All Activity

This stream auto-updates     

  1. Past hour
  2. Kevin, that's good to know however, I have just done a malware scan and it shows the first 8 problems I mentioned at the start of this conversation. I attach same for your perusal. I am still unable to update Emsisoft. Also I am unable to activate windows 10. I believe that something is stopping both of these actions. I realise this is a holiday period so I do not expect a reply until after the Easter break. Thank you Phil scan_190419-081430.txt
  3. Today
  4. Hallo Klaus, vielen Dank dass Sie unseren Support kontaktiert haben. Ich habe Ihnen soeben einen private Nachricht (PM) hier im Forum zugesendet. Bitte lassen Sie mich wissen wenn wir Ihnen noch behilflich sein können. P.S. Vielen Dank @Optimist für die Unterstützung.
  5. This is new variant of STOP Ransomware (Djvu group). Yesterday there were several requests for help in the Support topic of STOP Ransomware (this is general description in Digest) with norvas extension. This has already been added in ID Ransomware. Therefore, after downloading the ransom note and the encrypted file, you will receive a link to the same support topic.
  6. Hallo Optimist, vielen Dank für die Rückmeldung und Klarstellung das es auch bei neueren Beiträgen vorkommt. Interessanterweise konnte ich das Problem nun ebenfalls mit Edge beobachten. Möglicherweise gibt es bei der aktuellen Version der Forensoftware einen Bug oder bei einer Migration ist etwas schief gegangen. Ich werde versuchen etwas mehr herauszufinden und mich mit meinen Kollegen kurzschließen um zu sehen ob sich von unserer Seite etwas dagegen unternehmen lässt.
  7. It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like one of our experts to review them.
  8. i need help from .norvas please ATTENTION! Don't worry my friend, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-pPLXOv9XTI Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Support Telegram account: @datarestore Your personal ID: 067vtdsUezls8FbZSwxHPqFxqZPQl9MgdHW2jISKKftNxGO0LP9BY thanks
  9. Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread
  10. Yesterday
  11. I'm fairly certain it was due to some changes we made to our systems. If it happens again, then please be sure to let me know.
  12. That would have gone directly to our malware analysts. They don't typically respond to e-mails they receive (unfortunately they receive to many of them to respond to them), however they do read everything and check everything that is submitted. Note that they probably won't let me know what they found unless I ask them, so I'll have to see if they remember the e-mail. In this case you'd most likely either need a computer running Linux to connect the drives to, or a Linux Live DVD (you can usually put these on USB flash drives using a tool like Rufus). Maybe something like Knoppix? Unfortunately it's difficult to get a hold of anything newer than version 8.1 of Knoppix, as newer versions were only distributed via third-parties (for instance version 8.5 was only distributed through a German magazine). Granted there are alternatives that do run on Windows and can recover files from drives formatted in fourth extended (ext4), most of them cost money, however I was able to find at least a couple of free softwares that can at least access fourth extended (ext4) formatted partitions. TestDisk only appears to be able to recover files from a second extended (ext2) partition, however R-Linux appears to support fourth extended (ext4). R-Linux actually has a Windows version (there's a "for Windows" tab just above the description of the software on the R-Linux page I linked to), and in theory should be able to read a fourth extended (ext4) partition even from Windows. I wasn't able to test this quickly, since every Linux installation I have is on XFS formatted partitions instead of ext4... Keep in mind though, all of this is really just a "shot in the dark", and there are no guarantees. It sounds like in the case of your NAS some sort of malicious code did execute on it, so the odds of data recovery succeeding are very low. Just be sure you don't write any data to the drive you're trying to recover data from, or you may permanently prevent data recovery. Always recover data to a different drive than the one you're restoring from. Guest accounts are fairly normal, at least in Windows. It's possible the account is there on your NAS merely for proper Windows networking support, since Windows will expect it to be there. I don't know if there will be any side effects to disabling it, however you may want to contact Synology to ask them. EXE files are Windows executables, and can't run on Linux without some sort of API wrapper or emulator (such as Wine). If something was copied to the NAS and executed, then some sort of script would be more likely. Is it possible that these files were unrelated to the ransomware? EXE files wouldn't be able to run on a Linux-based NAS without assistance, and Linux executables usually name no file extension.
