Leaderboard


Popular Content

Showing content with the highest reputation since 30. Mar 2017 in all areas

  1. 2 points
    Dear michaelws, Thank you for your kind feedback, you are very welcome I wish you a great and malware-free day!
  2. 2 points
    I don't know what to think about regarding your answer. Yes it is always a sensible strategy to minimise the amount of vectors that can be used by others. But with all due respect you do not answer the OP, how it can be that Emsisoft behaviour blocker doesn't catch or reacts regarding the attack.
  3. 2 points
    Hi One of those things that I love Emsisoft for, is that they have been able to hold on to an interface and software without adding a ton of bloatware, removing focus and man hours from the core protection. Personally I don't like to have all eggs in one hat regarding my security. I find my system less vulnerable if I can spread my system security to different vendors. Just my opinion. Best regards Tempus
  4. 1 point
    Hello, I got infected by ransomware, which is identified as PClock (Updated) using ID ransomware. I got notified by Windows Defender about a virus and immediately deleted the threat. Antivirus managed to delete the CryptoLocker executable from my computer. At that time I didn't pay much attention on what the threat was identified as (list of identified threads is in the attachments). After a few hours I got a windows system prompt for allowing a Microsoft Corporation console application to run. After clicking Yes desktop I realized that background was changed and my files were encrypted. I need your help to try decrypt the files. Is it ok to backup the encrypted files to an external drive and wipe the Windows installation or should I keep the system as is? Thank you and keep up the good work original_and_encrypted_files.zip Your files are locked !.txt
  5. 1 point
    Glad we could be of assistance.
  6. 1 point
    This thread is a master example on what great service is. So a big " reputation point " to Thomas Ott and GT500.
  7. 1 point
    Issue confirmed and debug information collected. Currently only excluding FlashPlayerApp.exe from monitoring is necessary to prevent the crash. On 32-bit editions of Windows it will be in the following location: C:\Windows\System32\FlashPlayerApp.exe On 64-bit editions of Windows it is in the following location: C:\Windows\SysWOW64\FlashPlayerApp.exe
  8. 1 point
    Does this happen with the current beta version of Emsisoft Anti-Malware installed? Open Emsisoft Anti-Malware. Click on Settings in the menu at the top. Click on Updates in the menu at the top. On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list. Click on the Update now button on the right side.
  9. 1 point
    Hi michaelws, I can now tell you that we were able to definitely stop the delivery of your USB stick which you've purchased accidentally. I've also informed our e-commerce partner Cleverbridge to issue partial refund for this item for you. You'll receive a further notification per email from Cleverbridge. Please just let us know if we can help any further.
  10. 1 point
    I'll ask and see if the USB Flash drive has already been shipped.
  11. 1 point
    But Emsisoft is on the list, via the bitdefender engine. According to a presentation (https://wikileaks.org/ciav7p1/cms/files/2014_EN_BreakingAVSoftware_JoxeanKoret.pdf) the bitdefender engine is both vulnerable and makes vendors who use it vulnerable. That the CIA found at least one of the vulnerabilities for Bitdefender puts EAM at risk.
  12. 1 point
    It is common for computers to be attacked on the Internet. The detected file would not have been able to do any harm to a computer with the latest version of Adobe Flash Player installed. Note that there is a very big difference between a malicious file being saved somewhere on your computer's hard drive (since your web browser caches everything it loads in webpages automatically this is going to happen), and the computer actually being infected. From the logs, your system looks clean. I don't think there's anything to worry about.
