Popular Content

Showing content with the highest reputation since 09/16/18 in all areas

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 1 point
    DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc ÔÇŽ Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  3. 1 point
    the Ransomware need decryptor.... they removed shadow volume copy, so wont be able to restore and also encrypt the original file, so no point of using data recovery tool. Please suggest
  4. 1 point
    Some info on this here andrey https://borncity.com/win/2019/08/14/windows-updates-kb4512506-kb4512486-drops-error-0x80092004/ Do you have KB4474419 and KB4490628 installed?
  5. 1 point
    Ach, so they are. I just c&p them out of the OP's report and looked them up separately. I wonder why the OP had two copies?
  6. 1 point
    Hello, The main causes of laptop random reboots, list in order, are: Heat Faulty hardware Faulty drivers Software crashes Malware You logs show no Malware. Also I see no crash dumps in the FRST logs. The Event log shows that Chrome is misbehaving and an Intel Driver is crashing. There is an Alternate Data Stream that should be removed. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. Close Notepad. NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version.
  7. 1 point
    That's not encouraging... Hopefully someone from Emsi will come along and explain. It seems to me that there's three issues: first, whether or not with 'Paranoid' being set, files are being scanned as they are downloaded. I'd certainly have hoped so; if not we need an "even more Paranoid" setting... Secondly (if files are being scanned on download): why is a scan-on-download not making the same detection as a custom scan later on? Downloading files is surely the main way that most of us get potential malware, so a scan then should be as thorough/rigorous as possible. Thirdly, the Behaviour Blocker's behaviour. If all you've let the installer do is start & display its splash screen then it probably hasn't yet done anything that the blocker would think is suspicious, so no BB alert is fair enough. (I'm not suggesting you should let it do more if you think it is dodgy.) I don't think/know that the fact that the installer is running with Admin privilege is relevant. I /hope/ that malicious softare running under Admin auth is blocked when it actually does do something dodgy.
  8. 1 point
    Make sure that you don't have any ports forwarded for the NAS in your router, and make sure that UPnP is disabled in the router's configuration.
  9. 1 point
    Asdu374idfg68O9eTFDNbn8z2O956vweaL1v2GY5gvWBYMKcmt1 It looks like an online key with which decoding is not yet possible.
  10. 1 point
    I expect that's not possible, because EAM requires Windows to be running, and what's more it might need to be Windows on amd/intel cpus. What cpu and OS does the TV run?
  11. 1 point
    I have the same thing but instead of a .txt file its a HTML Application (.hta) here is the send space link https://www.sendspace.com/filegroup/sRHSwJySqZ3cXRFJlc5CJQ here is a few more files if you need to look at them https://www.sendspace.com/filegroup/hxqKfEGN6R7TeHM5QosANw4RRiK2jD1hr%2BCvM9fMngsru26QlocERasGfm6BgXzr0wo1k6OBXuOKTginvVxsBA
  12. 1 point
    It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that it can be verified which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply.
  13. 1 point
    All Emsisoft decrypters https://www.emsisoft.com/decrypter/ There will be a message in my article, if I lucky to live to such a significant event.
  14. 1 point
    Hi Damaxx, can you share the decryptor. Wanted try it will work for my files or not.....
  15. 1 point
    Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2019-06-25 15:25 - 2019-06-25 15:25 - 000000000 _D C:\Users\klime\Desktop\umowy 2019-06-24 19:00 - 2019-06-24 19:27 - 000000000 __D C:\Users\klime\AppData\Roaming\vrguqgoqzs 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\system32\tmumh 2019-06-20 22:15 - 2019-06-20 22:15 - 000000048 ____H C:\Program Files (x86)\k5wlusm0mk.dat 2019-06-18 11:55 - 2019-06-18 11:55 - 000001024 C:\WINDOWS\SysWOW64\%TMP% ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak plikuClose Notepad.NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST64 and press the Fix button just once and wait.If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.NOTE: If the tool warns you about an outdated version please download and run the updated version.
