All Activity
This stream auto-updates
- Today
-
Добрый день. Не подскажите для вашей реферальной программы подходит эта статья - https://cloudsmallbusinessservice.com/small-business/it-security-top-15-best-cyber-security-software-solutions.html Так же я бы хотел разместить свой баннер на своём сайте. Где найти информацию о комиссионных вознаграждениях. Наш сайт нацелен на Англоязычную аудиторию.... Заранее спасибо. Надеюсь на плодотворное сотрудничество с вами. Жду вашего ответа в ближайшее время... Удачи.
-
[RÉSOLU] EMSISOFT Enterprise Console / Ajouter nouveau client
kathrin replied to Windurster's topic in French Support - Assistance Française
Bonjour, Est-ce que vous pouvez installer Emsisoft Anti-Malware manuellement sur l'ordinateur en question? Vous pouvez copiez le packet directement avec TeamViewer ou télécharger Emsisoft Anti-Malware directement à partir de notre site sur l'ordinateur qui pose problème. Une fois installé, pouvez vous faire un clic sur Licence puis sur "Connecter à Emsisoft Enterprise Console". Saisissez l'adresse du serveur de Emsisoft Enterprise Console et le mot de passe et essayez de connecter la machine ainsi à Emsisoft Enterprise Console. Dans ce cas il ne devrait pas avoir besoin de reconfigurer le routeur. Si cela ne fonctionne pas, je vous conseille de poursuivre avec David, qui vous a répondu dans notre chat. Il est l'expert pour Emsisoft Enterprise Console et pourra sûrement vous aider plus rapidement. Cordialement Kathrin -
Sam Smith joined the community
-
SirOcelot changed their profile photo
-
Sagor Islam changed their profile photo
-
kvarvel changed their profile photo
-
Further to my last post, I've now resolved the volmgr errors and can consistently generate a dump file when crashing the system via the keyboard. I'd neglected to untick the 'Automatically Restart' check box in the Startup and Recovery settings window :( So, I'm confident that there's nothing wrong with my hardware or drivers. I will now be able to generate a dump file with certainty next time it locks up, so please let me know if you'd like one.
-
asif muzt changed their profile photo
-
babiharan changed their profile photo
-
DasKnuffel112 changed their profile photo
-
debE changed their profile photo
-
Ada changed their profile photo
-
pblyman changed their profile photo
- Yesterday
-
ptbrunof95 changed their profile photo
-
I've recently been having memory issues with my laptop.
BlackTunicLink posted a topic in Help, my PC is infected!
Here's everything you need. Addition.txt FRST.txt scan_180617-172558.txt -
[RÉSOLU] EMSISOFT Enterprise Console / Ajouter nouveau client
Windurster replied to Windurster's topic in French Support - Assistance Française
Bonjour Kathrin, J'ai exécuté les fichiers bat (EEC sur l'hôte) ainsi que les autres fichiers bat (prepare_pc) sur le pc hôte + client, mais rien n'y fait. J'ai testé en désactivant totalement les firewalls (W10) sur les deux appareils, mais la connexion échoue à chaque fois sur la machine client (je fais la manoeuvre via "Teamviewer"). Auriez-vous une autre solution à proposer? J'ai bien créé les fichiers de déploiement sur le pc hôte avec le "EEC" puis les ai envoyés sur le pc client, mais cela ne fonctionne pas. Cordialement Stephane EDIT : y'aurait-il une configuration à faire sur le routeur? Ce qui m'étonnerait car toutes les connexion "remote" fonctionnent sans problème. EDIT2 : Est-ce que le fait que l'adresse IP local de l'hôte soit "non détectable" (cachée derrière le masque sous-réseau du routeur) pose problème? Le serveur passe sur un serveur "cloud" d'Emsisoft ou directement de PC à PC? Car autrement je dois configurer le routeur, ce qui s'avère devenir un travail compliqué si je dois ajouter de nouvelles machines. -
Emsisoft behaviour blocker problem with hwinfo64
Jerky McDilerino replied to Jerky McDilerino's topic in Emsisoft Anti-Malware
Okay. Any update from the QA team? -
[RÉSOLU] EMSISOFT Enterprise Console / Ajouter nouveau client
kathrin replied to Windurster's topic in French Support - Assistance Française
Bonjour, Les fichiers sont installés avec Emsisoft Enterprise Console directement. Je vais vérifé si nous pouvons rendre l'endroit d'enregistrement plus clair dans la documentation. Vous pouvez trouver les fichiers batch Prepare_PC_where_EEC_installed.bat et Prepare_PC_for_deployment.bat dans le dossier C:\Programms(x86)\Emsisoft Enterprise Console\server\scripts. Cordialement Kathrin -
Just calm down im sure there will be
-
Sorry to bother you with a "non-malware" problem. Several people had similar issue and suspected malware. Thank you!