  13. 1 point
    This is the process which shows the amount of memory which has been compressed through the memory compression feature introduced in Windows 10. Originally this compressed memory (stored in "compression stores") was located in the "System"-process’s working set. With Win 10 1607 (Anniversary Update) this compressed memory has been split up into a separate process called "Memory Compression" to account for the general confusion why the "System"-process has been so "memory-greedy" compared to Win 8.1. This process is hidden in the default Task Manager. But you can for example show it with an elevated PowerShell (Get-Process -Name "Memory Compression") or using Process Explorer: I'm still on 1607 and for me EAM also hides this process in the Behavior Blocker window. Since you are already on 1703 (Creators Update) it looks like there maybe have been some changes to this process and the exception Emsisoft created doesn't work anymore. Since there is no real executable for this process I guess there's no easy way to actually create hashes of it. Which most probably is the reason why the reputation keeps staying on "Verifying...". Cloud lookups won't work if they don't know the hash of the process. Maybe Microsoft has only changed the name? (from "Memory Compression" to "MemCompression" like your screenshots say) Can you show us the output of "Get-Process -Name "Memory Compression"? (or "Get-Process -Name "MemCompression" respectively) It has always been called "MemCompression". Only third-party tools like Process Explorer or Process Hacker have named it "Memory Compression". (Source) So that's not the issue. Still Emsisoft simply needs to hide it again.
  14. 1 point
    I've answered via email. I'll update here once we've taken are of it.
  15. 1 point
    Also other software are bypassed using the same technique Youtube video from Black Cipher Security
  16. 1 point
    When I click on skin.zip I get: The page you are trying to access is not available for your account. Error code: 2C171/1
  17. 1 point
    From the description on their website, Heimdal PRO appears to filter network/Internet traffic, which would more than likely mean that it needs to use a WFP (Windows Filtering Platform) driver. We don't consider EIS to be compatible with other software that uses WFP drivers, and we recommend not using it alongside of other software that uses WFP drivers. When it comes to ad blockers, we usually recommend uBlock Origin, which is available for Firefox, for Google Chrome (also works in some Chromium based browsers such as Vivaldi), and for newer versions of Opera. uBlock Origin is recommended mostly because it's the most efficient ad blocker, although its default configuration is also fairly good (I only enable a couple of optional block lists to get rid of social networking widgets on sites and block annoying cookie notifications).
  18. 1 point
    Hello, In current EEC version this is not supported yet, we are aware and it's on our todo list. Thanks
  19. 1 point
    Hi guys, this is the second time I got this message here: Nothing special about it at first glance, but my Emsisoft is supposed to be german (Look at the Buttons, they are translated ), so there is a translation missing (not that I mind, my english is pretty OK, just wanted to mention it). But what I am missing is a "no" Button. I know there is an X on the top right but I would love something that removes those mentioned files 'out of the cache' so Emsisoft doesn't mention them repeatedly - because I actually don't care about them. Or am I supposed to delete the quarantined files myself? Away from that: I love you guys and I love what Emsisoft represents. Your ethics, your vision ... keep up the good work!
  20. 1 point
    Even in English the message is poorly worded; that "some of them were detected in wrong" is ... wrong. Should it have been ... "some of them were detected incorrectly"? Also... does the choice, if you select YES, restore all of the listed and unlisted (another n) files immediately (a bad idea for things not even listed, I think), or is there an intermediate stage where one can choose which ones to restore?
  21. 1 point
    Hi Emsisoft Yesterday, I received a behavior blocker alert, stating that a non digitally signed and unknown file were trying to install invisibly. I took a search of the file using the Sha and Md5 on virustotal, but they couldn't give me any useful information at the time. Some more research led me to that the file, was a file from " Acer" , and as I use a Acer gaming Laptop at the moment, then it all gave more sense. (Acer use some of their own software like " Acer care center ") But anyway, it all ended up with that I followed Emsisoft's recommendations to Quarantine the file. I chose that decision because if it was a false positive then I would always be able to take the file out of the quarantine. But the file was not saved to the quarantine, how can that be ? I think that for an average user the Behavior alerts, can most often be the toughest kind of alerts to do a qualified decisions about, to either block or run a certain file. I would think that many users dont know what to do with the Sha or MD5 informations. Don't get me wrong, I really like that those information is accessible, but I would really like some more user friendly guidance when a behavior alert pops up. Unfortunately I don't have any suggestion for a solution...only a wish for a more easy decision interface for those kinds of alerts. Best Regards Tempus =)
  22. 1 point
    Hi xginx, We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply ================================================================= We need to remove programs using "Programs and Features" Click the "Start" orb on the taskbar, and then click the "Control Panel" button. If you use Category mode, click on Uninstall a Program. If you use Icons mode, click on Program and Features. A list of programs installed will be "populated" (this may take a bit of time). If they exist, uninstall the following by clicking on the below entries and selecting "Remove": Advanced SystemCare 10 Reimage Repair WindowsMangerProtect20.0.0.1064 Additional instructions can be found here if needed. ================================================================= Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator The tool will start to update the database if one is required. Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Logfile button. A window will open which lists the logs of your scans. Click on the Scan tab. Double-click the most recent scan which will be at the top of the list....the log will appear. Review the results...see note below After reviewing the log, click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report). To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list. Copy and paste the contents of AdwCleaner[CX].txt in your next reply. A copy of all logfiles are saved to C:\AdwCleaner. ================================================================= Reply here and attach the following logs to your post: fixlog.txt AdwCleaner log Regards
  23. 1 point
    I'm still trying to get a status update on this. I wasn't able to find the bug report myself, so I'll have to wait and see if our QA team says whether or not we fixed it.
