All Activity

This stream auto-updates   

  1. Past hour
  2. Thank you for your submission. I will look into it as soon as possible.
  3. NOT A BUG

    that's true too Thanks
  4. GT500 Just wondering if they found anything to help with my Update problem or does it take a while for them to sift through the results.
  5. Today
  6. NOT A BUG

    True but that wasn't clear at the time I made the first post in this thread
  7. NOT A BUG

    Hi stapp, Those signature issues were clearly caused by other AV's installed on the same pc. thanks
  8. Xorist-decryption-Tool is working. Many thanks!
  9. Thank you, I will try the Beta version and see if it makes any difference. I should also have mentioned that when I have changed the update times and then go back and check, they have reverted to where they were before, which mean Emisoft updating on startup.
  10. Ok, Thank you all, I'll wait until someone release a decryptor for it.
  11. NEW

    Installed 6971 on Win 10 64bit and updated it, then changed to beta updates and updated. All went well with GUI and scans. (still absolutely hate the 'not responding' on the installer..it looks so unprofessional)
  12. http://theforeclosures.net/wp-includes/Rename/bread/ http://fsgc.com.sa/bankofameriica/f9d43b620b5178b0607dd104e27495fe/work.php/?cmd=login_submit&id&session http://www.tooloftrade.com.au/wp-includes/view/d44898c0df7521a17dee4c9c2f3c68e9/ http://fsgc.com.sa/bankofamerica.com/ea951bb8dcb32555a3d078fe255ca059/confirm.php/?cmd=login_submit&id=3150fc8fdf823442368e4bb0c6bb50413150fc8fdf823442368e4bb0c6bb5041&session=3150fc8fdf823442368e4bb0c6bb50413150fc8fdf823442368e4bb0c6bb5041 http://www.divano.com.do/includes/dr/Validation/login.php/?cmd=login_submit&id=747556b39bcc441c51e3ead1fa25d80e747556b39bcc441c51e3ead1fa25d80e&session=747556b39bcc441c51e3ead1fa25d80e747556b39bcc441c51e3ead1fa25d80e http://www.performanceblasting.com/2/ayo1/ayo1/ayo1/ http://tokoshaktie.co.id/wp-includes/customize/wp-content/rror/incorrect/tracking.php/?userid=info%40monacosolicitors.com.au http://neaindustrias.com/barrister/Documentos/Imagedrive.file/filewordss/index.php/ http://fsgc.com.sa/bankofamerica.com/5d55d6cdaf3de13394d4a2efb7bc21cb/confirm.php/?cmd=login_submit&id=b3e9f0aa8051044154b6ea68ae852e80b3e9f0aa8051044154b6ea68ae852e80&session=b3e9f0aa8051044154b6ea68ae852e80b3e9f0aa8051044154b6ea68ae852e80 http://sys20.nuqa.org/sat/autoXrenew.php/ http://tooloftrade.com.au/wp-includes/view/6643b99df95e72c375ba3e6bca138b18/ http://www.greenbambooresidence.com/wp-includes/js/vestecay/318930cc0967beb0a2bb65ca4b94b214/ http://tooloftrade.com.au/wp-includes/view/ http://www.findout.tours/c/CHASE/CHASE/chase%20email%20and%20pass/c3d602c34bcc2546caa7415d79ba9077/email.php/?cmd=login_submit&id=133348cf7be1ed2a8472572bd9cfb350133348cf7be1ed2a8472572bd9cfb350&session=133348cf7be1ed2a8472572bd9cfb350133348cf7be1ed2a8472572bd9cfb350 http://gbw3d.pl/wp-admin/css/trustpass.html/ http://welboz.xyz/autoffice/mail365/autoemail/index2.php/?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-UserID&userid=nitinfire%40vsni.com http://neaindustrias.com/barrister/Exportdocuments/Documentos/Imagedrive.file/filewordss/index.php/ http://marccrispfoods.com/admin/0090897878675678556342333221234/index.php/ http://neaindustrias.com/through.carriageltd/Exportdocuments/Documentos/Imagedrive.file/filewordss/index.php/ http://www.tricolor-balabanovo.ru/cache/widgetkit/twitter/obgit/templates/wp/sccm/ http://fsgc.com.sa/bankofamerica.com/5d55d6cdaf3de13394d4a2efb7bc21cb/work.php/?cmd=login_submit&id&session http://www.backlink-system.com/images/googledocs/googledocs/googledocs/index.php/ http://fsgc.com.sa/bankofameriica/f9d43b620b5178b0607dd104e27495fe/confirm.php/?cmd=login_submit&id=c2d4aebab308b50ed2a0968e769df99cc2d4aebab308b50ed2a0968e769df99c&session=c2d4aebab308b50ed2a0968e769df99cc2d4aebab308b50ed2a0968e769df99c http://fsgc.com.sa/bankofamerica.com/ea951bb8dcb32555a3d078fe255ca059/work.php/?cmd=login_submit&id&session http://buffetilluminati.com.br/dropbox/index.php/?userid=service%40chuantan.com http://www.sdn2sukamenanti.sch.id/member/profil/Binzu/secure/New%20Chase/Validation/ http://www.sdn2sukamenanti.sch.id/member/profil/Binzu/secure/New%20Chase/Validation/login.php/?cmd=login_submit&id=7cb174d9c614ac846b8c5f4bde01c8e27cb174d9c614ac846b8c5f4bde01c8e2&session=7cb174d9c614ac846b8c5f4bde01c8e27cb174d9c614ac846b8c5f4bde01c8e2 http://colegiovirginiapatrick.com.br/newfileupnewfileupnewfileup/cgi-bin/db/view/ http://anandsoft.com/wirenews/seive/
  13. It's a new version of LeChiffre - algorithm blowfish. Help me, people!
  14. I didn't, it was a fresh image, but it's not important now since time passed. Thank you anyway.
  15. NOT A BUG

