Leaderboard


Popular Content

Showing content with the highest reputation since 09/16/19 in all areas

  1. 1 point
    Hi, been months, any news for my key ? Thanks !
  2. 1 point
    The GUI in EAM doesn't display how many days remain on your license key when you have a subscription license (this type of license key isn't considered to have an expiration date since it will auto-renew). You should be able to see when it will automatically renew in My.Emsisoft.
  3. 1 point
    that's good to know - thanks all we need now is an option to opt-out of an auto-renew subscription on the licence payment page.......
  4. 1 point
    And... if you don't want the auto-subscription (many of us don't) you can get it changed back to one with an expiry date, by emailing [email protected] and asking them to make the change. I don't know yet whether we're all going to have to make that request every single year...
  5. 1 point
    It looks as if you have a subscription licence that will auto-renew when the licence expires, hence why it shows 'abonnement' under status. What does it show on the overview screen ? My licence is a fixed 1-year licence and the overview screen shows that my licence ends in 189 days. I don't know if you're able to do this, but if I hover the mouse over the '189 days' green text, the tooltip shows the licence end date - perhaps yours just shows 'abonnement' ? Failing that, as your licence is a subscription, maybe you can determine when it's due for renewal by checking the email that you would have received when you ordered it ?
  6. 1 point
    Malware scans look for files whose contents are known/suspected to indicate that they are malicious. On the other hand the Behaviour Blocker looks at what a program/file seems to be doing /once it is actually running/. A file can look innocent to a malware scan but once run do something that might be suspicious. In your case the BB is telling you that lots and lots of installs are being attempted. The BB alerts are all because a "hidden installation" is being attempted, that is, an "MSI" file (which is a standard Microsoft installer file) is being run. Maybe the file you downloaded was named "something.msi". If so, it is not itself executable, but is read and processed by the parts of Windows that understand MSI files. It looks as if either this particular .MSI file first unpacks itself to create many temporary files, named MSIxxxx.tmp, then uses those, or - as you say, maybe downloads a set of MSIxxxx.tmp file and uses them. Either way, the sheer quantity of them is - perhaps - dubious. If any program in Windows wants to create a temporary file - perhaps by unzipping or unpacking a container of files, (or by downloading some) - it is likely to put them in a folder whose purpose is to hold temporary files. Its name depends on the version of Windows you are running and your userid. It has a symbolic name TEMP (or %TEMP%) so that programs can refer to it without knowing what its full name is on your system. If you open a file explorer window, then put the caret in the file/folder-name area at the top (which looks a bit like a URL bar in a browser) and type %TEMP% and hit enter, the temporary files folder for your userid will be opened. On my W8.1 system, if my userid was Fred, it would be named: "C:\Users\Fred\AppData\Local\Temp" There are other temporary file folders in Windows... If an installer running under an Admin id (ie with UAC permission) creates temporary files they will probably be put in a different folder - a similar folder name but instead of the "Fred" but it'll be the Admin id's name there, eg "C:\Users\TheNameOfTheAdminId\AppData\Local\Temp". I am not sure that it's safe for you to try to exclude some folders from monitoring by the behaviour blocker; it might be a way to reduce or stop these alerts, but done incautiously it can also stop alerts coming from any malicious software that's also managed to come to roost in that folder - and it's a very likely folder for iffy things to end up in.
  7. 1 point
    Ah, the word "actual" has many meanings, depending on the language into which it is translated. It will be necessary to take this into account. I meant "The most modern at the moment.". But the values, that you wrote, I also like and I agree with you.
  8. 1 point
  9. 1 point
    This is format of extension which is used Phobos Ransomware At the beginning of the topic was Scarab Ransomware, which from that day began to use the extension .Adame. To our regret, there are no free decryption methods for Phobos, and only ransomware has a paid decryptor.
  10. 1 point
    Mahlzeit! Ist die Beteiligung von Emsisoft im deutschsprachigem Teil dieses Forums eingestellt worden? Es gibt keine qualifizierten Antworten mehr. Wo ist @Thomas Ott abgeblieben? Erstklassiger Support sah mal anders aus.. 😢
  11. 1 point
