All Activity

This stream auto-updates     

  1. Today
  2. Hi GT500, I have Zone Alarm Free firewall + Emsisoft Anti Malware installed on my PC for a long long time(at least more than 3 years), both were running fine after every windows 7 updates. Except this time........... Zone Alarm Free Firewall version: 15.3.060.17669 is installed on my Windows 7 Pro PC. I have no idea, why Zone Alarm Free Firewall bundled up with Check Point SandBlast Agent. During the installation of ZA free firewall.........the installer did not show it will install SandBlast Agent. But this Sandblast Agent is confirmed installed and I don't know why nor what its function. I guess mostly of forum users have already migrated to Windows 10, and no one has experienced such conflicting hardware/software issue to be noticed in the community. Currently, my windows 7 Pro PC does not have EAM installed (previously it was uninstalled) and ZA free was running fine, while I went ahead and installed windows update.
  3. after installing FRST, again 1 setup file is instaling showing in shutdown process,i looks like previous malware attack.
  4. after this software instal my web broweser opening automatically again n agin and new tab in tab browser FRST.txt Addition.txt
  5. sir I send my files details Decrypted 0 files! Skipped 5 files. [!] No keys were found for the following IDs: [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.teamxpart ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.fordan ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.txt ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:11:22:98:76:54, 0C:9D:92:80:F0:3E This info has also been logged to STOPDecrypter-log.txt
  6. This is continuing to happen. With FF v66.0.5: https://crash-stats.mozilla.org/report/index/16d01845-4730-4d06-97ac-8810e0190523 WIth FF v67: https://crash-stats.mozilla.org/report/index/b81ca3cb-1b41-43bc-ab3d-3a1060190523 Looking for all reports of this at Mozilla, over a six-month period: https://crash-stats.mozilla.org/signature/?product=Firefox&signature=%400x0 | a2hooks64.dll | PathIterationProc&date=>%3D2018-11-23T09%3A18%3A00.000Z&date=<2019-05-23T09%3A18%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=-date&page=1 I think I'm only seeing reports from me (look at the 'Reports' tab at the URL above). But note that the default settings in Firefox are that these crash reports are only submitted if a user chooses to do so - and most users wouldn't know that a problem like this even exists. /I/ only know because I check the Firefox folders where unsubmitted reports accumulate, every week or two, and have started submitting the reports. I do not know what I was doing at the time that each of these problems occurred, because I don't have any sense that "Firefox is crashing". I did notice that all these reports mention the same location: [email protected] I tried googling for: "PathIterationProc" - and found exactly ONE hit. I don't think that helps.
  7. Can you help me? My computer had virus Ransomware, It had changed rename file .chech extension
  8. Here I attach the results of export logs in FRST, thank you.. Addition_23-05-2019 13.24.30.txt FRST_23-05-2019 13.24.30.txt
  9. My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz I tried with all decryptors but was unsuccessful. Please help me decrypt my files.
  10. I also attach the following download link for example files that are encrypted by malware, key ID and mac address https://t.co/71cKY58CTA
  11. My files are attacked by ransomware (.radman). Kindly check this note below: ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-mVSS8cJcv3 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Your personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz Please help me recover or decrypt my files. I tried with all available decryptors but it was unsuccessful.
  12. dear @GT500 Here I attach the results of export logs in EEK, thank you.. Forensics_190523-115240.txt logs.db3
  13. Your support topic in Help, my files have been encrypted has been replied to. This support topic is closed. Reason duplicate.
  14. Yesterday
  15. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  16. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  17. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  18. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  19. Yes, that was expected. First we need your ID and MAC addresses from the infected computer, and they there's a possibility that the creator of STOPDecrypter may be able to figure out your decryption key. Or you could get lucky and have an offline ID, so that when support for the variant of STOP/Djvu that encrypted your files is added to STOPDecrypter it will be able to decrypt them on its own. Attach a copy of the ransom note to a reply and I'll let you know if it looks like an offline ID. You can also follow the instructions at the link below for getting your ID and MAC addresses with STOPDecrypter, which may help in figuring out your decryption key if you don't have an offline ID: https://kb.gt500.org/stopdecrypter
  20. This is a variant of the STOP ransomware. STOPDecrypter more than likely won't be able to recover your files, however it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  21. @Surya dinata when you look at your logs in EEK, there's an Export button in the lower-left that will allow you to save a copy of the log. Could you please save it somewhere easy to find, and then attach it to a reply for me?
  22. Let's get some logs from FRST and see if they show any signs of the ransomware (Demonslay335 still needs a copy of this variant of STOP/Djvu). You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  23. That looks like an offline ID. If that's the case, then once the creator of STOPDecrypter gets his hands on a copy of this variant of STOP/Djvu, he'll be able to key the decryption key for it.
  24. You appear to also have Check Point SandBlast Agent installed, however the uninstall entry is hidden. Was this software supposed to have been removed at some point? At first glance I can't see anything else that might suggest a cause for this issue. It's possible that with the April Windows Update there's a problem between Check Point SandBlast Agent and Emsisoft Anti-Malware, however the only way to establish that is to uninstall Check Point's software and try the Windows Update again.
  25. i have same problem my files encrypted with fordan how can i know is key offline or online?
  26. I have the same problem, i tryed to use STOPDecrypter but he not decrypt everything, my virus it's .Ferosas, someone can help me?
  27. no object in quarantine (quarantine tap is empty)
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up