Popular Content

Showing content with the highest reputation since 03/26/19 in all areas

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  3. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  4. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  5. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  6. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  7. 1 point
    I don't know the source of the infection MR, By the why the contents quarantina has ben delete by the avast boots scan. Here I'm attach the log from EEK, i don't know whether this can help. sory my bad english...
  8. 1 point
    As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  9. 1 point
    After checking the PC (or only folders with encrypted files), you can use the free tool to decrypt files - STOPDecrypter (link) This process should be approached with caution. Read the attached text file. Due to the nature of encryption, only files that are encrypted with offline keys can be decrypted. We recommend that you make a test decryption of a small number of encrypted files and make copies of them in advance.
  10. 1 point
    Sophal You correctly think this site with kmspico is the source of the infection! Due to the launch of a malicious file from there STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  11. 1 point
    "Opt in " 1 click, " Opt out " 1 click, so convenience is the same either way. For people who like not to having to renew every year its fine, but, many people are unaware of this, you know how people are, they just click click click without reading a dam thing. Many people will be receiving invoices they are not expecting and this is how the slimy companies get them. Not saying Emsisoft is one of these, on the contrary Emsisoft is one of the best, if not the best, for integrity and customer service. I just don't like opt out. If you continue on this route then you need a page to pop up with 4 inch letters explaining what is happening so that there is no way anyone can miss it.
  12. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  13. 1 point
    First of all I like to thank Emsisoft for the fine decryptor offerd, it was good feeling to have the date restored. In this contribution I want to reflect on how (in my opinion) to avoid further attacks on the NAS Synology as well as how to back-up when not using ‘cloud’ options. As Amigo said: Having done my homework now, I think those machines are not defenseless, but they are sold with all doors open, furthermore it takes knowledge to find the doors, windows, escapes etc. Unfortunately the helpdesk to my experience (in many ways) was not always helpful. Anyway no (relevant) update has been provided since December 2018. Checking the system As a general remark I have found no (new) traces of intrusion other than I have reported before. So let’s start with that. From package center you are able to install “Antivirus Essential”, which allows you to do a system-scan on the DSM software. As a nice to know: In case you want to deïnstall any package/program, you will first have to select (double click on a installed package) which brings you to a separate menu, where you can select delete from a dropdown. Please know, that a complete scan by antivirus includes all data could take days or weeks, but that could also be done using a regular antivirus scanner. A system scan however can be scheduled on a daily basis. I am not sure/doubt whether that the scanner will detect uninfected programs not installed by yourself and not been published by Synology and its partners, but I assume it will detect infected files. Secondly you would like to check the published cron-job’s. Those will be found in the control panel as task-manager. In that task-schedular you will find DSM auto-update and maybe some other tasks. Unfortunate you will not find all tasks. For instance a scheduled Antivirus scan will not appear. Also do check your access-logs as I wrote on April, 26th in this blog. I’m afraid there is no other opportunities available to check the system. Prevention The most important probably is to block guest account, check my message on April 18th. Moreover, one should avoid to use regular user names such as ‘guest’, ‘admin’ or ‘user’, those names are vulnerable in general, I have noticed some hacking attempts using those names. Then open “Security Advisor” from the programs (check the most left up icon to find all your programs) and directly go to the advanced settings. Here you probably will find that the setting is set to ‘home and personal use’, which offers only restricted protection. I like to suggest to change that to custom and then select all items, to allow you to evaluate in a further phase what protections does make sense for you. Now you go back to the main screen (Overvieuw) of the security advisor and press scan to see whether your protection is good. The Security Advisor will then make suggestion what to change and where to find relevant settings for your system. It will guide you to find-out which port-numbers to change, whether your passwords are good enough, and much more. A special attention I want to draw when using the NAS on internet. I would feel like not doing that, but if you do so, It is wise to have dedicated users for the internet usage, which users you should set to double verification when connecting such as pin-code verification via SMS or email, further it is wise to use encryption during data transfer, preferable by installing a valid certificate on your system. All