  24. 1 point
    Thanks for the reply Fabian. Thanks for being so active with the company. I was worried having finally paid for anti-malware and then I found this. I am just trying to help you guys out is all! Didn't wanna make a post like this but I am sure someone else would have came at it more negatively that I would have anyways.
  25. 1 point
    I'll talk to our QA Manager about the import issue.
  26. 0 points
    https://cc.emsisoft.com is not a shopping website. You don't put in your credit card details or anything really in there at all. The shopping website is using https://shop.emsisoft.com, which has never used Cloudflare. Other than that, the problems with Tor users and Cloudflare are a known and well documented issue. Not a lot of our customers use Tor, so the benefits of using Cloudflare outweighs the drawbacks for us.
  27. -1 points
    All logs are to be attached to posts. Do not copy & paste any log to your replies unless specifically told to do so. Follow directions. Do the following: Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Download Junkware Removal Tool and save it on your desktop. Run the tool by double-clicking it. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-539313758-2116612764-2897670571-1001\...\MountPoints2: G - G:\LaunchU3.exe -a HKU\S-1-5-21-539313758-2116612764-2897670571-1001\...\MountPoints2: {e0659188-a58e-11df-88ec-c44619e377ec} - F:\LaunchU3.exe -a SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-539313758-2116612764-2897670571-1001 -> {442C02C6-9A6B-4F29-BE31-98EE09BDC894} URL = SearchScopes: HKU\S-1-5-21-539313758-2116612764-2897670571-1001 -> {A3EDE136-8B2B-420D-8213-EFA1BD11696C} URL = Toolbar: HKU\S-1-5-21-539313758-2116612764-2897670571-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-539313758-2116612764-2897670571-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File R2 HPSLPSVC; C:\Users\wsovonick\AppData\Local\Temp\7zS6B13\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] <==== ATTENTION Task: {1D4D6EBE-707F-4FBF-A53E-A5F9EA642EA2} - \Microsoft\Windows\Windows Activation Technologies \ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {71FBC453-D929-4702-8EF3-47B2B946C8E3} - System32\Tasks\{2CA42757-8733-4F6F-A9D2-0C7B79A327E2} => pcalua.exe -a C:\Users\wsovonick\Downloads\Quicken_Premier_2009.exe -d C:\Users\wsovonick\Documents Task: {7781C405-0B9A-48F3-99A9-246726E72F9B} - System32\Tasks\{5DB3043B-3EF3-423F-B276-7D97B1EE19F3} => pcalua.exe -a "C:\Users\wsovonick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9CMVE1K\SetupBtwDownloadSE.exe" -d C:\Users\wsovonick\Desktop Task: {A8E17631-9DFC-4EB4-8717-F836F4A2B4F2} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {B1BF02ED-DB4C-4743-8E0B-9C5713ACBC7F} - System32\Tasks\{C7708AA2-B6D0-4C4A-AD31-3B8E456265E7} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Quicken\qw.exe" Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {E14F988A-50AC-46F7-9AAE-874DC3F59CE7} - System32\Tasks\{AB341403-B74E-40C2-B662-2B2838E24D8E} => pcalua.exe -a E:\disk1\setup.exe -d E:\ Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [254] Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  • Who's Online   0 Members, 0 Anonymous, 44 Guests (See full list)

    There are no registered users currently online