All Activity

This stream auto-updates     

  1. Past hour
  2. The culprit must have done something wrong though. There wasn't even a ransom note left. At least I never saw it.
  3. I generally have decent passwords, but this particular early morning I made it the stupidest thing you could, without even considering this possibility. I was working 2am to 10am and was tired of typing it when my machine timed out. Lesson learned. Spent 3 days changing my online passwords and dealing with fraud. Good times. Funny thing is, I'm the guy people look to for tech help/advice. Smh.

  4. cry36 attack, RDP logs intact

    GT500 replied to svenzok's topic in Ransomware First Aid

    There is currently no way to decrypt Cry36 encrypted files.
  5. Yeah, long passwords can be a pain in the neck, but in the end its worth it to have long and complex passwords. I usually recommend passwords that are a minimum of 25 characters long, and are made up of completely random characters (a combination of lowercase letters, uppercase letters, numbers, and symbols is best). It might also be a good idea to hide sensitive services such as RDP behind a VPN, that way the RDP port doesn't need to be open in the firewall. This is especially useful if you need to have access to multiple computers on the network via RDP, of multiple services on the same computer, or simply want to just leave the VPN connected all the time for quick access to RDP.

  6. Help, my PC is infected!

    GT500 replied to stoneii's topic in Ransomware First Aid

    It might be one of the Cry ransomwares. I recommend checking with ID Ransomware to verify that, so we can determine whether or not the ransomware is decryptable: https://id-ransomware.malwarehunterteam.com/
  7. I assume that ID Ransomware said it was Sage 2.0? If so, then there is no known way to decrypt files that have been encrypted by Sage 2.0 without obtaining the private key, and since ransomware like this usually generates new keys for every computer it infects the only way to obtain the private key is from the criminals who made the ransomware.
  8. I can't say I'm surprised. But that is disappointing coming from you. Oh well, at least I caught it when I did. Sadly it got ahold of some of my NAS files since the drives were mounted. All because I wanted to be lazy and make my password stupid easy. Took less than 3 days to get RDP'd into and left with this mess.
  9. Older decrypters for Dharma were based on master decryption keys that were released on the BleepingComputer forums. There's been a spike in the last few days of new reports of Dharma infections that rename files with the .cesar extension, and with this new waves on infections I would expect that existing decryption tools would not be able to decrypt files. It might take some time for analysis, however I expect that this new variant of Dharma is not going to be decryptable.
  10. Older decrypters for Dharma were based on master decryption keys that were released on the BleepingComputer forums. There's been a spike in the last few days of new reports of Dharma infections that rename files with the .cesar extension, and with this new waves on infections I would expect that existing decryption tools would not be able to decrypt files. It might take some time for analysis, however I expect that this new variant of Dharma is not going to be decryptable.

  11. Rumblegoodboy Decrytor || Globeimposter variant

    GT500 replied to chaitanya01993's topic in Ransomware First Aid

    It appears to be a variant of GlobeImposter 2. There is no known way to decrypt files that have been encrypted by this ransomware without obtaining the private key, and since the ransomware generates a new private key for every computer it infects the only way to obtain it is from the criminals who made the ransomware.

  12. GOTHAM Decrypter Required

    GT500 replied to Franki Fung's topic in Ransomware First Aid

    There is no known decryption solution for GlobeImposter 2. You would need to obtain the private key to decrypt the files, and since the ransomware generates new keys for every infected computer the only known way to get the private key is from the criminals who made the ransomware.
  13. Today

  14. Firewall discussion

    GT500 replied to Lynk's topic in Emsisoft Internet Security

    WFP = Windows Filtering Platform (which the Windows Firewall is somehow a part of). All third-party firewalls use WFP. You can't implement a firewall without using WFP on modern Windows Operating Systems. It's possible that GlassWire is still just a manager without its own firewall engine, and they use WFP to interface with the Windows Firewall's filtering controls. They don't seem to make any definitive statement about it (at least nothing recent), however from discussions on their forums it does seem that that may be the case.
  15. It is technically possible for applications that are automatically allowed by our Behavior Blocker to modify our registry entries. So yes, a registry cleaner can mess up just about anything.

