All Activity

This stream auto-updates     

  1. Past hour
  2. I just heard from one of our malware analysts that this is a new ransomware, and that we're actively looking for a copy of it so that we can analyze it. If you happen to know how your computer became infected, then let us know.
  3. Today
  4. I ran it through ID Ransomware, and I suspect it misidentified it. I've asked our malware analysts for more information.
  5. You're welcome. If you need any help with the instructions, then let me know. If you'd prefer to post your ID and MAC address on BleepingComputer as mentioned in the instructions, then feel free to do so.
  6. I just did some testing, and I wasn't able to get this option to work. I even tried manually adding the compatibility flag to the registry, and that didn't work either. When adding it to the user registry hive Windows would automatically delete it when restarting the computer, and while it wouldn't be deleted when adding it to the system registry hive it also didn't have any effect on Emsisoft Anti-Malware. Unfortunately it doesn't look like there's any way to scale the window down unless you reduce DPI globally. Windows isn't designed to allow DPI scaling on a per-application basis.
  7. Yesterday
  8. Any possibility of debug logs? The option is in advanced settings now, in case you aren't already aware that it's been moved.
  9. Thanks for all the answers. It did help me forward, though I did not worked on the linux programs yet. I however succeeded to restore some files by screening other backup’s on the post-content after the first 64kB of a file and comparing it with the .nampohyu files. I also succeeded to ‘repair’ a database by exchanging the first 64kB with an older version uncorrupted access-file. Note that this is a dirty way to repair, but after that I was able to copy the table content to other clean database, so I was lucky that it works. Anyway, as others I will look forward to a decryption-tool (the real solution) in future. If there is any information required for that, I believe we all are happy to give input. What I noticed is that only (the first part of) files with an specific extension had been encrypted. These extensions include: ‘pdf’, ‘jpg’, ‘doc/docx’, ‘xls/xlsx’ etc, it however does not include the extension: ‘exe’, ‘gif’, ‘html’, ‘png’, etc. Also files smaller than 16 bytes/128 bit (thus extremely small) are not encrypted. This logic is consistent to all what I have observed. Regarding the executable I was thinking that the exe-files have been infected by the attacker (using Samba by copying files) and inside this files, which could be triggered by the user itself there could be a code which created and started a separate process in the linux environment of the NAS itself (DSM). This could make sense if the attacker is not able to create or start directly a process which can be executed in the DSM.
  10. All my windows server 2012 is encrypted,, I need help for decrypt it Thank You
  11. Thanks Frank, your reply was very helpful. Cheers! Raynor
  12. I spoke too soon. I thought that I would just drag the screen around until I could see what I needed to see but now, this screen is so big, there isn't room to drag it around enough. It had been working before now. Would it be too much to take you up on your offer to write instructions to use the Compatibility Administrator tool? I looked it over and some of it sounds so complicated. If you don't mind, I would really appreciate it and this way, I can print out your instructions and then follow them. If it's too much trouble, please don't do it. I hate to be so much trouble to people.
  13. Michael (dev of ID Ransomware) has already received a message from me and a link to this topic and has already tweeted.
  14. yes, then I will send them there then and thank you very much.
  15. yes the anti-virus i have been using was advance system care but my validity had ended two weeks ago i will be sure to change it, and do please look up a solution about it thank you very much
  16. My server files are encrypted with ransomware and file extension has been renamed to .eztop how_to_back_files.html po611000PODetailsByVendorWithCost.rpx.eztop
  17. Your use case is rare. Most enterprises have multiple groups. To avoid users to not make changes on Workspace level by error, we decided to jump to the 'new computers' group by default, like in Emsisoft Enterprise Console. Sure. Please note that Emsisoft Cloud Console is a first beta, bugs and missing features exist. We are working hard to improve step by step. With this setting you can instruct Emsisoft Anti-Malware to not scan certain registry settings, as they are commonly used by system administrators: example: "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system", "DisableTaskMgr" This is by design. A License can be linked to a users OR Workspace. Users cannot delete Workspaces yet. We understand that you now mis certain info related to seat usage, for example,. In a near future ECC release we will improve this,l ike showing the devices that use the same license but have not been connected (yet). I hope this helps.
  18. If this happened not the same day, then by the date of the files change you can determine the days of the attack. Analysis of the date of the attack can help identify the weak link (who was working at the PC?) and properly configure the PC protection for the future. If at the PC working you only, then you need to install a complex anti-virus product (e.g. Internet security at 1 month trial) in order to remove the remaining virus files and protect the PC from new attacks. If there is unnamed anti-virus on your PC and no one has been disabled it before the attack, then you need to get rid of it, as soon as possible. AV protection that cannot protect user's files from attacks from outside and even from his wrong actions and from illegitimate programs does not have the right to be on this PC.
  19. Hello. It is a pity that such a thing happened. Instructions with your files.txt - is a note from Paradise Ransomware The extension _c3tfsp_{[email protected]}.sambo added by Paradise Ransomware UQSNORZLPD-MANUAL.txt - is a note from GandCrab 5.2 Ransomware The extension with 10 characters - .uqsnorzlpd - added by GandCrab 5.2 Ransomware Looking at the screenshots I can see that first your files were encrypted by Paradise Ransomware, and then the files were encrypted by GandCrab 5.2 Ransomware
  20. Hello. It is a pity that such a thing happened. I can look at these files, but I cannot download attachments from your message. Send to two these ransom notes and give us the download link. And please replace the two non-informative encrypted ini-files to with txt, doc, jpg, png files.
  21. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: You can paste a link to the results into a reply if you would like one of our experts to review them.
  22. I request for your aid in the suggestion of what should I do since my pc has been affected by ransomware that I don't know. Please kindly give me some advice on what should i use to recover my files. They changed all my picture and videos into this format here are some pictures sample
  23. Last week
  24. Auch hier fehlen temporär die Datums- und Uhrzeiten. Browser Firefox und Browser Iron (Chrome) sind da identisch. Und es macht keinen Unterschied ob ich angemeldet bin oder nicht.
  25. Ich habe hier einen Treiber, ist das Malware und wenn ja, was richtet der an?
  26. Could I get a quick reply on my two little questions please ☺️🤗 By the way: I have noticed that workspaces cannot be deleted. I assume this feature will be added later? Thanks! Raynor
  1. Load more activity
  • Who's Online   0 Members, 0 Anonymous, 35 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up