All Activity

This stream auto-updates     

  1. Past hour
  2. "Run it now. The offline key for the .covm variant has been recovered by Emsisoft. " After I have seen this I runned the program. I´m infected with the variant of .covm. Why isn´t working?
  3. After I run the dercyptor, it shows the message: No key for New Variant online ID: xbjvwGxYwjexkYQcffstv33UYNH5YHeyir53tgdo Notice: this ID appears to be an online ID, decryption is impossible Please help!!
  4. Today
  5. Hello all! I tried on a laptop - disabled Core Isolation. Crash problem (a2guard.exe) - persisted 🙄 (when the notification about removable devices is On) If notifications are turned Off, there is no crash. Of course, I'm not an expert, but, probably, the reason is really in Sciter ( modern UI Development) - after all, only this NEW one appeared in EAM? https://sciter.com/ p.s. For the sake of the experiment: I turned On the Core Isolation on a stationary computer - there is no crash of a2guard.exe. This is evidence that this Windows setting has nothing to do with it! However, it is incomprehensible - notifications about removabledevice are included On a stationary computer - but there is no crash ... It seems this is some kind of local EAM problem on my LAPTOP😔
  6. Yes, I meant Emsisoft Anti-Malware Wonder why Emsisoft has not moved Emsisoft Anti-Malware heavy lifting to the cloud. Just me. Thank you
  7. A little feature request: It would be nice if the cloud console remembered the sorting order of its list view as well as the number of devices displayed per screen (25, 50 or 100) that was last chosen by the user. 🙂 Best regards Raynor
  8. Hello! Exactly this is something new at EAM! Because BEFORE the EAM update (Sciter) (2020.6) - I had NO problems with the crash of a2guard.exe😒 Ok, I’ll try to turn off isolation and look at the crash problem. Then can you turn Core Isolation back On without harming the system? p.s. EAM has been working for me for a whole year (!) with Core Isolation turned On without crash problems. So, the reason, most likely, is not in this setting of Windows, but with a new element in EAM😌 Agree, this is a logical argument?
  9. when you suggested to check if there any other Anti-virus service active, that time I disabled the protection and then did a fresh install of EMSISOFT.
  10. Just run the decrypter. It will tell you your ID, whether it is online or offline, and whether or not your files can be decrypted.
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  13. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  14. An "online key" refers to a pair of private and public keys that were generated by the ransomware's command and control server. Many ransomwares use this same strategy to ensure that victims can't get their hands on the private key in order to ensure that they can't decrypt their files for free or get help from anyone else. The only reason we use the terms "online" and "offline" in regards to the ID's and keys used by STOP/Djvu is due to the fact that the ransomware has a built-in ID and public key to be used for encrypting files when it can't connect to its command and control servers, which is why we refer to them as "offline".
  15. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. Apparently it was suggested to QA already, and they've made a note of it.
  18. That reminds me, the Windows Security Center isn't installed on server editions of Windows by default, so Windows Defender may not be shutting off when Emsisoft Anti-Malware is installed and active. You may need to disable Windows Defender manually, or add an exclusion to Windows Defender for Emsisoft Anti-Malware's EXE files to prevent issues. I'll check with QA about that.
  19. Behavioral detection (that is detection based entirely on an unknown program's behavior rather than static or heuristic signatures in a database) is governed by a series of rules that are stored locally, and supplemented by a cloud network that uses multiple sources of data to try to reduce false positives and increase quality of detections. EAM also uses traditional Anti-Virus technology where a local threat database with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. This database is updated periodically (once every hour by default) to ensure detection of the latest threats. Partially. We use two Anti-Virus engines (one made by us, and one made by BitDefender) and each has its own database. If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.
  20. thanks but ... Where should I look for the id that you said?
  21. The Behavior Blocker is capable of producing a significant number of notifications in rapid succession. They have to be contained to prevent blocking too much screen real estate, otherwise they become too much of a nuisance. Currently we handle that by only allowing a single notification on the screen at a time. Also, in this case, as soon as EAM receives information from our servers about the process being queried, the notification that it's looking up the reputation becomes irrelevant since EAM is done doing that and is ready to tell you what it found. That's why the notification changes immediately instead of waiting for its normal timeout period. This was the result:
  22. It could be related to the new version of Sciter (the framework we use to build EAM's UI) we updated to in EAM 2020.6. When we do that, there's always the possibility of new UI related bugs, and the content of the notifications is displayed using Sciter just like everything else in the UI. My assumption would be that it probably isn't, however we haven't tested this recently so I can't know for certain. If you turn it off and restart the computer, does that have any effect on the issue?
  23. Logs from the stable version are unfortunately not going to tell us anything new (we already have those logs from our own systems that are experiencing this), and we've moved beyond the current stable version in our own testing. Obviously we appreciate the offer to assist us, but right now we need to focus on getting debug information from special testing builds of EAM, and that will go faster if we do it internally as employees with effected workstations can communicate directly with QA and the developers and send them debug info right away when there's need to.
  24. Hmm, lesson learned, for me, not to assume. Had I not read this thread. I would have gone on assuming Emsisoft AM Home is akin to most (to my understanding) device security solutions. So, the optional Antimalware Network is an opinion added to automated detection decision flow. Or, an opinion offered to user for manual detection decision flow. To confirm my now understanding. Analysis occurs locally. Analysis is primarily based on local database using local engines, using local resources with an optional Network (cloud) opinion (somehow) factored in. And the local database is 3rd party? Does Emsisoft detection analysis flow rely, perhaps, more from behavior - heuristic engines. Are there generalities that suggest Emsisoft AM Home detection analysis flow is more or less signature based vs behavior - heuristic - reputation based. Again, not sure why I just assumed that the heavy lifting was not done locally...any more. I assumed the evolution of all security solutions had moved their heavy lifting to the cloud. Just me. Thank you.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up