  13. The issue went away for me the same fashion. Before it happened I did reboot my system a few times and every single time it reoccurred. Not sure why and how the problem got resolved but everything appears to be fine now
  14. Is it still too large if you set your DPI scaling to 100%, and then restart the computer? The Emsisoft Anti-Malware window should fit a 1024x768 resolution screen with DPI scaling set to 100%, and that's smaller than 1280x1024 so it should fit your screen as well.
  15. Hallo KlausOtto, frag doch einfach mal bei Emsisoft nach, ob Du die bereits vorhandene Lizenz für Windows um eine Mobilsecurity-Lizenz erweitern kannst. Normalerweise sind die Mitarbeiter von Emsisoft sehr flexibel bei Sonderwünschen. 😊
  16. Danke, Optimist, Schade, meine Lizenz läuft für EAM (PC) noch 190 Tage. Separat wird's ja wohl teurer. Klaus
  17. Hi @Marshall, Glad it worked for you, Take care, Steen
  18. Die Lizenz für Emsisoft Mobile Security kann zusammen mit einer Lizenz für Windows erworben werden. Hier kannst du die Preise anzeigen lassen: https://www.emsisoft.com/de/pricing/
  19. Ist in der Lizenz von EAM auch Emsisoft Mobile Security enthalten? wenn nein, wie teuer? Klaus
  20. @pmarty @xfifi What I notice is that none of the .exe files of the attacked drives/partitions were encrypted, and thus exe-files do not have the ‘.nampohyu’ extensions. They still are regular executable files and are not encrypted. I wonder if you could affirm this observation? Further, I have found the infected executables by a virus on very unexpected directories, including the recycle bin, as well as that not all executables were infected by a virus. There is no logic (to me) in the directories to search for. But when you use windows-explore you should be able to search all the sub-directories. You also could check if there were more drives/partitions infected. In my case they attacked 4 drives/partitions and leave 6 drives/partitions unchanged, I assume that they had no access to the other drives/partitions.
  21. Hi Charlie, yes, but that will be changed in a next EAM version. Yes, we will provide 2 easy ways to connect existing installs. One thing i need to stress is that a workspace must be seen as a customer area. That means that you can connect the devices of 1 customer to 1 workspace. You will have to contact our sales team to split your existing key into keys per customer. For security and permission related reasons, the architecture of the Cloud Console allows one license per workspace/customer. please note that Cloud Console is in beta stage, so bugs are expected. We will check and fix when needed. thanks ! Thanks
  22. For me, there is no .exe files for this virus. It's an intrusion from a remote script executed by the hackers. Samba server or FTP vulnerability via the Guest user in Synology.
  23. @Albert-S I can't find strange .exe files on My Synology NAS which where affected by .NamPoHyu virus Can you give some filenames or directories which I can search for with more accuracy? Thanks for your feedback about the Synology recovering possibility, what a pity...
  24. Hi @Razz Again thanks. I can add "MVPS HOSTS" in µBlock Origin without subscribing...
  25. Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  26. Hi @Razz Thanks for the explanations☺️ What is the difference between "MVPS HOSTS" and "MVPS Hosts (Domains)" ?
  27. It appears that the “.NamPoHyu” ransomware is often attacking Synology NAS systems. This comment therefore is only related to Synology NAS systems. 1. Regular data-recovery is a no go: decryption is the only way to restore data! As GT500 said the chances for regular data recovery are already very low, since it is more likely that the data is overwritten than it has been copied. However in this case regular data recovery software does not allow you to access the NAS drives directly. Therefore, the following has been suggested: I have contacted the Synology helpdesk and the bad news is that the disk format is ext4 or BTRFS which a regular PC can't read. Moreover, for the Synology system no data recovery software exist that can recover files or folders. 2. Block the guest - account I have good reasons to assume that the guest-account on the system is a potential problem. I therefore recommend the following: Enter the configuration screen, open Users, select Guest, edit, select: switch off this account immediately & do it directly (no delay). Basically I believe you don’t want unknown ‘guests’ on your NAS. If you have other accounts you working with and you are logged in by one of those accounts, I suggest you do the same with the admin account, too. For more info on NAS check this forum too.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up