Popular Content

Showing content with the highest reputation since 28. May 2017 in all areas

  1. 5 points
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  2. 2 points
    Hello to you all, l don't know how some of you are going to react to my post but the end is what matters. On Friday morning we (company) where infected from the Cry36 Virus(Ransom). Our Server 2008R2 was with anti-virus and with Windows Update.. up to date.. At the time we had a external Hard drive connected to the server (the only one we had) since we didn't have a duplicate due the second one failed on us. Due to hard times here in Greece we thought that one hard drive was enough. Since our server was under repair with a raid problem we had an live backup. All our files where encrypted.. Most you will probably understand. We called local Police, Internet Crime Center Greece and Interpol. We had support for a number o techs, antivirus profs in Greece and around the world. We had no choice but to gamble with the hackers. They asked for $800 in bit coin. We had nearly every day email exchange with them. The process to obtain bit coin was a long and stressing time. The amount of money we where loosing day by day was nightmare. After 8 days we had the bit coin, we transferred them to the people responsible and in 15min we had the unlock.exe we our ID and a password from Greece to US. They even gave us instructions and warnings not to damage the files. We got all our files back!!!!!!!!!!!!!! Yes we did the wrong thing and payed. In the end we lost a lot of money and lived 10 days of hell!!!!! The virus was infected from a personal email...
  3. 2 points
    Ah, I see everyone already saw the stable build. You're welcome.
  4. 1 point
    Emsisoft products are worth every penny, but nowdays it is so much more expensive here compared to other solutions like Kaspersky, ESET and Symantec products. For example Emsisoft Anti-Malware costs R$ 71.17 while Kaspersky is just R$ 19,90 (digital download) and ESET NOD32 is R$ 23,00 (digital download). I dont know if Brazil is a important market for Emsisoft, but the price is a problem for us. I think the price is just take of directly converting the value in dollar and applying a discount, but it isnt enough because brazilian currency ("Real") is so undervalued nowdays. Many security and streaming companies doesnt do a direct dollar convertion, they use a regional price and I think Emsisoft could do that too.
  5. 1 point
    Why would we want to get tested in an anti-exploit test if we don't offer or advertise anti-exploit features? If they used live real world malware for their tests, we wouldn't have minded. But in general, we don't see a point in participating in tests that use custom-made malware. That's one of the reasons we dropped out of MRG as well. There is enough bad stuff out there already. There is no point in artificially adding to the pile.
  6. 1 point
    Dopóki nie zostanie wydana wersja stabilna, sugeruję Panu pozostanie przy wersji Beta, by nie pozostawać bez aktywnej ochrony.
  7. 1 point
  8. 1 point
    You can try this decrypter: http://media.kaspersky.com/utilities/VirusUtilities/EN/rakhnidecryptor.zip Kaspersky got their hands on some of the keys for Cry36/Nemesis. So that may work. Make sure the version is or later.
  9. 1 point
    Can you please upload the ransom note and one encrypted file to https://id-ransomware.malwarehunterteam.com and post the result link here? Thanks.
  10. 1 point
    Ich muss nochmal ein bereits früher angesprochenes Thema aufgreifen: die Option "Speicherverbrauch-Optimierung". Es gab schonmal eine Diskussion zur Funktion und dem Sinn dahinter und selbst heute habe ich es noch immer nicht ganz verstanden und auch die Erklärung in der Hilfedatei ist ziemlich verwirrend. Denn da steht: Nun habe ich es eben gerade nochmal ausprobiert: bei mir verhält es sich genau andersrum. Bei aktivierter "Speicherverbrauch-Optimierung" belegt mein a2service.exe im Arbeitsspeicher etwa 540MB, bei deaktivierter "Speicherverbrauch-Optimierung" belegt mein a2service.exe im Arbeitsspeicher etwa 330MB. Benötigt man diese Option eigentlich wirklich? Wäre es nicht sinnvoller, EAM bzw. EIS bei genügend freiem Arbeitsspeicher automatisch entscheiden zu lassen, Daten auszulagern?