  16. 1 point
  17. 1 point
  18. 1 point
    EAM doesn't work on XP or Vista now. System requirements are :- For Windows 7/8.1/10, 32 & 64 bit
  19. 1 point
    You're welcome. Just follow the instructions I posted at the following link: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  20. 1 point
    Hallo und danke f├╝r die Anfrage. Vielen Dank auch f├╝r die Unterst├╝tzung @eric cartman Eventuell noch als Nachtrag ein Verweis zur ├ťbersicht der Produkt-Updates: https://blog.emsisoft.com/de/category/emsisoft-neuigkeiten/produkt-updates/
  21. 1 point
  22. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  23. 1 point
    mario.rossi Today the STOPDecrypter has been updated with the support of the .dutan extension https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip Try decrypting some files first by making a copy of them for test.
  24. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  25. 1 point
    Independent certification body Virus Bulletin recently released the results of their latest rounds of VB100 tests. Once again, weÔÇÖre happy to announce that Emsisoft Anti-Malware aced the tests and walked away with a perfect score! What is the VB100? The VB100 is a certification test designed to evaluate the detection capabilities of antivirus software. To perform the tests, each antivirus product is installed on a physical computer or virtual machine with specifications you would expect to find on a business PC. The products are installed with default configurations on a clean, dedicated instance of Windows. Each test is performed on two different systems, one running Windows 7, the other running Windows 10. The security products are then exposed to a range of malicious samples taken from various malware sets, including: The WildList set: A set of a few thousand samples curated by the WildList Organization. The AMTSO RTTL: The Real-Time Threat List is a continuous feed of 1,200-3,000 new samples collected by malware experts around the world and managed by the Anti-Malware Testing Standards Organization. The Diversity set: A set of 1,000-2,000 recent malware samples. The products also scanned a subset of 100,000 files taken from the clean sample set, which is a collection of 400,000 non-malicious files. To achieve VB100 certification, a security product had to be able to meet the following criteria: Identify at least 99.95 percent of malicious samples. Generate no more than 0.01 percent false positives. How did we do? WeÔÇÖre delighted to report that Emsisoft Anti-Malware achieved a perfect score in every category. Our flagship software identified 100 percent of the 2000+ malware samples used in the tests while generating zero false positives along the way, earning it VB100 certification. WeÔÇÖre pleased to see Emsisoft Anti-Malware excelling in test conditions, and weÔÇÖll continue working hard to provide the best malware protection on the planet! About Virus Bulletin Virus Bulletin a security information portal, testing and certification body based in the UK. VB100 certification tests are designed to assess the detection capabilities of endpoint security solutions. A product that has been awarded VB100 certification can generally be trusted to provide a certain level of protection against malware. Click here to see the full report, or click here to have a look at some of the other awards weÔÇÖve won in the past. Have a good (malware-free) day! The post Emsisoft Awarded VB100 certification in April 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  26. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  27. 1 point
    You are dealing with two different ransomware. ID Ransomware picked up on the "second layer" of STOP Djvu with the .adobe extension. No way to determine what the first ransomware was without the malware or ransom note from it. Support topic for STOP Djvu: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/
  28. 1 point
    OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.
  29. 1 point
    The cheapest option for you would be the 3-PC license key, even if you only have 2 computers. You're not required to have a 3-PC license key though, so if you prefer to buy two 1-PC license keys (one for each computer) then feel free to do so, however note that the total cost of doing so is usually more than a 3-PC license key.
  30. 1 point
    Hi Gawg Thanks for your comments. I'll try a reboot first when future problems arise.
  31. 1 point
    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the " localhost" entry if there is any. Lines starting with "#" are comments by the way. Pretty much. We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already. Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it. Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension. You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example). Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request. If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.
  32. 1 point
    The Behavior Blocker will catch the payload. While it does have some exploit protection, it isn't intended to provide a full range of exploit protection, and thus will only catch certain exploits.
