How-to: Find and clean malware infections with Emsisoft Emergency Kit

Emsisoft Emergency Kit is the only free, fully portable dual-engine cleaning toolkit that scans for and removes malware and Potentially Unwanted Programs (PUPs) from your PC. It’s the tool of choice for a second opinion scan and works well in combination with any other antivirus and anti-malware programs.

Use it if you suspect your computer is infected but other protection and cleaning software have failed to resolve the problem. It’s speedy and effective – a typical malware scan with Emsisoft Emergency Kit takes no more than a minute.

This tutorial provides step-by-step instructions on how to scan and clean your computer.

  1. Download and run Emsisoft Emergency Kit
  2. Check for the latest online updates
  3. Run a scan and clean your computer
  4. What to do if malware is found
  5. For geeks: Emsisoft Commandline Scanner
  6. For malware removal professionals: Emsisoft Emergency Kit Pro

1. Download and run Emsisoft Emergency Kit

Download: If you don’t have the Emsisoft Emergency Kit yet, download it here. It’s free for private use and is fully portable, which means no installation is required. The download package just unpacks to “C:\EEK\” or any other destination of your choice.

Note: If you don’t need the software anymore, just delete the whole folder and the shortcut at any time.

Run: Simply double click “start emergency kit scanner.exe”, located in the folder where you installed Emsisoft Emergency Kit. If Windows issues an alert and asks for your permission to run the program, allow it to run with elevated rights.

The software can also be started from a read-only device such as CD/DVD/BD or any write-protected USB devices. In this scenario, online updates are not possible, but the software itself remains fully functional for scanning and cleaning with no risk of accidentally infecting the plugged in drive or disk.

2. Check for the latest online updates

We recommend that you run an online update each time you start a new scan to ensure all the latest malware signatures are included. If you’re opening the program for the first time, it will automatically prompt you to do so.

We also recommend that you select “Yes” when asked if you’d like the program to detect Potentially Unwanted Programs (PUPs). Emsisoft specializes in removing PUPs such as unnecessary browser toolbars and annoying adware that are notorious for bloating and slowing down your system.

Once the update process has completed successfully, the color in the first menu block will change from orange to green.

After the update has finished, click “SCAN” in the main menu.

3. Run a scan and clean your computer

You are now ready to run a scan. There are three options: Quick Scan, Malware Scan, and Custom Scan.

The Malware Scan is the best choice for most users because it’s optimized to scan locations where malware typically infects. This scan typically does not miss any malware; however, if you want to be absolutely thorough and also find inactive malware files or if this is the first time you’re scanning your computer, we recommend doing a Custom Scan. By default, it will scan the entire contents of your PC, including local drives and more. This scan is also useful if you wish to configure your own scan settings, scan additional drives for malware or exclude certain folders.

Use Quick Scan if you are quite sure that the system is already clean, e.g. when scanning a new computer. It will only scan active programs and perform a quick search for known malware traces in file system and registry.

4. What to do if malware is found

If the scan detects any malware or PUPs on your computer, it will display and preselect all findings.

You can either quarantine or delete selected objects. We recommend you quarantine objects in most cases, as this option will completely disable the malware by wrapping it in an encrypted container. It renders the malware harmless, while allowing it to be analyzed by one of our technicians if needed or restored on the off chance that it is a false positive.

If you opt to delete files instead, you will irreversibly delete the detected files – so only do this if you are absolutely certain the files are malicious.

Very rarely, a scan detects a rootkit that cannot be automatically removed without a significant risk of damaging your system. If this occurs, you will get a notification to contact one of our malware removal experts in the Emsisoft support forum. Follow their instructions to safely clean your system.

View logs

All scanner, quarantine and update events are thoroughly logged and can be viewed in the “LOGS” section. Logs can be helpful to our analysts if you ever encounter a complication. The Forensics Log provides all the information needed to create a complete timeline of events.

Additional privacy settings and options

The “SETTINGS” area lets you define how the Emsisoft Emergency Kit will operate, especially in regards to your privacy. You can join the Emsisoft Anti-Malware Network, our cloud-based database that stores information about all types of programs, good and bad, and checks them in real time. By opting in, you give the program permission to collect anonymous information about malware it finds on your computer, which helps improve our products’ overall malware detection capabilities.

A Quarantine Re-Scan is, by default, performed every time new signature updates are downloaded. In the event that you have a wrongly detected object in quarantine, a re-scan with corrected detection signatures will ask you to restore the quarantined objects back to its original place.

Enable Beta Updates only if you are an advanced user and want to take advantage of the latest untested software updates. If you would like to get more insights, please sign up for our beta tester program.

5. For geeks: Emsisoft Commandline Scanner

System administrators, security experts, and experienced commandline users will love this feature. The Emsisoft Emergency Kit also includes the Emsisoft Commandline Scanner, a console application

Emsisoft Commandline Scanner

for professionals who don’t need a graphical user interface. Its features are nearly identical to those of the graphical Emsisoft Emergency Kit scanner, and many professionals have called its latest incarnation “one of the most sophisticated command line scanners around”.

Emsisoft Commandline Scanner makes it easy to run repeated scans, perfect for use in automated batch scripts. It can easily be integrated in multi-engine scanning toolkits and its created log files are easy to parse. For more information, see product details.

To run the Emsisoft Commandline Scanner, either navigate to “C:\EEK\” and run the file “Start Commandline Scanner.exe” to see an overview of available parameters, or directly locate the “a2cmd.exe” file in “bin” folder and start from there.

6. For malware removal professionals: Emsisoft Emergency Kit Pro

Corporate users, such as help desks and PC repair companies, please buy a Pro-license at a reasonable rate. $99 can get you the following software-package:

For more details, please check out the Emsisoft Emergency Kit Pro page.

Have a great (malware-free) day!

Categories: Security Knowledge
Emsi :

View Comments (5)

  • Do I need to be in safe mode before I run the EEK or from regular windows? Previous attempts to run other malware software has resulted in the file being deleted and unable to launch. Thanks.

  • I have quite a number of applications that are in quarantine. I don't understand exactly what happens with those files. How do I know if they are affecting my computer either good or bad? By sitting in there that means they can't be accessed, is that right? So, if my computer has slowed down or not working like it should, could it be one of those applications are the problem? Most of them say Adinstall but a few say toolbar or Win32.

  • Hello i have a problem
    my pc is infected with a rootkit and ive run this program on my pc and i removes most of the trojans but it still shos around 6 that cant be removed and it just restarts my pc and when it does a black screen coms up and says that there is no hard drive found