  11. 1 point
    Guten Tag, Es handelt sich dabei nicht nur um die Frage ab wann Dateien ausgelagert werden (das übernimmt Windows zum Beispiel auch automatisch wenn der Speicherplatz knapp wird) sondern auch darum wie das Caching von Signatur-Dateien gehandhabt wird. Da wir ja zwei Scanner-Engines nutzen, gibt es die Möglichkeit die Signaturen von entweder der einen Engine oder der anderen zu cachen. Die eine kann die Dateien auslagern, ist aber insgesamt nicht ganz so schnell. Die andere ist schneller, cached dafür alles im RAM. Ist die Speicher-Optimierung aus, so sind alle Signaturen in der Auslagerungsdatei und werden nur geladen, wenn Sie gebraucht werden. Das heißt jedoch, dass wenn diese Dateien gebraucht werden die Speicherauslastung in die Höhe schnellt (auch höher als mit der anderen Methode) und die Festplattenauslastung ebenso. Es kann also sein, dass die Werte verglichen wurden während die Dateien im RAM lagen. Da die meisten Rechner heutzutage mehr als genug RAM haben, ist die Option per default deaktiviert, da es die schnellere Variante ist. Mit freundlichen Grüßen Kathrin
  12. 1 point
    Thanks hjlbx. I guess I will try to install the update after a fresh os install offline then and see if that works, that was my next guess but have a bunch of stuff reinstalled on this now, thinking support here would have a bright idea and I wouldn't have to reinstall windows 3 times to get my virus software to work! But as stands after 5 years with emsisoft on 5 + pc's and multiple devices for my self and countless other recommendations to people, I wont be renewing with the current support for this issue.. It always erked me that if I forgot to download the none standard patch after setting up a new pc, it would go to the boot loop and hang issue if I was putting this on a windows 7 box for people, but the product and support out weighed the inconvenience. but right now I have to go even further out of my way to install this software by the looks of things, on what is still the best "microsoft update supported" available windows operating system, don't try to force me to use windows 10. you guys really need to come together with Microsoft to get your product to work out of the box. because if you put all your eggs in one basket getting your software to work for just windows 10, I'm afraid I got bad news for you guys. they are always making another piece of crap os version to out do the last and they use it for years while they fix the next piece of crap they release. I miss online armor and the old virus software you guys had.
  13. 1 point
    We don't kill it outright. But in most circumstances, if a file looks fishy and does things that a normal application shouldn't do, we will offer you to quarantine it when it touches your documents, yes.
  14. 1 point
    @xeon I should have already sent you instructions on using installing our test fix for this (if you would like to try it). @Acadia (or anyone else as well) please feel free to send me Private Message if you would also like to try the test fix, and I can send you instructions as well.
  15. 1 point
    We don't protect specific folders. We already protect all documents no matter where they are located.
  16. 1 point
    Das ist doch aber nicht zwingend... Obwohl ich mit der von Dir nochmal hochgeholten Speicherbelegungsproblematik auch immer noch unzufrieden bin möchte ich die mit rauchenden Köpfen programmierenden EMSI Mitarbeiter nicht so stetig mit - ich nenn's mal Belanglosigkeiten - nerven. Weil die Wichtigeres zu tun haben als eine Textzeile in der Maske zu verkürzen. Natürlich ist auch das nicht unerheblich, wenn die Konkurrenz das Erscheinungsbild höher gewichtet dann springen da sicher Leute drauf an - die EMSI folglich als Kunden fehlen. Ich persönlich fahre aber lieber einen Bentley mit Lackschäden als einen Golf mit perfekter Bilderbuchoptik. Und wenn ich mir hier in dieser Rubrik die Masse der Posts ansehe, die sich mit nicht perfektem Erscheinungsbild befassen, dann befürchte ich, daß die zur Korrektur dieser Mäkeleien aufgewandten Kräfte an anderer Stelle dringender gebraucht werden. Ich bin ja durchaus Deiner Meinung, daß auch solche Kleinigkeiten behoben werden sollten - aber ich räume den hier werkelnden IT-Leuten wohl mehr Zeit ein für das Aufhübschen - immerhin erhalte ich ziemlich viele Upgrades, die auch diese Fehlerchen im Blick haben. Aber vielleicht überschätze ich auch den Druck, den wir hier ausüben. Würde mich freuen.
