Issue with Avast and Emsisoft Emergency Kit

Hello everybody,

I have a problem and I hope somebody can help me.
Avast Free Antivirus and Emsisoft Emergency Kit are both on my W7 PC, a few days ago I did a “Custom Scan” with EEK, it found two malwares (apparently inactive) and quarantined them.
This was the first time I used the EEK “Custom Scan”, neither the default “Malware Scan” (which I usually use) nor Avast full system scans have ever detected the two infected files.
Anyway, as I said, I quarantined the files, then I ran a system scan with Avast (negative).
To be sure the system was clean I re-scanned with EEK (again “Custom Scan”), nothing was found but I got an alert from Avast about “a2emergencykit.exe” (which is a file inside the EEK folder).
So I discovered that every Custom Scan I do with EEK triggers the same alert from Avast (see attached images).
Default EEK Malware Scans don’t.
I uploaded a2emergencykit.exe on Virus Total, this is the report.

Anyone can explain what’s happening?

Something called program conflict :wink:

https://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/2670/

If that’s the case, why did I get the Avast alert for each EEK custom scan (no malware) but the first one (which found two infected files)?
EEK signatures were the same.

As a side note, you should run EEK only if your system is infected.

There is no problem with running EEK and Avast together as many times as you like contrary to the previous posts. I’ve been running the two for 7 years at least with not a single problem.

As far as why one detects it and the other doesn’t might have to do with what the files were, their extensions, how you have avast and EEK setup to scan, where the files were etc.

a2emergencykit.exe is a part of EEK. Avast is calling it out because it has the original two files quarantined. If you were to delete them (and I’m not saying to do that unless you are sure you don’t need them) then Avast will no longer see it as a virus.

Though you can run these two without problems you have to be aware of two things… don’t run scans from both at the same time (at the same moment) and be aware that what happens in one might show up in the other.

If EEK is going to quarantine files then they really should be encrypted and protected from the outside of its quarantine. As avast does in its virus chest, from the outside of the chest in explorer all the user sees is the renamed file 0000001 (so there is no reference to the original name), etc and it is encrypted

That way they can’t get detected by other security applications.

You don’t have to be running two scans together, avast is a resident, on access antivirus so the File System Shield is active. From the OPs images, that appears to be what detected it, not running another scan.

Well, it seems it was, EEK found two infected files (although they seemed to be “inactive”).

I thought so.

Both files were located inside F:\System Volume Information (F: is not my system partition, it is a data partition. This HDD was previously used on a XP machine).

But the two files have been encrypted and renamed by EEK, the extension changed to .EQF.
How is it that Avast detects them now when they passed undetected through many Avast scans before?

Never done that.

Exactly!

The only thing you need to know is what I told you so far. It’s impossible to diagnose the specific circumstances you experienced because there are a lot of different combinations of why that occurs. If you don’t want to be flagged about things going on inside EEK then exclude the folder from avast.

Scanners are not all the same… they don’t scan the same way as each other, their definition files are not all the same, depending on what type of scans you were running, they are not all looking in the same places and they don’t handle potential viruses the same. When the two original files were in the original place they were, possibly avast said I know what these files are and they are no threat in their current state/location because they are behaving as I expect them. Possibly they were a false positive from EEK… Possibly when they got moved and renamed, avast said I don’t know what these are anymore and they are not in a location I’m expecting so now flag them. Possibly the attributes changed… System, hidden, Archive etc. Possibly your avast definitions just updated when you were running your EEK scans. Who knows? Bottom line is the purpose in running two AVs (I run three, Avira portable as well, plus Malwarebytes so technically four) is so that you get other opinions. Now if those opinions differ from each other just accept that they differ. If you want to try to understand why they differ or why they flag at one point in the life cycle as compared to another then you need to audit your files, review your event logs and know what the code is doing for each of the AV’s. Beyond that… your AV caught it. When it’s behavior changed another AV caught it. You were protected. Look at the positive side. The devil is in the details.

I deleted permanently the two files from EEK quarantine (now empty), then I launched a Custom Scan.
I got the same Avast pop-up alert, so I would say it has nothing to do with the two files being inside the EEK quarantine.
It looks like some kind of conflict, as Pondus said before.
I think I’ll have to live with it.

Thanks to all who replied.

  1. You don’t have to live with it, as I said just put the EEK folder in your exclusion list.
  2. As mentioned, I’ve been using Avast and EEK together for 7 years with not a single issue. I run custom scans with everything selected and just did two this morning on two computers.
  3. You mentioned you normally use the malware scan so you have been using it for a while and had no problem before this current issue. It is therefore false to say there is a conflict.
  4. Did you remove the files via the interface or just deleting via the folder? Did you reboot afterwards?

I prefer not to.

Good for you. I could have said that too up to a couple of days ago. It’s the Custom Scan that triggers the alert and I had never used it before.

Ok, let me rephrase: on my machine, for some unknown reason, there is a conflict between Avast and the Custom Scan of EEK.

Via interface and yes, I did reboot.