those features are available on the NAS but they have to be activated by yourself. The general settings of Synology will give you a maximum access as easy as possible, but that will make it for others easy as well. For more info on this subject check the Synology website. You also want to check the firewall, which you can find in the configuration screen, item Security. I mention this point separately from the Security Advisor, because at this point the guiding is not as good. To use the firewall, you have to switch it on, and moreover you have to make your own firewall-rules. Again, don’t assume that default rules are good enough. So select a custom profile for the firewall profile and press the button change the rules. Relevant rules can be altered by selecting LAN on the up right dropdown. Now when you choose not to access your NAS via Internet I would recommend to close the ports for NTP-service, Bonjour, FTP, ATP, CIFS, NFS, Telnet and SSL. Those ports should be closed for all IP addresses ranging from to but not for those IP addresses (range) specifically used in your own network. B.t.w.: the NAS will not allow you to exclude yourself as long as you are logged in. Finally you want to be informed in case anything unexpected has happened. You can do that by configure your email account in the settings for e-mail which can be found from control panel, messages. Indeed you can select which type of messages you want receive and which not in the tabsheet advanced. Back-up When deciding not to use the internet for back-up one can use several external USB-drives to have a program for backups on save places and manual rotations. For this old school solution I have used Hyper-Backup, which can be installed from the package center. Hyper-backup allows you to have a time-machine file management, to compress data and avoiding duplicated data as well as it allows to encrypt the data. Encryption is a good idea as you (should) carry the USB disks to different locations. You then will require a password which generates a RSA-key, which password and/or key you need to store in a proper way to have an orderly future access to your data. Hyper-backup has a good interface. To have a back-up choose ‘local map & USB’, and then select as shared map the applicable USB-drive and the name of the backup. For each back-up drive you should choose a different task and a different name, as you then can continue with the other backup settings and finally the initial backup. As a consequence of compression, encryption etc, that initial backup could take several days. Of course the succeeding incremental backups are much quicker. So the next initial backup disk you want to increase the speed. This can be done by copying the data form one disk to another, where you only copy all data from that map in the root which carries the name of that backup you placed on the drive. On the new drive you will than change the name of that map to the new backup name. When now making a new backup task, again choose ‘local map & USB’ but then do not use standard the radio-button selection ‘make backup task’ but select ‘link to an existing backup task’. From here you select the new USB drive and the newly made map containing the initial or progressed backup data. You than have an initial backup right from the beginning. Summery The possibilities for checking the actual health of the system are available but this could be insufficient. Nonetheless, good methods for protecting the system exist, where the Security Advisor is essential to find the right protection. However, it requires the user not to rely on any default settings of Synology which in general can be described as week. Many Back-up solutions are offered including the ones which are off-line. Bottom-line there still is room to improve the product to make it more secure to a non-specialized public. To me it appears the message Synology send to us is: "We don’t care".
  14. 1 point
    He said that while he did add detection to try to keep people from using keys that are not correct for their encrypted files, he also said that it is technically still possible to get the decrypter to allow you to enter an incorrect key and end up with corrupted files. Nothing is completely foolproof, after all.
  15. 1 point
    The criminal who made the ransomware threatened to increase the price of decryption if no one released a free decrypter by a certain date, and we didn't want him to know that a decrypter already existed, so no one met his deadline. It's possible that the prices in ransom notes will still vary slightly. I've asked the developer who made the decrypter for confirmation about why your files couldn't be decrypted.
  16. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  17. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  18. 1 point
    Hallo darktwilight, vielen Dank dass Sie unseren Support kontaktiert haben. Gerne habe ich Ihnen einen Link per privater Nachricht im Forum zukommen lassen mit dem nur eine Lizenz für Emsisoft Mobile Security erstanden werden kann. Auf Anfrage erledigen wir das gerne weiterhin. Wenn auf ein Google Kommentar nicht reagiert wurde dann liegt dass daran dass wir dort nicht so schnell antworten wie in unserem Support-Forum oder wenn Sie uns per E-Mail kontaktieren. Vielen Dank für den Hinweis. Für weitere Fragen stehe ich gerne zur Verfügung.
  19. 1 point
    Ich kann mich der Kritik nur anschließen. Die ganze Richtung, die Emsisoft in den letzten Monaten genommen hat, gefällt mir auch nicht.