  17. 1 point
    I used Emsisoft Anti-Malware a couple of years ago then got tired of having to submit daily FPs and till wait they're whitelisted, the amount of FPs was annoying me and I got tired and ditched EAM completely. Fast Forward to today, I recently upgraded my SyncBack Pro license from v7 to v8 and they gave me a free 1 year license for EAM so I thought of trying it again. It is very light, the user interface is very intuitive, and I got 0 false positives, literally 0! I also love the fact that it has PUP detection which a lot of AVs don't! And although it blocks malicious sites (I guess it has an HTTP Scanner), it doesn't slow my internet or browsing speed like ESET's NOD32 did for me. Well what do you know, I got tempted by the renewal discount and I ended up renewing / extending my license for 15 PCs until 2030! No more having to worry about AV subscriptions for a looooooooong time. Huge shoutout to the Emsisoft Team and I hope 2BrightSparks (the author of SyncBack) continues to have such nice offers, if it weren't for them offering me this free license, I wouldn't have been tempted to try EAM again.
  18. 1 point
    It would remove it from the computer it is currently activated on, however it would not remove the computer from the license information in the License Center. Removing a computer from the license information can only be done by activating the license key on another computer (essentially remapping the license to the new computer). Of course, if that same license is still in use on the original computer, then it would get remapped back to that original computer when it checked for updates, and then remapped back to the new computer when it checked for updates. This causes a mapping conflict after it happens 5 times, and locks out the license key for 24 hours, however if Emsisoft Anti-Malware is no longer installed on the old computer (or if the free trial was activated to deactivate the license key as you suggested) then this remapping issue would not happen.
  19. 1 point
  20. 1 point
  21. 1 point
  22. 1 point
    The .blocking variant of BTCWare is not decryptable. I'm afraid they moved onto a fully secure key generator with this version, and it will no longer be able to be broken. You can only restore from backups or pay the ransom. Secure your RDP - use strong passwords, block it from WAN, and use VPN. BTW, Amnesia has nothing to do with BTCWare. Two completely separate ransomware families.
  23. 1 point
    Sehr geehrter Herr Ries, vielen Dank dass Sie unseren Support kontaktiert haben. Der neue Aktivierungscode (= Lizenzschlüssel) wurde in dem Fall dazu verwendet um die bestehende Lizenz welche sich schon auf Ihren Account für Emsisoft Mobile Security befinden sollte zu verlängern. Ich gehe davon aus dass Sie eine weitere 1 Jahres Lizenz für ein Mobilgerät über unsere Webseite erstanden haben, dann sollte Ihr Account nun für 1 Jahr plus die restliche Lizenzzeit der alten Lizenz für ein Mobilgerät gültig sein. Bitte besuchen Sie das Online-Portal für Emsisoft Mobile Security direkt auf der folgenden Seite und melden Sie sich dort mit der Google E-Mail-Adresse an welche Sie für unsere Sicherheits-App verwenden: https://central.emsisoft.com/ Wählen Sie ganz Links unten mit Hilfe der kleinen Flagge Deutsch als Sprache aus (wenn Sie wollen) und klicken Sie bitte danach auf "Meine Geräte" links im Menü. Bitte klicken Sie in der rechten oberen Ecke des Eintrags des alten Mobilgeräts die drei kleinen Punkte und wählen Sie danach "Entfernen" aus um das alte Gerät von Ihrem Account zu entfernen. Am neuen Mobilgerät sollte Emsisoft Mobile Security dann automatisch die Vollversion freigeben. Dies könnte allerdings im schlechtesten Fall bis zu 24 Stunden dauern bis der Lizenzstatus automatisch neu erfragt wird, eine Neuinstallation der App würde die Vollversion sofort wieder freischalten. Ihren Lizenzstatus von Ihrem Account können Sie ebenfalls einsehen wenn Sie im Online-Portal angemeldet sind und dann links im Menü "Meine Abonnements" auswählen. Vielen Dank dass Sie unsere Softwarelösungen verwenden, für weitere Fragen stehe ich gerne zur Verfügung.