    DrWeb can decrypt when a offline key was used in new versions (should be 't1' at the end of ID). This is in the ID of @KUW77
  12. 1 point
    See here for hotfix https://adguard.com/en/versions/windows/beta.html#version-722936
  13. 1 point
    Здравствуйте, Попробуйте, пожалуйста, с включенным и отключенным брэндмауэром, если конечно вы это еще не пробовали. т.к. Я видела на скриншотах, что вы прислали включенный полностью брэндмауэр и частично включенный. Также нам понядобятся дебаг логи. 1. Откройте, пожалуйста, саму программу Emsisoft. 2. Слева в меню выберите "Настройки" 3. Перейдите на вкладку "Прочие" 4. Внизу данного блока найдите самую последнюю строку "Расширенное ведение отчётов". Выберите "Включить на 1 день". 5. Перейдите в главное меню, для этого слева в меню выберите "Обзор" (значок "Домик") или просто закройте окно Emsisoft. 6. Воспроизведите проблему, с которой Вы столкнулись, пару раз. Ошибка обязательно должна появиться, чтобы зафиксироваться в логах, иначе в них нет смысла. 6. После этого зайдите в папку c:\programdata\emsisoft\logs\, соберите все логи в этой папке и пришлите их мне в личные сообщения. 7. Поскольку расширенное ведение отчётов может замедлять работу приложения, то можно отключить его работу вручную сразу после сбора логов. Или через день программа сама отключит эту опцию (в случае, если Вы выбрали вариант "Включить на 1 день"). Также FRST логи будут крайне полезны: Вы можете загрузить программу Farbar Recovery Scan Tool (FRST) перейдя по следующей ссылке https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Примечание: Вам нужно загрузить версию, совместимую с Вашей операционной системой. 1. Загрузите совместимую версию FRST и запустите программу. 2. Когда она откроется, нажмите "Yes", чтобы продолжить работу. 3. Убедитесь, что внизу справа стоит галочка для "Addition.txt". 4. Нажмите кнопку "Scan". 5. Дождитесь завершения процесса. 6. Когда сканирование завершится, оно сохранит логи в текстовом документе под названием "FRST" в том же месте, откуда Вы запускали программу (если Вы сохранили FRST на своем Рабочем столе, то и лог "FRST" будет сохранен нам же). 7. Прикрепите файл лога "FRST" в ответ на это сообщение. 8. В той же папке будет лог "Addition". Прикрепите этот файл тожет и отправте мне в личные сообщения
  14. 1 point
    Perhaps this is the only chance to return some of their files. You can add this links to the sample on the VT website in the ticket. DrWeb experts will gain access to it through an affiliate program. https://www.virustotal.com/gui/file/5106d847e6fecd52295ab7e01ce2e7525e3107f6a2d4dd3fc2956a8db970e799/detection https://www.vmray.com/analyses/5106d847e6fe/report/overview.html
  15. 1 point
    DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  16. 1 point
    In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\
  17. 1 point
    Most ransomwares will automatically delete themselves after they finish encrypting files, but some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best practice to check and make sure that no such components have been left behind, so we recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (just attach the log files FRST saves to your message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  18. 1 point
    Hello @Mido This is the result of the STOP-Djvu Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Extension .kvag - this is new variant of STOP Ransomware. Until recently, it was possible to collect some information and add it to STOP-Decrypter. Now this does not help. We expect changes in the decryption method. But so far there is no such news and the victims remain with encrypted files. I repeat, there is no way to decrypt files yet. Any site that offers decryption for this variant may be a scam site. Be careful.
  19. 1 point
    Please upload a copy of the ransom note and an encrypted file here and post back with the result. https://id-ransomware.malwarehunterteam.com
  20. 1 point
    It would be great if you guys at Emsisoft could find a way to allow the deletion of the EEK folder after the program being used. Thank you.
  21. 0 points
    I deleted one of your screenshots, since it had an e-mail address in it. That's because you abused our referral program to extend free trials into multi-year license keys (seriously, one of your screenshots shows 358,042 days, which is 980.9 years?)... Now I haven't seen your account, and am just going off of the content of the reply you were sent via e-mail when I say that you abused the referral system. That being said, you should know that our system does make it fairly easy to tell the difference between real referrals and abuse of the referral system, so whoever replied to you was more than likely correct.
  • Who's Online   0 Members, 0 Anonymous, 31 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up