  20. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  21. 1 point
  22. 1 point
    The server I own was recently infiltrated with the .nampohyu ransomware. I have a Synology Diskstation that I use to store my DVD and Bluray collection, consisting mostly of direct backups of my collection (for DVDs it's file folders each containing the .VOB files and .IFO files for each individual movie. For Blurays, its a folder for each movie that contains either an .ISO file of the disc or BDMV and CERTIFICATE folders for each individual movie). The files on my Diskstation are not 'encrypted' even though the ransom note would have you believe that. While I could physically wipe the server and re-load all my movies (they are in boxes in my basement), I've discovered a time-consuming solution for myself: For the DVDs, each movie was saved in an individual folder containing the AUDIO_TS and VIDEO_TS folders from the DVD. In the folders are the .VOB files, .IFO files and .BUP files. I used command prompts to bulk remove the .nampohyu extensions from the .VOB files. I found that the existing .IFO files were corrupted so I deleted them and renamed the accompanying .BUP files as .IFO files. This restored the functionality of the DVDs. For the Blu-Rays, the ones that were saved as .ISO files, it seems that the .nampohyu ransomware corrupted the header in the .ISO file. I used the command prompt line to bulk delete the .nampohyu extensions on the files. Then I purchased a program called IsoBuster, loaded the .ISO file of the movie into it, then extracted the BDMV, CERTIFICATE and whatever other files were in the .ISO file into another folder. I'm assuming this got rid of the corrupted header in the original .ISO file because it brought the Bluray back to life. It is a tedious process to do this for all my movies but at least I didn't lose my collection and be damned if I am going to pay some thief to return to me what id rightfully mine. Hope this information helps.
  23. 1 point
    Yes, all these actions have already been done, access to SAMBA on the router is closed, Guest's account too. The Synology software has always been updated on a regular basis - but that did not help - unfortunately, as you can see. So I am waiting for information and advice on how to decode these files - I will be grateful for your help.
  24. 1 point
    I think the window for figuring out they keys for .hrosas expired Friday night, and the window for .verasto expired a day or two before that. Assuming Demonslay335 replied to your private message, then I assume you sent him the MAC address you posted here as well? If so, then he'll archive it for future reference (by which I mean "in case he's able to figure the decryption key out at some point in the future").
  25. 1 point
    Hallo Emsi-Geschäftsführung. Ich wollte gerade meine Lizenz für ein weiteres Jahr verlängern. Das hat leider nicht geklappt, weil ich kein Häkchen bei "Abonnement" gesetzt habe. So konnte der Bestellvorgang nicht beendet werden. Braucht Ihr Eure treuen Privatkunden nicht mehr? Dann sehe auch ich mich, allerdings ungern, nach was Anderem um, bspw. Malwarebytes.
  26. 1 point
    Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run. To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link: https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter).
  27. 1 point
    Some of them may be recoverable. I've asked the creator of STOPDecrypter whether or not he's already seen your post here. If he has, I imagine he's already contacted you. If he hasn't, then he may still contact you once he has a chance to look over your information. His screen name on our forums is Demonslay335.
  28. 1 point
    You also can uploading a copy of every ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ But the result will be the same link to the forum BleepingComputer, because requests of the victims are initially collected there. Demonslay335 will also receive your information if you leave it here.
  29. 1 point
    Hmmm. Well - it wasn't me. Maybe I accidentally violated an Emsisoft Forum policy inadvertently? DECRYPTION TESTS WERE SUCCESSFUL!!! If anyone is reading this into the future, I would say that you should heed GT500's advice to check out Bleeping Computer - and reach out to Amigo-A because he understands the product that decrypted for me. The advice on this forum started me on the path to a solution. I can't thank everyone here enough!
  30. 1 point
    Hello everyone, We would like to inform you that due to a corrupted MySQL database we had to restore a recent forum backup. This means that all changes made since 2019-04-25 at 18:08:37 UTC have been lost. This includes among others: Posts, topics, registrations and profile changes. We apologise for the confusion and inconvenience this may have caused you.