  24. 1 point
    Yes, A2CMD can elevate itself correctly now via the UAC. It's still best to run it from an elevated Command Prompt, but if absolutely necessary you can run it without elevation and its UAC popup now works correctly. I did an update and a Quick Scan with A2CMD (both from an unelevated Command Prompt), and it was working OK for me. Are you still having trouble with it?
  25. 1 point
    This is one reason why I stay with Emsisoft. I don't think there's another AV company in the world that is this responsive and doesn't respond to issues by pointing fingers in all other directions, inevitably ending with "reinstall Windows." So thanks, GT500 and devs.
  26. 1 point
    Sorry for the delay in responding ... I did not try disabling self-protection, but it looks like Emsisoft has put out a patch as I'm now able to boot properly without debug logging enabled. (a few reboots so far, that is) Kudos to Emsisoft support for being very responsive.
  27. 1 point
    Yes, thank you for that, I saw that in the change blog and I'm now using the stable edition, did an update, rebooted and all seems good. Pat
  28. 1 point
    That's great news Pat, just wanted to let you all know Emsisoft have the fix out as a 'Stable' release now so if you changed your Update feed to Beta releases you can now set this back to updating to only 'stable' releases to ensure the software does not continue to install any future Beta versions.. (Load Emsisoft --> Settings --> Updates --> Updates Feed = Stable) All the best!
  29. 1 point
    No, I do not work with the development of the decryption tools. However, unless someone that is associated with Emsisoft tells you that a method is safe to use then do not use it. Everything that has been posted by non-Emsisoft personnel, with the exception of Demonslay335, that advice should be ignored. For all, you know it could be the malware author posting misinformation with the intent to cause further damage. Also, I know enough about cryptography to know what was suggested will not work.
  30. 1 point
    Yes you can delete them - delete the oldest ones. Logs should be in: C:\ProgramData\Emsisoft\Logs Names like: a2service_20170205003925(1116).log are named according to the part of the product that created the log (eg "a2service") then the yyyymmddhhmmss date and time they were first created, and the last bit in brackets is (I think) the process id. Just don't try to delete the log(s) that are being written to at the moment.
  31. 1 point
    As much as I tend to dislike defending Microsoft, please keep in mind that Microsoft did wipe out the Koobface worm with their Malicious Software Removal Tool. Keep in mind that it is not intended to act as an anti-virus software, or as a stand-alone removal tool capable of completely cleaning a system. Comparing it to such tools is pointless, since the Malicious Software Removal Tool will fail the test by design. It isn't even the baseline protection offered by Microsoft against malicious software (which is the role filled by Windows Defender and Microsoft Security Essentials). It's just a tool intended to remove particularly wide-spread infections that anti-virus vendors are struggling to contain (such as the Koobface worm, which at the time was wreaking havoc with Facebook users' computers).
  32. 1 point
    I apologize for those who had to wait for a day or two for the instructions on how to try the fix. I spent most of my Monday trying to come up with a better way to do it, and was never able to. I think we'll have a beta available soon for those who want to wait for it. Once that's available, I can post some easy instructions here with a link to a batch file that installs the beta for you.
  33. 1 point
    None of the products tested by AV Comparatives are downright bad. In fact, AV Comparatives requires every participant to be "good" to even be considered for participation. So it is not surprising that there aren't any drastic difference between the products. User dependent detections are all detections where the user is given the theoretical opportunity to pick the wrong option and gets himself infected. They ignore recommendations in those alerts completely. So even if there is a clear recommendation to quarantine, it is counted as user dependent. As a result a lot of AVs adopted a "better to ask for forgiveness than permission" approach to alerts and will blindly quarantine everything first and give the option to restore from quarantine later than to ask the user what he wants to do first like we do. You can configure EAM to use the same approach by adjusting the File Guard settings to "Quarantine with notification" and the Behaviour Blocker to "Use the recommended option" automatically.
