, that is available for a 30-day trial only; it needs to be uninstalled or purchased after that period. Emsisoft needs to make this clearer.
Note that you get that prompt each time you run a scan and anything is found. You will also get an exit-prompt when you close the application.
About a year ago, an elderly friend of mine asked me for assistance with his laptop. This was a Dell laptop which he brought from the US and it had Windows 10 Home pre-installed. I don't remember the model number but it had a touch screen.
He told me that sometimes he gets ads on the computer, even when the browser is not running. He didn't want to wipe the drive, because it had a lot of important data. I told him to format the drive later, as a precaution. The first thing I noticed, is that he hadn't been using any antivirus on the laptop.
Note: Windows Defender is good for most users, but you need at least one extra tool to be safe, an ad-blocker. You'll see why I say this.
This is how I approached the issue:
I don't have any photos or a screenshot of the malware, because I was more worried about helping him than to take pictures. But I distinctly remember the name of the malware, ReImagePlus. It is in fact, a rogue application. The laptop was painfully slow, and I was quite certain this was because of the malware. I had seen enough so I kept the laptop aside and copied the Emsisoft Emergency Kit folder from my PC to a USB Flash drive and transferred it to the laptop.
Surprisingly, I was able to uninstall the malicious program from the Control Panel. I checked the browser (Google Chrome) and found that the bookmarks bar on the top had multiple links to the rogue app so the browser had been hijacked as well. I didn't have to guess how this happened, because I could see there was no ad-blocker installed.
I ran a malware scan using Emsisoft Emergency Kit: the program detected some remnants and disinfected them in the first scan. But when I ran a complete scan the antivirus discovered several copies of an EXE (all of which were named ReImage) in the downloads folder. I quarantined all the findings.
Now that the malware had been disinfected, I connected it to my Wi-Fi to download uBlock Origin and Malwarebytes. The browser redirected me to ReImagePlus, which wasn't surprising considering it was hijacked. With my friend's permission, I reset Chrome deleting all its data, installed uBlock Origin, and Malwarebytes Anti-Malware. Further scans indicated the laptop was clean and it seemed to be faster as well. I advised him to run a scan using Emsisoft Emergency Kit and Malwarebytes once a month or so.
I recommended Emsisoft Emergency Kit to another friend recently. Actually, he had just disinfected the laptop using Hitman Pro (also my recommendation) a few minutes ago. This malware (can't find the name of it in the chat history) had accessed his webcam.
He had noticed the light was on when the camera was not being used and we rushed to disinfect it. But I advised him to run scans using Emsisoft Emergency Kit and Malwarebytes Anti-Malware anyway.
This friend formatted the drive after disinfecting it and reinstalled Windows.
While we are on that topic, some malware persist after a Windows reinstall (though I have personally seen that happen over a decade ago), a full format on the other hand should wipe the infection, along with all the data on the drive. But, it is still better to tackle the malware head on, and disinfect the drive first, and try to recover some of your important data. Once done, you can (and in my opinion should) reinstall Windows after formatting the drive.
Now you: Which secondary scanner do you use?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.