  33. 1 point
    Siehe hier.. https://support.emsisoft.com/topic/30508-build-9204/?tab=comments#comment-190523
  34. 1 point
    With notification turned in in EAM setting I was offered the option to install it via clicking on the slide info. (No need to have a Microsoft account to get this from the store in case anyone is wondering) Installed and running
  35. 1 point
    Hallo Wolfgang, vielen Dank dass Sie unseren Support kontaktiert haben. Eine Infektion durch die offizielle Version vom VLC Player bei der Installation oder beim Update sollte sich ausschlie├čen lassen. Sie haben Chip erw├Ąhnt, Ihrem Beitrag entnehmen ich aber dass Sie den Chip Installer nicht verwendet haben als Sie VLC Player installiert haben? Wie Sie bereits festgestellt haben k├Ânnte man sagen es wird einem damit einfach gemacht auch andere Dinge als das Programm zu installieren welches man eigentlich herunterladen wollte. Daher sollten Programme immer direkt vom Hersteller bezogen werden, damit sollten sich dann auch Zwischenf├Ąlle ausschlie├čen lassen, wird in einer offiziellen Software einmal eine Infektion gefunden sollten vertrauensw├╝rdige Hersteller auch daf├╝r sorgen dass alle Nutzer informiert werden. Wenn eine Plattform wie Chip.de verwendet werden soll um Software zu beziehen, w├╝rde ich pers├Ânlich empfehlen Ausschau nach einem Link "Manuelle Installation" zu halten; damit wird dann der Installer des Herstellers heruntergeladen, und nicht der Chip Installer ├╝ber den dann wiederum z.B. VLC Player heruntergeladen und am System installiert werden soll. Ein einfaches Rezept zur S├Ąuberung eines Systems welche f├╝r Jedermann und in alle F├Ąlle gut funktioniert l├Ąsst sich vermutlich nicht finden. Etwa ist die Anleitung welche @onegasee59 freundlicherweise erw├Ąhnt hat schon in ein sehr brauchbares Format gebracht worden. Gerne sind wir Ihnen bei der manuellen Bereinigung behilflich, lassen Sie mich bitte wissen wenn Sie gerne eine Anleitung zum Erstellen der ben├Âtigten Log-Dateien haben w├╝rden die wir ben├Âtigen damit wir Sie damit unterst├╝tzen k├Ânnen. Wenn Software vom Hersteller des eigenen Vertrauens bezogen wurde sollte man davon ausgehen k├Ânnen dass Update-Aufforderungen legitim sind wenn diese eindeutig von diesem Programm stammen. Verhaltensverst├Â├če bzw. Aktionen die auf einmal von einem Programm am System durchgef├╝hrt werden sollen k├Ânnen schon von Sicherheitssoftware aufgesp├╝rt werden - etwa mit einer Technologie wie unserer Verhaltensanalyse; vorausgesetzt es wurde keine Ausnahme-Regel f├╝r das Programm erstellt. Man sollte sich da System genauer ansehen, wir helfen Ihnen gerne dabei, mit eine Anleitung die dann f├╝r Jedermann funktionieren w├╝rde k├Ânnen wir aber leider nicht dienen. Darauf l├Ąsst sich leider keine Antwort finden wenn man nicht vorher einen genaueren Blick auf das System geworfen hat. Dazu werden wiederum diverse Tools verwendet die detaillierte Informationen ├╝ber den Systemzustand und verschiedene wichtige Bereiche im System auflisten. Entweder muss dann wiederum mit anderen Werkzeugen nachgesehen werden bzw. werden die Informationen dazu genutzt um dann Malware die am System gefunden wird gezielt zu entfernen. Es tut mir Leid dass meine Antworten f├╝r Sie nicht genauer ausfallen k├Ânnen oder ich mit einer Anleitung dienen kann die dann vielen Nutzern sofort auf einfache Weise helfen k├Ânnte. F├╝r Ihre Fragen und Anliegen stehe ich gerne weiter zur Verf├╝gung.
  36. 1 point
    Hello Jonathan. It looks like a translation file didn't update itself properly, and the restart reloaded it. Thank you for following up!
