All Activity

This stream auto-updates     

  1. Past hour
  2. OK, I've forwarded your information to the creator of STOPDecrypter, and he will archive it in case he is able to figure out your key at some point in the future.
  3. It looks like there's no active infection. I've forwarded what I can think might be helpful from your logs to the creator of STOPDecrypter so that he can try to figure out where the ransomware came from and hopefully get the offline ID and key from it.
  4. It looks like you had already posted the ID's and MAC addresses. Is this from another computer, or the same one?
  5. That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions: https://kb.gt500.org/stopdecrypter Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  6. That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions: https://kb.gt500.org/stopdecrypter Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  7. Let's try getting a diagnostic log. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  8. I would believe that Windows 7 x64 is still the second most common Operating System, so if there was an issue then we'd almost certainly know about it. We also test new releases on Windows 7 x64, since it is still so common, so if there was an issue specifically with the update then we should have found out by now. Regardless, we'd need the memory dump from the BSoD to be able to tell what happened. Can you find the following file on your computer? C:\Windows\MEMORY.DMP
  9. Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  10. It's probably a function that exists only in the Firefox source code, although I'm not sure where that source code would be stored that Google wouldn't be able to index it (unless it's restricted in their robots.txt). As for the crash itself, the only way that we can determine what's going on is with a dump of the crashing process. Granted since it's a browser there could be some sensitive data in the dump, so it's up to you whether you want to send it or not.
  11. Today
  12. Vielen Dank! ...hat problemlos geklappt! Wie ich sehe ist das jetzt ein Abonnement! Kluge Entscheidung! Dann habe ich die Action nicht jedes Jahr! Viele Grüße olynt
  13. Anky I see several malicious files here. Do not do anything yet. Wait for a response from a support service specialist.
  14. Hung Hello. This is also the result of the STOP Ransomware attack. See my posts above and post GT500 - in the same order. This also applies to your case. On the advice of the support service, a new recommendation was made for the case, like yours. This is here. It's best to check and make sure that no malware components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it. Let us know about the results.
  15. It's been over a day that my subscription of EAM has been unable to receive updates and is stuck on 'Initializing'. One customer support agent has been in contact with me through email but none of his solutions have worked yet. He suggested that my ISP is blocking the Emsisoft CDN (content delivery network) through which updates are delivered and indeed, I was able to receive updates when I connected my computer to cellular data. I have spent a chunk of time today manually updating the software with the help of a VPN but this cannot continue since it is time consuming and nearly impossible because the software used to receive hourly updates without any user intervention. The last mail from the customer support agent was over 12 hours ago after which I have received no correspondence. I need help to resolve this issue ASAP.
  16. Hi GT500, I have Zone Alarm Free firewall + Emsisoft Anti Malware installed on my PC for a long long time(at least more than 3 years), both were running fine after every windows 7 updates. Except this time........... Zone Alarm Free Firewall version: 15.3.060.17669 is installed on my Windows 7 Pro PC. I have no idea, why Zone Alarm Free Firewall bundled up with Check Point SandBlast Agent. During the installation of ZA free firewall.........the installer did not show it will install SandBlast Agent. But this Sandblast Agent is confirmed installed and I don't know why nor what its function. I guess mostly of forum users have already migrated to Windows 10, and no one has experienced such conflicting hardware/software issue to be noticed in the community. Currently, my windows 7 Pro PC does not have EAM installed (previously it was uninstalled) and ZA free was running fine, while I went ahead and installed windows update.
  17. after installing FRST, again 1 setup file is instaling showing in shutdown process,i looks like previous malware attack.
  18. after this software instal my web broweser opening automatically again n agin and new tab in tab browser FRST.txt Addition.txt
  19. sir I send my files details Decrypted 0 files! Skipped 5 files. [!] No keys were found for the following IDs: [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.teamxpart ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.fordan ) [*] ID: qOYn1VNGsvBEwqldLg6QzqQVTpWLpN9U0xdyJC4n (.txt ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 00:11:22:98:76:54, 0C:9D:92:80:F0:3E This info has also been logged to STOPDecrypter-log.txt
  20. This is continuing to happen. With FF v66.0.5: https://crash-stats.mozilla.org/report/index/16d01845-4730-4d06-97ac-8810e0190523 WIth FF v67: https://crash-stats.mozilla.org/report/index/b81ca3cb-1b41-43bc-ab3d-3a1060190523 Looking for all reports of this at Mozilla, over a six-month period: https://crash-stats.mozilla.org/signature/?product=Firefox&signature=%400x0 | a2hooks64.dll | PathIterationProc&date=>%3D2018-11-23T09%3A18%3A00.000Z&date=<2019-05-23T09%3A18%3A00.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_columns=startup_crash&_sort=-date&page=1 I think I'm only seeing reports from me (look at the 'Reports' tab at the URL above). But note that the default settings in Firefox are that these crash reports are only submitted if a user chooses to do so - and most users wouldn't know that a problem like this even exists. /I/ only know because I check the Firefox folders where unsubmitted reports accumulate, every week or two, and have started submitting the reports. I do not know what I was doing at the time that each of these problems occurred, because I don't have any sense that "Firefox is crashing". I did notice that all these reports mention the same location: [email protected] I tried googling for: "PathIterationProc" - and found exactly ONE hit. I don't think that helps.
  21. Can you help me? My computer had virus Ransomware, It had changed rename file .chech extension
  22. Here I attach the results of export logs in FRST, thank you.. Addition_23-05-2019 13.24.30.txt FRST_23-05-2019 13.24.30.txt
  23. My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz I tried with all decryptors but was unsuccessful. Please help me decrypt my files.
  24. I also attach the following download link for example files that are encrypted by malware, key ID and mac address https://t.co/71cKY58CTA
  25. My files are attacked by ransomware (.radman). Kindly check this note below: ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-mVSS8cJcv3 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Our Telegram account: @datarestore Your personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz Please help me recover or decrypt my files. I tried with all available decryptors but it was unsuccessful.
  26. dear @GT500 Here I attach the results of export logs in EEK, thank you.. Forensics_190523-115240.txt logs.db3
  27. Your support topic in Help, my files have been encrypted has been replied to. This support topic is closed. Reason duplicate.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up