  34. 1 point
    I have studied the behavior of the decryption program (unlock.exe) and have noticed some aspects of the decryption key structure. To match ID and KEY: 1) At the beginning of the key is the ID in HEX followed by the character "_" (0x5F) 2) The last byte must be 0x00 3) If any byte is changed in the range between 0x5F and 0x00, the key is accepted. 4) If you delete bytes from this interval (shorten the key) the key is accepted. Considering these I produced a fake key corresponding to Id 1: ID: 1 KEY HEX 315F00 KEY ASCII 1_ (null) When we click on the "Unlock One" button, the error "Access violation at address 005CC02E in module" unlock.exe "is displayed. From here I have concluded that a minimum length is required. Let's extend the key and test it: ID: 1 KEY HEX 315F0000 KEY ASCII 1_(null) (null) When we click the "Unlock One" button, the key is accepted and we are invited to choose the encrypted file (whose original name we modified to match the id 1: testfile.txt.id_1_gebdp3k7bolalnd4.onion._) The content of the file is modified (decrypted with a wrong key), the extension is modified correctly in testfile.txt but the last 36 bytes from the end of the encrypted file are not deleted. The next test is the incremental addition of bytes in the key. From successive increments we reached the following key contents: ID: 1 KEY HEX 315F + 48x (0X00) + 2 * (0X00) 315F 00000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 0000 KEY ASCII 1_ + 48 x (null) + 2 x (null) This key is accepted and this time in the decrypted file the last 36 bytes are also removed, but obviously with the fake key the decryption is incorrect. I do not know if what I have exposed is helpful but I hope to help and encourage those more experienced than me.
  35. 1 point
    Kevin, though I am well aware that the decryption keys are case specific, the method of decryption is not. By examining and comparing multiple decryption keys there may be a way of identifying a pattern within them that could point to how to reengineer the decryption engine itself. Or perhaps you have a more effective approach in mind, in which case please do be sure to let us all know about it as there are a large number of people out there who would like to recover their files and the sooner the better.
  36. 1 point
    Of course I am willing to do my part to relieve all the other victims of suffering, especially I have two sets of keys to Cry36. However, I don't know how and what to do. I also wrote a lot to them to dissuade them from doing this after I decrypted almost all my files.
  37. 1 point
    Any chance you could submit the decryption keys for analysis so that the rest of us might be saved the burden?
  38. 1 point
    I'm guessing it will come back. For me, if debug logging is enabled the problem does not occur on startup. With debug logging disabled, it takes a few minutes for the Windows logon screen to appear (seems to be frozen, but just wait 2-3 long minutes) and EIS does not start properly. To workaround, I wait for Windows to startup, then kill the a2service.exe process, and then EIS either restarts on its own or I start it manually; after, it seems to function fine. As debug logging shouldn't stay on for long periods of time, I turn it off while working, then turn it back on before shutting down. I've been able to repeat this reliably quite a few times (especially when I forget to turn on logging before shutting down). I have submitted this information to support. Edit: to give credit where it's due, I got the idea of killing a2service.exe from this topic. I also see the difference in memory usage (around 44mb when hung, around 260mb when running). (Win7 Pro x64)
  39. 1 point
    Dear all, I had no choice but to pay the ransom for Cry36 yesterday and got almost all my files back. The negotiation was long and tiring, and the payment was made via BitCoin. I paid twice, for I was infected twice. Just for your reference. Thanks for all your attention and time. Case closed. Sincerely, [email protected]
  40. 1 point
    Is anyone here willing to send us debug logs for this issue? If so, please download the following ZIP archive and open it: http://cdn.emsisoft.com/Emsisoft_Debug_Tool.zip Inside the ZIP archive is a batch file. Simply double-click on the batch file, and follow these steps: If a popup asks about the Windows Command Processor please click Yes to allow it. A blue window with white text will appear, and you should see a menu. Click inside the blue window, and then press 1 on your keyboard, and then press Enter. You will be told that debug logs have been turned on, and to restart your computer. Press Enter again to continue. Press Enter a third time to exit the batch file. Restart your computer (if using Windows 8.1 or Windows 10 please right-click on the Start button, go to Shut down or sign out, and select Restart rather than using the normal restart option). After your computer has restarted, wait until you see the error message about not being able to connect to the service, and then close it. After closing the error message, hold down the Windows key on your keyboard (the one with the Windows logo on it, usually found between the Ctrl and Alt keys) and tap R to open the Run dialog. Type (or copy and paste) %AllUsersProfile%\Emsisoft\Logs into the field, and click OK. Click on one of the files in the folder that opens, and then hold down the Ctrl key and tap the A key to highlight all of the files. Right-click on one of the files, go to Send to, and select Compressed (zipped) folder to add the files to a ZIP archive. A new ZIP archive will have been created in that folder (you can move it to your Desktop to make it easier to find). Please attach that ZIP archive to a reply, or send it to me in a Private Message. The controls for attaching files to messages are right below where you type in your message.