  37. 1 point
    I have received 2 phone calls regarding this issue. Is this legitimate?
  38. 1 point
    I just got this also. Windows 10 Pro. Pale Moon,Firefox & Chrome installed. Chrome default
  39. 1 point
    My computer was also infected by .udjvu and all files were encrypted. My wife is a Teacher and all her documents are now encrypted by .udjvu My only option is to install a new Hard Disc on the computer and make a fresh start. I will keep the encrypted Hard Drive in case someone in the future manages to decrypt .udjvu Please let us know if something comes up. Thanks, Andreas. _openme.txt DSC01680.JPG.udjvu DSC01682.JPG.udjvu
  40. 1 point
    Well, it has happened, though not at start-up. This morning, I was using my EliteBook, which has the current stable version 2018.11.0.9073 (it was never switched to the beta feed), and around 10:40 CET decided it was time for a break. On returning, noted that the screen was black. First assumption was that it was in sleep but the power button was illuminated constantly, not blinking. Couldn't get any response so invoked a BSOD at about 11:08. On restarting, saw (as expected) that a2service.exe had bombed at 10:58:11. So, should I send the dump? Sadly, there are no debug logs. Ironically, the morning's work was documenting a UI problem and I had temporarily turned off debugging to be able to copy the logs after my break. I still have a dump taken when using 2018.11.0.9073 beta on my Dell stationary. It occurred (2018-12-05) when I set my printer preferences to 'duplex' to print a document. Would that be of any use, or can I delete it?
  41. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  42. 1 point
    In this case I don't think VirusTotal would have shown us detecting it if you did the URL scan, but if you did a search for the domain then you'd get to see a list of scanned files at that domain (among other things): https://www.virustotal.com/#/domain/img1.wsimg.com VirusTotal doesn't always show us detecting a malicious URL, even when it's in our database and EAM detects it. Our malware analysts have noticed this as well, however we're not sure why it happens.
  43. 1 point
    Was soll das bedeuten? Im Zweifel bedeutet das f├╝r Server eine andere Software einsetzen und EAM auf en Clients zu halten. Es wirkt eher wie eine verschwurbelte Preiserh├Âhung. Preis und einfache Oberfl├Ąche waren bis jetzt Hauptvorteile von EAM. Die Enterrpriseconsole ist auch kompakt. Komplexit├Ąt und Featureflut haben wir ja bei der Konkurrenz genug. Preislich ist sicherlich noch etwas Luft, aber wenn jetzt noch eine Schulung f├╝r die Preis/Featureliste notwendig wird, d├╝rfte es Akzeptanzprobleme geben. Da bin ich mal gespannt, wie die Spreizung zwischen Enterprise und Privat gestaltet wird. Gerade was Betatests angeht. Die Netzwerkverbindungs-Probleme mit 2018.9. ware da eine interssante Erfahrung.
  44. 1 point
    @HIPS187 Da die Frage und Problematik nicht wirklich zum Beitrag passt folgt sofort eine private Nachrich
  45. 1 point
    You may need to add the full path to PowerShell.exe at the beginning of the command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  46. 1 point
    Then you should already know how to get them.
  47. 1 point
    I would believe our developers are still looking in to it, however thus far we have been assuming it is an issue with Windows 10 since certain Windows tools still read the firewall status correctly.
  48. 1 point
    We're aware of the issue. Some parts of Windows 10 seem to detect that Emsisoft Internet Security's firewall is active, and some do not.
  49. -1 points
    I would rather have "broken sites" than trackers. Easy to allow them, if needed. Only reason I stay with EAM is "SURF-PROTECTION" Can't use your extension. Will not upgrade to the latest Firefox, and will never use Chrome or Edge browsers.
  50. -1 points
    "We are hiding the build-in hosts for the same reas´╗┐on as we hide signatures. This is internal stuff and has no added value for users." No value for dummies, is this what you think your users are?­čśĺ I remember when OS Armor was bought out by you, the owner said it would be the greatest piece of software, WRONG! Man, how can you wreck a piece of software. Sorry, but that's the truth.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up