    It was here Frank. But obviously things have changed as that was back on 21st of Feb and Arthur has been helping them https://support.emsisoft.com/topic/26769-a-digitally-signed-driver-is-required/ https://support.emsisoft.com/topic/26919-unsigned-driver/ I can understand the devs saying it isn't an issue, however if I was installing EEK as a new user and seen that it was saying it was not responding I wouldn't want to use it. Will see if it happens on new 7222 later.
  16. Here are the logs for: Adware Cleaner Junk Removal Tool Fanbar Fixlog Fixlog.txt AdwCleaner[C2].txt JRT.txt
  17. Have you tried the latest beta version? Some people have reported that it resolves this issue. Here's how to try it if you want to: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on Updates in the menu at the top. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list. Click on the Update now button on the right side. This depends on whether or not a scheduled update was missed. If not, then it will wait until the scheduled time to begin updating. If a scheduled update was missed, then it will run that update on startup, however it will not run it right away. It will wait until after you have logged in, and after system resource usage drops to 20% (or lower), or it will wait a maximum of 5 minutes after Emsisoft Internet Security has started during login.
  18. Files have been crypted, their extension is .DECRYPT-ID-63100927 like desktop.ini.DECRYPT-ID-63100927, the note is attached, but on the other side, I found two files named Help_Help_Help.._.hta, which seems to belong to a known Ransomware. Intrusion point was an unsecured RDP. Any Ideas? Thanks in advance, Phil HOW TO DECRYPT FILES.txt _HELP_HELP_HELP_PD8ZDVC0_.hta https://www.virustotal.com/de/file/6e1cc8910ac86be473d2d5059ebc0209c9c76e02a8612745a1fe3fbfd5b8f861/analysis/1488238883/ For the file attached Edit: I should add that I might found the Software itself. See pictures The file backup.exe was detected by Virustotal: https://www.virustotal.com/de/file/26e590d4faf33f939743974950d92bcdaf986af19823127328a4df016a5c8a85/analysis/1488236849/ inside the \x64 folder, I found See pictures Virustotal of the minidrv.sys says: https://www.virustotal.com/de/file/8d4d0e8a874b6b5f5adfa2153a8470b841fee2f27a23c422f9f504c33b262de0/analysis/1488242021/ edit2: backup.exe is packed with UPX and written in C++ Virustotal of unpacked backup.exe: https://www.virustotal.com/en/file/f6d811a5e1bf79a192e1c3a6362fb3df6ea7e98c0296b00699bcac2816a9af75/analysis/1488243201/ edit3: Analysis of unpacked backup.exe https://www.hybrid-analysis.com/sample/f6d811a5e1bf79a192e1c3a6362fb3df6ea7e98c0296b00699bcac2816a9af75?environmentId=100 https://sandbox.deepviz.com/report/hash/727d3e8d6958ebcf2aeb6d8057e69bce/ https://www.vicheck.ca/md5query.php?hash=727d3e8d6958ebcf2aeb6d8057e69bce
  19. Yesterday
  20. Do the following: Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Download Junkware Removal Tool and save it on your desktop. Run the tool by double-clicking it. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM-x32\...\Run: [] => [X] Startup: C:\Users\LEE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2016-04-22] ShortcutTarget: DS4Windows.lnk -> C:\Users\LEE\Desktop\DS4Windows.exe (No File) GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-19315309-3090391011-2702444638-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-08] <==== ATTENTION CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx <not found> 2017-02-26 10:33 - 2017-01-01 16:13 - 00000272 _____ C:\WINDOWS\Tasks\{2F58ED47-DAA2-B7F7-1A8F-671B0FDCC542}.job 2015-07-06 16:24 - 2015-08-11 15:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js 2015-07-21 15:07 - 2015-08-18 19:13 - 0000024 _____ () C:\Users\LEE\AppData\Roaming\appdataFr25.bin 2015-12-26 19:11 - 2017-01-18 00:33 - 0000429 _____ () C:\Users\LEE\AppData\Roaming\WB.CFG 2013-07-29 03:46 - 2013-05-17 09:41 - 0192512 _____ () C:\Users\LEE\AppData\Local\common_functions.dll 2013-05-17 09:41 - 2013-05-17 09:41 - 0114688 _____ () C:\Users\LEE\AppData\Local\ie_runner_app.exe 2013-07-29 03:46 - 2012-06-26 05:59 - 0940544 _____ (Apache Software Foundation) C:\Users\LEE\AppData\Local\log4cxx.dll 2015-11-22 16:26 - 2015-11-22 16:26 - 0007606 _____ () C:\Users\LEE\AppData\Local\Resmon.ResmonCfg 2015-04-25 21:29 - 2015-04-25 21:32 - 0011664 _____ () C:\Users\LEE\AppData\Local\Temp-log.txt 2015-05-22 01:21 - 2015-05-22 01:21 - 0000000 _____ () C:\Users\LEE\AppData\Local\Temp.dat 2015-12-24 17:27 - 2015-12-24 17:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2012-11-26 20:58 - 2012-09-27 20:58 - 0000032 ____R () C:\ProgramData\hash.dat C:\ProgramData\hash.dat C:\Windows\Tasks\{2F58ED47-DAA2-B7F7-1A8F-671B0FDCC542}.job 2017-02-25 11:07 - 2017-02-26 10:08 - 0492544 _____ () C:\Users\LEE\AppData\Local\Temp\s3.exe Task: {055CB73A-0767-4133-BEB9-6D35D32533B0} - System32\Tasks\Bing Search Engine selom => Wscript.exe "C:\ProgramData\{B2B077D3-38F2-FD15-BE34-63572476E899}\nene.