  31. 1 point
    You are dealing with two different ransomware. ID Ransomware picked up on the "second layer" of STOP Djvu with the .adobe extension. No way to determine what the first ransomware was without the malware or ransom note from it. Support topic for STOP Djvu: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/
  32. 1 point
    I just started playing around with the new "My Emsisoft Cloud Console". My first experiences have been quite positive. 🙂 Two little things that I would like to suggest for improvement: 1) I use only one policy for the whole network (i.e. workspace). This is why I delete all computer groups except "New Computers" (which cannot be deleted). I then set all required policy settings/options on the highest possible level, which is the "root" group called "Workspace". These settings are then of course inherited by the "New Computers" group (and possibly some other groups that I might add later). The problem is that whenever you re-visit the "Protection Policies" section by clicking in the navigation bar on the left hand side, the view defaults to the "New Computers" group. So if I'm not very careful, I'll change settings in this group instead of the root group "Workspace". It would be nice if the selection could default to "Workspace" whenever you re-visit the Protection Policies section. 2) Using the Enterprise Console, it was easy to see at a glance if the settings on some client PCs deviated from the original policy setting (the overview in EEC then shows a little round arrow next to the policy name in the "Computer Policy" column). In the cloud console, you must have a detailed look at the settings of each client PC to see if there is anything different to the original policy. It would be very helpful to be able to see policy vs. current client settings differences directly on the overview dashboard. (please bring back the round arrow 😉) Furthermore, there are some minor cosmetic issues: - When clicking on the menu of the root protection group "Workspace", the menu item "Clone" is not greyed out. It is clickable, but (as expected) nothing happens. It should be greyed out like the rest of this group's menu items. - Some German translations don't fit into the UI (mostly on buttons) - When using browser zoom (I use 120% by default) some lines around some UI fields get cut off And two final questions: - I was wondering what the setting "Detect registry policy settings" in the Scanner Settings section does (see attached screenshot). -Why does my license vanish from the "Licenses --> Personal Licenses" section after assigning it to a workspace ? Is this by design? This seems confusing to me... What happens if I delete a workspace - will the license be returned to the "Personal Licenses" section? What about client PCs that are NOT associated with the workspace - will they have licensing problems (I don't want to add all my PCs to the workspace)? Thanks for the great job so far! Raynor
  33. 1 point
    To add to what Amigo-A said, your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future. Here's a link to instructions on how to do that: https://kb.gt500.org/stopdecrypter
  34. 1 point
    Hi @Marshall, Glad it worked for you, Take care, Steen
  35. 1 point
    Hello, Here are some example files Let me know if you need something more.
  36. 1 point
    STOPDecrypter lists the MAC of every network adapter. Since the average user doesn't know how to find the MAC address of their network adapters, let alone what a MAC address even is, it's best for them to run STOPDecrypter. As for the possibility of running it on the wrong computer, I have added a couple of lines to the instructions I wrote covering that and pointing to the FAQ. Перевод предоставлен Google. STOPDecrypter перечисляет MAC-адрес каждого сетевого адаптера. Поскольку рядовой пользователь не знает, как найти MAC-адрес своих сетевых адаптеров, не говоря уже о том, что такое MAC-адрес, для них лучше всего запустить STOPDecrypter. Что касается возможности запуска его на неправильном компьютере, я добавил пару строк в написанные мной инструкции, охватывающие это и указывающие на FAQ.
  37. 1 point
    I have forwarded your ID and MAC to the creator of STOPDecrypter. Either he or myself will contact you if he is able to figure out your decryption key.