-
FishOnTheTree joined the community
-
dongyelengyu joined the community
-
Craig Rider AU .nem3end RANSOMWARE
Craig Rider replied to Craig Rider's topic in Ransomware First Aid
Thank you for the confirmation. Could someone please have a look at the attached ZIP files for the RearLeftPC and WebSrv. The ransomware was delivered via RDP and looks to be manually executed (to me - or an automated process we interrupted). The file contents for the for each machine are different, as in, there appears to be some files left behind and not cleaned up. Please see these DIR captures for examples, in particular the WebSvr capture. The file lock.exe.ransomware.danger.seriesofnumbers.seriesofnumbers.nem3end looks interesting to me. -
Chrome Browser Redirects to Yahoo
Kevin Zoll replied to 57smitty's topic in Help, my PC is infected!
The FRST logs show no malware. Since the browser reset fixed the issue, there is no further action needed. -
Let's take a fresh look. Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply. Be sure to let me know how things are running.
- Last week
-
It's a shame there's nothing in the debug logs that help. I'm not convinced it's a hard drive or controller issue - I've done a full surface scan using chkdsk and done the same with HDTune plus health and benchmark tests and everything seems fine on that front and I'm not seeing any other odd behaviour. I've also run full diagnostic tests on all hardware and full memory tests using a diagnostic utility from the laptop manufacturer with no problems found. And all my drivers are up to date. Would another dump file be of any help if I can manage to create one ?
-
It's been confirmed as Cry36. In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery
-
That certainly looks like a Nemesis variant (probably similar to Cry36 since it used secure encryption). First seen on VirusTotal on May 29th, so it's not brand new. I'll run it by our malware analysts just to be certain, however I expect they've already seen it.
-
Unfortunately there's nothing useful in the debug logs either. The only thing we were able to get out of the memory dump is that the hang seems to be happening when a2service.exe is suspended. It's difficult to say why a2service.exe is suspended, however it may be trying to terminate and getting "stuck" (hanging/freezing for some reason) while that is happening. Unfortunately there's nothing in the debug information that shows us why this is happening. With the odd volmgr errors you've been having it is possible that there's a hard drive or controller issue (or perhaps even a driver or BIOS issue) that's at the root of the problem. Updating your BIOS and drivers may help, but it's hard to say. Either way, that volmgr error may need to be resolved before we can figure out what's wrong with EAM (assuming the EAM hangs aren't simply a symptom of the volmgr issue).