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b42324230373744332d333846322d464431352d424533342d3633353732343736453839397d5c7461726f6469" "433a5c50726f6772616d446174615c7b42324230373744332d333846322d464431352d42 (the data entry has 82 more characters). Task: {2044DEEE-B3C8-47A2-974B-3472C5985C0B} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION Task: {2495CB1A-22E4-4658-9AA1-5AB24AFF74FA} - System32\Tasks\{2F58ED47-DAA2-B7F7-1A8F-671B0FDCC542} => C:\Users\LEE\AppData\Roaming\UPDATE~1\sync.exe <==== ATTENTION Task: {25A1D31B-9628-4E88-B144-88C78CFCFD03} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {705A0F82-DC0F-4E4A-B51D-81FE3784D010} - \gameo_update -> No File <==== ATTENTION Task: {AC1B7A7F-B506-45B3-AA80-20D037A8E0EF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B04EE4E5-1A92-4B8A-88E2-FB05E8ADA33E} - System32\Tasks\Pivjodbe => C:\PROGRA~1\GROOVE~1\Efufifos.bat <==== ATTENTION Task: {E2089ED3-E105-4701-BBFF-A90CCA4A6029} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {E2C8D6E9-CAD2-468B-9631-7CF576F927FA} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: C:\WINDOWS\Tasks\Bing Search Engine selom.job => Wscript.exe C:\ProgramData\{B2B077D3-38F2-FD15-BE34-63572476E899}\nene.txt <==== ATTENTION Task: C:\WINDOWS\Tasks\{2F58ED47-DAA2-B7F7-1A8F-671B0FDCC542}.job => C:\Users\LEE\AppData\Roaming\UPDATE~1\sync.exe <==== ATTENTION AlternateDataStreams: C:\Users\LEE\Cookies:gs5sys [2048] AlternateDataStreams: C:\Users\LEE\Desktop\desktop.ini:gs5sys [3074] AlternateDataStreams: C:\Users\LEE\AppData\Local\History:gs5sys [3074] AlternateDataStreams: C:\Users\LEE\Documents\desktop.ini:gs5sys [3074] Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  21. Hello Repairwerkz, Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you with fixing your problems. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. Take note of some guidelines for this support request: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean." We do not want to clean you part-way, only to have the system re-infect itself. Do not start a new topic. The logs that you post should be attached to the reply. Set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Download to your Desktop: - Emsisoft Emergency Kit - Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode", unless you are instructed to do so by the Malware Removal Specialist handling your case. Do not force Safe Mode. Instructions on How to Boot to "Safe Mode" can be found at: http://www.malwarete...kb/SafeMode.php Let's get started: Install and Run Emsisoft Emergency Kit (EEK): Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Create a new topic in our Help, my PC is infected! forum and attach the following logs to your post: Emsisoft Emergency Kit log (C:\EEK\Reports\) FRST.txt Addition.txt (NOTE: if you need to attach the logs to a reply to an existing topic, then you will need to use the More Reply Options button to the lower-right of where you type in your reply in order to see the controls for attaching files) The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.
  22. We do cache results. So if you ever had the file checked before, the returned verdict will be remembered, internet connection or not.
  23. Fabian, In the case above BB checked for the reputation since when I disconnected from internet and checked the protection tab BB showed the bad reputation. BB didn't block it as the malware was still in memory. Emsi firewall alerted and outbound connectios were blocked. Why did BB check but not block the file? It seems something went wrong, or? Thank you
  24. Hello, We've just released EEK 2017.2.0.7222 New: Scanner settings screen which acts as a template for on demand scans. New: Environment variables tester in the exclusions screen. Improved: Speed of scans. Improved: Path used by the update process moved to \ProgramData\Emsisoft\updates. Improved: Minor GUI improvements. Fixed: Occasional crash while restoring/deleting from Quarantine.
  25. NOT A BUG