  16. EAM 2017.7 notification duration bug

    GT500 replied to Siketa's topic in Emsisoft Anti-Malware

    I can ask Frank about it, but you can talk to Frank about this yourself if you want.

  17. NVIDA Driver update

    GT500 replied to sdalgl72's topic in Emsisoft Anti-Malware

    That usually happens when the file is not in the location that the Windows kernel says its in. Usually because the file was moved, and the path hasn't been updated yet. Although the file being deleted too quickly can also cause this issue. The only workarounds that I know of is to add the file to the monitoring exclusions so that the Behavior Blocker ignores it, or disable the Behavior Blocker before installing the NVIDIA drivers. Since the file doesn't exist when you try to add it to the exclusions, you'll need to add another random file, and then paste the name and path of the file you want to exclude into the exclusions. You can also use wildcards if the file name has a tendency to change, however since it's a TEMP folder it might not be safe to make extensive use of wildcards in exclusions.
  18. Yesterday
  19. Thanks i will try to disable that option because the others Works very well whith emsi and i will reinstall this whitout registry cleaner. Now do you think a registry cleaner can delete a important part of emsi software?
  20. m3a4424 started following Firewall discussion
  21. Kevin Zoll started following Files 'www-hash-'

  22. Files 'www-hash-'

    Kevin Zoll replied to MiguelGuerra's topic in Help, my PC is infected!

    Please attach a copy of one of the affected files.
  23. IS THERE ANY SOLUTION HELP

  24. EAM loosing language setting

    GT500 replied to Alan_S's topic in Emsisoft Anti-Malware

    We believe this issue will be fixed in our next beta release. Here's how to switch to the Beta update feed: Open Emsisoft Anti-Malware. Click on Settings in the menu at the top. Click on Updates in the menu at the top. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list. Click on the Update now button on the right side. You can keep on eye on our changeblog at the following link to see when the next beta is released: http://changeblog.emsisoft.com/ If you would like to be automatically notified when there is a new version of our software available (beta or stable), then we have an RSS feed available at the following link: http://changeblog.emsisoft.com/feed/
  25. Hello - it seems i was infected with a variant of DARHMA (.cesar). I had run first malwarebytes. See attached log. Then followed your instructions. See attached logs. Can you help to de-crypt my files? I attach one of the encrypted files. Thanks scan_170818-232125.txt malwarebytes.txt FRST.txt Articole_cu_stoc_negativ.txt.id-7E8DED17.[[email protected]].cesar Addition.txt
  26. lucadorin joined the community
  27. JesseK started following Infected with .cesar aka Dharma/CrySiS ransomware
  28. I believe I have cleaned the system, but it is now unable to boot, likely due to system files being rename to .cesar once I reboot into safemode. Beyond that, I have tried decryption tools that work on previous versions of this virus to no avail. Should anyone be interested, I have a rar passworded file of one of the .exe's I found prior to deleting it. I also have a few encrypted files available should someone want to take a look at them. (nothing confidential) Any suggestions? Note: being unfamiliar with the rules, I have abstained from attaching any files here, but can provide links if requested.
  29. Hi Every third month ( more or less) I have to travel for some days, and it that regard I bring my laptop with me in connection with my work. Sometimes I am in areas where I use the free network, and here it would be convenient for me , if I had the possibility to jump from private to public network e.g. by rightclicking the Emsisoft Icon and ask it to shift the firewall mode. I see it as a feature that would help the Emsisoft user to maintain the best use of the windows firewall all the time. You could rightfully call such a feature, a " service function" , but a useful one I think . Thank you for your time =) Best regards Tempus
  30. JesseK joined the community
  31. HIPS187 started following Christian Mairoll

  32. licence

    francisdu54 replied to francisdu54's topic in French Support - Assistance Française

    bizarre ça marche avec edge mais pas google donc problème résolu merci d'être à l'écoute bonne soirée

  33. licence

    francisdu54 replied to francisdu54's topic in French Support - Assistance Française

    j'utilise adguard je l'ai desactivé mais rien a faire j'utilise google chrome et jusqu'a présent aucun problème je ne sais pas comment faire

  34. Rumblegoodboy Decrytor || Globeimposter variant

    chaitanya01993 replied to chaitanya01993's topic in Ransomware First Aid

    Hi Any update
  1. Load more activity