All Activity

This stream auto-updates     

  1. Past hour
  2. Hello MartinB, All active antivirus can potentially fight with other active antivirus, and Emsisoft Anti-Malware is no exception. Often it will run alongside others with no trouble, but sometimes it cannot. Again though, that applies to all active antivirus products. Do you have software such as Repairtech's Syncro or Kabuto on any of these computers? Those are MSP (managed service provider) programs that can and often are configured to install and maintain software such as ours. Those two in specific are often used for Emsisoft Anti-Malware installation and maintenance. If for example you'd signed up for remote management service, that could have come as part of the package. Without knowing more of the situation, I can only make guesses such as that one. Emsisoft Anti-Malware has never to my knowledge been 'maliciously' installed. I'm not sure what the point would be, since it is designed to be cleanly uninstalled, has a free trial, and is designed to fight malware rather than be malware. If it keeps reinstalling itself though, that is a hallmark of MSP software activity. If you'd like, email me at [email protected], and I can help you dig a bit without risking sensitive information from any of the computers is posted on the public forum.
  3. About a week ago, Emsisoft just appeared on some of our work computers. I did not install it. I have also uninstalled it on a few of the computers but it keeps re-installing itself. To me, that is a sign of malware. Prior to this, I had never heard of this software which claims to be an anti-malware application itself. My research says the application is a legitimate piece of software, but it is sure acting like malware to me. My research also states that Emsisoft fights with other anti-virus programs. I need to know where it came from and how to get rid of it completely. It has slowed down some but not all of the computers it has appeared on making them nearly useless.
  4. Today
  5. My PC is infected with Nelasod. I use Emsisoft Descryptor and appear this message... Error: Unable to decrypt file with ID You can see
  6. This program does not need forced administrator rights. You should check your PC for malware and reset Group Policy rights if they were installed without your knowledge.
  7. [The alerts themselves are the sort described in thread: https://support.emsisoft.com/topic/31039-firefox-blocked-by-emsisoft-behavior-blocker/ I've sent debug logs to GT500.]
  8. I've just had lots of Firefox BB alerts just after Firefox updated to v70. The odd thing about this is that FF seemed to be working ok. I have a feeling that it was trying to download a fresh version, not of FF itself, but one of the supplied addons. I'm about to PM a link to debug logs, to @GT500
  9. Win 8.1 64bit, EAM 2019.9.0.9753 I've just updated Firefox to V70 and am getting BB alerts, don't know why yet. Wondering if the alert panel might tell me something useful I clicked on its View Details arrow, which was not helpful. I don't know whether there's no info to be shown (in which case, why was 'View Details' offered?), or what. See screenshots of (a) the pane offering 'View Details' - https://www.dropbox.com/s/p2uihzscpt3bfzr/20191023 EAM BB - ViewDetails 1.jpg?dl=0 and (b) what clicking that then displayed https://www.dropbox.com/s/r6cufh03hhuyup6/20191023 EAM BB - ViewDetails 2.jpg?dl=0
  10. I'm not generally told when new keys are found and added to such a database, however I don't expect that our malware analysts would have had a chance to add many new keys. Some Anti-Virus software may terminate it, or cause it to fail to execute.
  11. Yesterday
  12. Confirmed. It was first seen on ID Ransomware on October 21st. Since it's new, it will be using a secure form of RSA encryption, so the decrypter will be useless.
  13. I think that's a new variant, which won't be possible to decrypt. I'll ask for confirmation.
  14. We may not have the offline key for the .bufas variant. In that case, you'll need to follow the instructions in the BleepingComputer article for submitting proper file pairs so that the decryption service can figure out how to decrypt your files. https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
  15. I've forwarded your download link to the analyst who made the decrypter, and I'll let you know once he's had a chance to take a look at them.
  16. Ok, but have there been keys added since May for the MegaLocker tool? *EDIT* Just tried to to run "decrypt_MegaLocker.exe" as admin but it wont start...? Im on Win 10 PRO 64Bit . Version 1809 OS-Version 17763.805 Any ideas ?
  17. I got all my files encrypted with ransomeware. Your system says its STOP Dyju, but its failing to decrypt. The files end in .WERD
  18. dear @GT500 the results still can't be encripted
  19. Last week
  20. The decryption tool needs a connection to the Internet in order to function. That being said, the only way the decrypter will work for the .leto variant is if the ransomware was not able to connect to its command and control server when it encrypted your files. If this is the case, then we can tell from the ID in the ransom notes (it will usually end with "t1" if it's an offline ID). Traducción proporcionada por Google: La herramienta de descifrado necesita una conexión a Internet para funcionar. Dicho esto, la única forma en que el descifrador funcionará para la variante .leto es si el ransomware no pudo conectarse a su servidor de comando y control cuando cifró sus archivos. Si este es el caso, entonces podemos deducir de la ID en las notas de rescate (generalmente terminará con "t1" si es una ID fuera de línea).
  21. Without being able to supply file pairs (an encrypted file, and an unencrypted original copy of the same file) it will more than likely be impossible to decrypt your files.
  22. The .bora variant of STOP/Djvu is one of the newer variants that uses RSA encryption. The decrypter only supports offline ID's for newer variants of STOP/Djvu (offline means it wasn't able to connect to its command and control servers), however your ID is an online ID (meaning the ransomware was able to connect to its command and control servers and generate a unique encryption key for your files) so the decrypter will not be able to decrypt your files.
  23. If you have a file pair that's too big, you can ZIP the files and share them with us via a file sharing service (Mega, MediaFire, Zippyshare, etc). Send the download link in a private message, and feel free to use a password when zipping the files, or if the file sharing service allows it then when uploading the file (Mega should allow encrypting files with a password, however I'm not certain if that feature is available for free). If you don't already have an archive manager, then you can use 7-Zip or WinRAR. Once installed, you can right-click on a file and there will be options to compress files with them. We can open any archive format that these tools can create (ZIP, 7z, RAR, etc).
  24. I've forwarded your message and your link for debug logs to QA.
  25. .werd - this is new variant of STOP Ransomware At the moment, the new decryptor does not support new variants for which keys and decryption methods are not found. Perhaps this will change soon.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up