    according to the devs it's not an issue. Could you point me to the thread about the the signatures issue ?
  26. Emsisoft Emergency Kit 2017.2.0.7222 – with BETA updates enabled: New: Scanner settings screen which acts as a template for on demand scans. New: Environment variables tester in the exclusions screen. Improved: Speed of scans. Improved: Path used by the update process moved to \ProgramData\Emsisoft\updates. Improved: Minor GUI improvements. Fixed: Occasional crash while restoring/deleting from Quarantine. Related Posts: Beta updates – 2017-02-22 Emsisoft Anti-Malware & Emsisoft Internet Security 12.2… Beta updates – 2016-12-23 Beta updates – 2017-01-23 Emsisoft Anti-Malware & Emsisoft Internet Security… View the full article
  27. Hi and Thanks for helping me , my Server in my little company get Virus Ransomware Globe3 with extension .decryptor2017 , all system formatted and re partitioned , now i want bring back my important files , i have only 4 important files and this files so much important for me and my company , i will pay you , can you decrypt my files and brake lock and give me health files? i try with Trend Decryptor Emsisoft Decryptor and other Valid Company Decryptor but can't open my files , i place 2 of 4 my files here , if you can unlock my files and bring it back please tell me , if you can open my files , i'm happiest in the world , thanks 1. screenshot of Emsisoft Globe3 Decryptor (get error and 99.99%) https://1drv.ms/f/s!At8n1LALvdw3jgAC8V_NAQOVUIlL 2. The Link belong 2 of 4 my files to you download and fix this for me: https://1drv.ms/f/s!At8n1LALvdw3jgEgavacYIEGuVwc Best Regards...
  28. Hi Sarah W Will explain more? I have two files with extensions .orgasm & .hta available... Recovery with recuva data recovery & easeus data recovery wizard & recovery my file ,... Just recovered .orgasm & hta files... One way to decrypt available Decryptor program name is >>> "orgasm ransomware decrypt " I tested this app If I was successful, the program introduced Thanks Sarah W Regards. Dr.Dark
  1. Load more activity