-
[RÉSOLU] EMSISOFT Enterprise Console / Ajouter nouveau client
Windurster replied to Windurster's topic in French Support - Assistance Française
Bonjour, Non quel batch? Je lis "utilisez les fichiers batch" dans le document PDF, vous me parlez également de fichiers batch, je cherche et cherche, mais je n'arrive pas à mettre la main dessus. Ce serait plus utile de mettre un lien direct DANS la documentation ou dans votre message. Merci! Cordialement Stephane -
I had another lock up, again this morning just after logging in to my laptop at 08:48. ProcDump started creating a dump file at 08:53 (Unhandled C000041D Dump 1 initiated C:\ProcDump\ a2service.exe_180616_085310.dmp) but after waiting 15 minutes for it to finish, and with no obvious sign of progress or disk activity, I tried to generate a dump file via the keyboard. Unfortunately, it just went to the blue screen with 0% progress then restarted without creating the dump file. After the system had rebooted, I checked the ProcDump folder and the dump file it's created is 684kb rather than 0kb this time, so ProcDump obviously tried but I suspect it didn't finish given the size of the file - should I have waited longer ?. Another thing I noticed is that, after restarting the machine following this morning's crash, EAM debug logs have reverted to Disabled again, although I'm fairly certain it should still be Enabled for 1 day - I think it would be useful if the action of turning debug mode on or off was written to the forensic log - something to consider for future builds perhaps ? I also noticed that there are only two debug logs for this crash (one for a2service and one for a2guard) created this morning at 08:49 (I started the machine at 08:48), but it didn't create one for a2start so I assume this means a2service crashed before a2start could load (again). This again implies that debug logging was Enabled when the crash happened, yet it showed as Disabled after restarting following the crash. I've attached the ProcDump dump file and the two EAM debug logs in case they are of any use. EAM debug logs etc 16062018.zip
-
Sorry about that. I have attached new logs as admint. Resetting took care of search provider problem. Thank you! Addition.txt FRST.txt
-
Done! AdwCleaner[C00].txt
-
Craig Rider AU .nem3end RANSOMWARE
Craig Rider replied to Craig Rider's topic in Ransomware First Aid
https://www.virustotal.com/#/file/d7de0745b04d4579dd11fc3778b3cd1146d175769e2b10968b20f636abfd5eaf/detection -
It is always best to keep the backup media disconnected when it is not in use. This will not always prevent backups from being effected by an infection or an attacker, however it will limit their opportunities to do so. Rotating backup media may also help, assuming the infection/attack does not persist long enough to effect each backup media as they are swapped out. Just keep in mind that a determined attacker may stumble upon a script used to mount/unmount backup media, and use it to gain access to the backups. If I had to be super-paranoid, I would probably set up a Linux server with plenty of storage space (RAID-10 or something similar), make sure that all ports in the firewall are closed except the ones for Samba (meaning physical access to the server is required to interact with it), set up a Samba share on the server that the Windows server with the backups can connect and write to, and configure it so that once a day the backup server copies all backup data to the Linux server and then the Linux server copies that data to a safe location on its filesystem and deletes everything in the folder shared via Samba. Compromising a Linux server is entirely possible, especially if Samba doesn't get regularly updated, but as long as all of the other ports remain closed in the firewall it will be much harder than compromising a system that needs to have services accessible on the network. In theory you could easily do that with a Windows server as well, however a Linux server wouldn't need rebooted for updates as often, and scripting updates is as easy as a simple cron job. I have a single line in crontab on my CentOS 7 server to update certain critical services daily and restart them, and then I just manually check for other updates when needed and reboot the server if I think it's necessary. That depends on how often people save things outside of their profile folders, or other places that the Malware Scan wouldn't check. For instance if you have shared folders on a server that people save downloads and/or documents to, then it might be a good idea to set up a scheduled scan to periodically scan them. Just be sure to set up the scheduled scan on the server the shared folder is stored on.
-
This is more than likely Cry36, or a similar Nemesis variant. The "sample bytes" is usually an accurate way to identify it. Do you still have a copy of the malware that encrypted the files? If so, would it be possible to upload it to VirusTotal and post a link to the analysis here?
-
Emsisoft behaviour blocker problem with hwinfo64
GT500 replied to Jerky McDilerino's topic in Emsisoft Anti-Malware
It's probably just not responding well to our hooking method (some programs have issue with other applications injecting code into them). I just tested again, and the delay is only 2 seconds for me when minimizing or closing HWinfo without exclusions. Possibly because there's nothing else on the test system (just drivers and a few web browsers). I recommend doing that for now. If it's the same issue that MPC-HC has, then it won't be easy to fix, however I will let QA know so that they can look into it. -
[RÉSOLU] EMSISOFT Enterprise Console / Ajouter nouveau client
kathrin replied to Windurster's topic in French Support - Assistance Française
Bonjour, Est-ce que vous avez utilisé les fichiers batchs pour configurer la machine? Cela devrait ouvrir les ports nécessaires. Est-ce que vous pouvez essayer de vous connecter à partir de la machine en question? Ouvrez Emsisoft Anti-Malware, faites un clic sur "Licence" puis sur "Connecter à Enterprise Console" pour saisir l'adresse IP et le port. Cordialement Kathrin
-
Who's Online 1 Member, 0 Anonymous, 14 Guests (See full list)