All Activity

This stream auto-updates     

  1. Past hour
  2. Fixlog_21-06-2018 10.32.19.txt
  3. jimmorrison

    Activating File Guard

    Hello, I am having trouble ticking the file guard setting to enable it. I have generated the log file and I don't really notice anything. I am not sure what to do now. Jim
  4. Today
  5. BlackTunicLink

    I've recently been having memory issues with my laptop.

    Is this good? Addition.txt FRST.txt
  6. jagmeet

    .crab ransom virus problem

    sir, i have attatch 2 files , please unzip file and check ransom virus, then tell me please you can calll me if you want my mob no: ..(number removed) by jagmeet thanks CRAB-DECRYPT.txt uti.rar
  7. It says amnesia on the screen backround. But the encrypted files have a [email protected] extension. The ID ransomwear site ID's it as amnesia and AVCrypt. I noticed my AVG protection was down at the time of the attack. I tried Your Amnesia and Amnesia2 decrypters without anysuccess. I have purchased and loaded Emisoft anti malware and have a copy of Hitman and AVG virus scanning running. There are some files I really need to get off this computer. Is there any help? LordG
  8. Yesterday
  9. Kevin Zoll

    HELP! Rootkit and Cloudnet virus

    Your system is missing the Security Update for Microsoft Windows SMB Server (4013389) See: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: 2018-06-19 11:34 - 2018-06-19 11:34 - 000079736 _____ (AppWork GmbH) C:\Users\lulul\AppData\Local\Temp\131739032469074620.exe 2018-06-19 11:41 - 2018-06-19 11:41 - 000035680 _____ () C:\Users\lulul\AppData\Local\Temp\i4jdel0.exe 2018-06-19 11:37 - 2018-06-19 11:37 - 000040448 ____N () C:\Users\lulul\AppData\Local\Temp\proxy_vole6271394519320748616.dll 2018-06-19 11:41 - 2018-06-19 11:41 - 000040448 _____ () C:\Users\lulul\AppData\Local\Temp\proxy_vole7123844085149714122.dll End::
  10. GT500

    .crab ransom virus problem

    I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  11. GT500

    Uninstallation causing boot failure

    You're welcome. If you run into the issue again, and are able to get us registry exports, then that should allow us to get this fixed for you.
  12. GT500

    Recovery partition

    You're welcome.
  13. GT500

    Emsisoft behaviour blocker problem with hwinfo64

    They didn't specifically say, however I got the impression that it will be a difficult issue to fix, and it might take a while for them to do so.
  14. GT500

    a2service.exe application error

    That's possible, however from what the article says I expect it would only be applicable with a PS/2 keyboard. It shouldn't happen with a USB keyboard. In this case we did get a memory dump though, and you mentioned that saving the dump has been more reliable recently, so this may not be the issue. Note that laptop keyboards are usually PS/2, so if you have a USB keyboard and want to try it with that then there's a separate set of batch files for enabling/disabling the keyboard shortcut for USB keyboards: https://www.gt500.org/emsisoft/USB_Crash_On_Crtl_Scroll_Lock_Batch_Files.zip Considering the fact that it hasn't happened on bother computers since you first created this thread, is it possible that it was a power-related issue? Is there any difference in where the laptop and desktop have been plugged in since it happened? Does the laptop only do it when plugged in, or on battery? Have you added/changed any surge protection or battery backups to the desktop since the issue happened?
  15. David Biggar

    ransomware with file ext .recme

    Handling this via email, will post back with results, here.
  16. I think it's okay scan_180620-102242.txt FRST_20-06-2018 10.32.10.txt
  17. csatech

    Uninstallation causing boot failure

    I misspoke in regard to EAM having an update "in the wind". It did, however, reinstall... but I realized that was my fault; it was still turned on in Kabuto. So when it synced it wasn't there and it reinstalled. Bottom line is that the problem was the eppdisk setting in the registry. the version of EAM installed had been 2017.2 As to having a copy/export of the registry for comparison, I do not. I am however gun-shy at this point, and irregardless of the system, I'm checking the registry first before performing any uninstalls! Thanks for the help!
  18. slopes

    Recovery partition

    Thank you GT500
  19. Jerky McDilerino

    Emsisoft behaviour blocker problem with hwinfo64

    Are they still working on fixing the issue with HWInfo64?
  20. Hi all The server I look after has been infected with Amnesia, this is what ID Ransomware is stating and all the files have an ext of .recme but when I run your decrypt_Amnesia program it states it cannot file a decrypt key can you help please zeRKg7xjZr=R7JGGJhF2Hz4W1+Xu1QE2aguRvl3NsTz+aBzetSUDNnd3mpA8pvWN.recme
  21. P.S Все действия происходят в Гугл Хроме и сброс настроек, а также проверка на вирусы средствами Хрома не помогают.
  22. marko

    a2service.exe application error

    Maybe it's not creating a dump file because of the limitations mentioned at the bottom of this page https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard I'm happy to keep trying - maybe another dump file would show something that the first one didn't, and maybe the call stacks will be more readable - it's worth a try surely. When I created this thread, it was because I had the lock up on my desktop pc and my laptop with 24 hours of each other - I'm still hoping that I can replicate the hang on my desktop pc but haven't neen able to so far - I'll keep trying.
  23. GT500

    Recovery partition

    You can scan it if you want to, however I don't recommend removing anything found on the partition. In most cases where the recovery partition is accessible like this, there are permissions set up to prevent files from being deleted/modified on the partition anyway, but just in case it is possible and EAM does delete something it may be possible for it to break the recovery partition by removing something that shouldn't be removed.
  24. GT500

    Cannot install/update Piriform CCleaner and Speccy

    Anything running with from the SYSTEM account should have the same access as the Administrator account in most cases, however that's up to the computer sharing the file and not the computer that EAM is running on. The SYSTEM account is a local account, and software on a remote computer running under one of that remote computer's accounts is trying to access those files. As far as I know there are no issues with Cyrillic in network paths. We have team members who speak languages that use the Cyrillic alphabet, so if there are issues with Cyrillic characters then we should find out in our internal testing.
  25. GT500

    a2service.exe application error

    That makes me suspect a problem with disk access, although it could be a software issue and not a hardware issue. It's hard to say, especially if there was a problem before trying to force the memory dump. That's possible, however it's just as likely that a new dump would have the same issue (perhaps due to whatever is preventing ProcDump from saving a2service.exe's memory to a dump file when it terminates). It's a gamble, and it may just end up wasting more of your time. Since I've had you go through so much effort trying to debug this already, I'm hesitant to ask you to keep trying when the odds of getting useful debug information don't look good. I'm certainly not able to think of anything else we could do to debug the issue. When memory dumps and debug logs fail, there really isn't anything left to fall back on.
  26. slopes

    Recovery partition

    My recovery partition is not hidden, shows up in custom scan. Is it okay to scan it? Thanks
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up