  41. 1 point
    Wenn noch Reste vorhanden sind, kann dies in der Tat eine Neuinstallation verhindern. Bitte mal die Reste mit dem Tool Emsiclean bereinigen und danach eine Neuinstallation versuchen. Hier gibt es dazu die Anleitung und den Downloadlink.
  42. 1 point
    Thread Closed Reason: Resolved The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.
  43. 1 point
    Hi LeonardCaldwell, You're dealing with Cry36, you can see more of the discussion about it here. I suggest making sure RDP is secure and no weak passwords are being used, and also making sure all critical windows updates are installed. Regards, Sarah W
  44. 1 point
    Both products are based on the same code, but server operating systems require a different (more expensive) license key.
  45. 1 point
    For reinstallation media, always use the Media Creation tool to ensure as much updates as possible are included (this is generally a good idea because it also reduces the amount of updates you'll have to install after installation): https://www.microsoft.com/en-gb/software-download/windows10 As for the rest, the vulnerability is/was in the SMB (server message block) protocol, which is not something an average home user requires, if you are concerned you can just reinstall Windows without network connection, go to Programs and Features > Turn Windows Features On and Off and in the populated list locate SMB1, uninstall this before continuing.
  46. 1 point
    Analyzing small files I noticed it encrypts on blocks of 16 bytes. Example:
  47. 1 point
    Good evening, We just have released EAM/EIS 2017.5.0.7538 beta New: Anti-Ransomware component on Protection tile on overview screen. New: Scan setting: 'Scan in email data files'. Improved: Reduction of false positives. Improved: Upload of attachments when contacting customer support. Improved: Main program windows position when the program opens outside of the visible desktop. Improved: Quarantine screen refresh when Emsisoft Commandline Scanner or Emsisoft Enterprise Console restores files from, moves files to, or deletes files from quarantine. Improved: Additional warning before deleting or moving scanner detections, found inside of archives, to quarantine. Improved: More clear default folder names for export- and scan settings. Improved: USB insertion detection which did not start the scheduled scan on some computer systems. Improved: Processing of the installer command line parameters related to customer care settings (URL verification). Fixed: Occasional crash with Microsoft Word. Fixed: Crash when importing a very large hosts list in Surf Protection. Fixed: Address column values in the Firewall screen in Emsisoft Internet Security. Fixed: Occasional issue wherein the Behavior Blocker monitor showed processes with an unknown reputation.
  48. 1 point
    Hi GT500 Yes and that is why a layered protection complemented by a solid backup strategy is so vital. The real art in creating such a system is most often the fine balance between total paranoia, or an usable and flexible system. I will always go for the latter. Best regards, Tempus
  49. 1 point
    @bruticus0, Thank you, I have a paid antimalware but it did not protect me..... System restore was disabled unfortunatelly. I am out of money right now to pay experts to recover my files. I contacted the criminal, wants 450$ in bitcoins... Nemessis something... I dont even know how to deal with bitcoins... I am desperate.... Thank you for your time. This happened in my worse time in my life, i lost my job recently as a cameraman, i have to work from time to time as a 2hd cameraman in weddings for pennies... if i don't deliver the files i am dead... it seems i have to pay, even few hundred dollars are much for me right now but it seems i have no other option.
  50. 1 point
    Having an antivirus did no good in mine and many others case. Malwarebytes actually quarantined a file. By the time the full scan was done, the damage was done and malwarebytes disabled. I think most people are like my and have an actual archive of files in a RAID0 or external drives. It's just that ransomware attacks the attached drives, so to guard against it, you have to have your file archives offline. Which is a pain in the butt. So I don't think any victim here wants the whole "valuable lesson" crap. I"m not sure why someone that hasn't had an issue with this particular ransomware is here posting in the first place >.> The only ones at fault, and the ones that need a "valuable lesson", are the criminals/terrorists that are doing the attacks.