  38. 1 point
    There is something more interesting on the encrypted files: The encryption speed seems to depend on the number of files; not on the size of the file. A very large file is ‘encrypted’ with the same speed a very small file. On average I calculated a speed of about 13 files a second. More analyzing shows to my first impression that only the first 64kB of each file is encrypted. This does however not mean that smaller files cannot be encrypted as well. What I further think is that encryption is done in blocks of 128 bit and when the filesize does not match the remaining few bytes are left as is, keeping the filesize unchanged
  39. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  40. 1 point
    Ok. Thank to H6T9, balumka13 In short: your files were encrypted by Scarab-Gefest Ransomware, from the Scarab family. No free decoder. You can get the private decryption that DrWeb and ESET do if they have an encoder file. Request for decryption 1) DrWeb makes a free test-decryption, used only encrypted files, registry files and a ransom note file. Link. If they can decrypt, then they offer to first buy a 'Rescue Package' with DrWeb Security Space for 2 years, then give a decoder for the encrypted files. And user will under their protection for 2 years. For users from Russia, the package price is 5299 rubles, and for foreigners - 150 € (euro). The service without the rescue package of Dr.Web is not available. 2) ESET first offers to buy their commercial antivirus, and then make a test-decryption. Link. Recently I told how to make a request in ESET, if you're interested, see the link on the BleepingComputer forum. Starting with post # 554. I have nothing to do with them and can’t influence their prices. I also believe that it was possible to make this service cheaper, if the user gets support for the first time. Later he would still buy protection if she would provide real security for a year. If details Ransomware are interesting: What is this Scarab, I realized immediately when I carefully looked at the results of ID-Ransomware. But extortionists often confuse traces: they take the name of someone else's note, the text of the ransom, imitate the ID and so on. I talked about the fifth element, in fact there are more of them and they came together before I saw the note itself. It was also clear to me exactly which version of the Scarab and which group is currently engaged in this variant. The hint is the BM-address from the note. Previously, the same people spread Hermes, then another and Scarab. Then Hermes was sold and the actors went to other projects. When the basic encryptor of Scarab was updated last year, many extortionists switched to using it. I wrote about some, who switched to the Scarab and came from other projects. The Scarab Ransomware-project employs many groups from different countries, they work in groups and individually.
  41. 1 point
    Hi Raynor, We currently don't have concrete plans to end Emsisoft Enterprise Console. If we ever come to that point, we would make an announcement at least one year in advance to provide planning safety for our customers. 1) Local update caching will become available later. 2) We have no plans to offer a profiles migration path, for now. Re-connecting existing devices from EEC to ECC will become an easy procedure and can be automated. We are working hard to add new features to Emsisoft Cloud Console. Feel free to start testing it and see how stable it is. You can connect existing Emsisoft installs manually as of version 2019.3. Thanks
  42. 1 point
    OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.
  43. 1 point
    The cheapest option for you would be the 3-PC license key, even if you only have 2 computers. You're not required to have a 3-PC license key though, so if you prefer to buy two 1-PC license keys (one for each computer) then feel free to do so, however note that the total cost of doing so is usually more than a 3-PC license key.
  44. 1 point
    Hi Gawg Thanks for your comments. I'll try a reboot first when future problems arise.
  45. 1 point
    Ja, Icewolf, wie Du hatte auch ich gedacht, daß Emsi sich unserer Kritik annimmt und da nachbessert. Für mich erstaunlich wegen der bisher so besonders kundenfreundlichen Praxis (keine Daten verhökern, keine Toolbars etc. mitinstallieren...), daß man unsere Beschwerden offenbar stumpf ignoriert. Bei allem Pipifax,wie "nicht übersetzt, fehlt was am Rand, Farbe nicht gut, Anpassung an Monitor unzulänglich etc.)" wurde irgendwann - meist schnell - reagiert und nachgebessert. Jetzt kommt man mal mit einer wirklich schwerwiegenden Kritik - und nix passiert. Naja, Win10 bringt ja den inzwischen reiferen Defender mit, und da "der Geiz geil ist" werden die meisten Kunden keine zusätzliche AV Software installieren. Da scheint die Firmenleitung ihre Felle schwimmen zu sehen... Anders kann ich mir einen so schwerwiegenden Fauxpas nicht erklären bei der bisherigen Philosophie des Herrn Mairoll. Schade
  46. 1 point
    Just don't. You will hurt your general performance considerably. Better to just enable the MVPS filter list in uBlock. Kind of pointless. uBlock does a better job. Ad hosts blocked by uBlock can't set cookies in the first place. That's all it pretty much does if you are using Firefox. For someone who is concerned about their privacy it is interesting that you willingly send your entire surf history to any company in clear text: Literally every single website you browse to will get submitted in that way. Bitdefender Traffic Light isn't the only extension that does this. Other extensions known to do this are Avira Browser Safety, Avast Online Security, Norton Safe Web and Comodo Online Security Pro.
  47. 1 point
    I think it's specifically related to the Creators Update for Windows 10 that Microsoft released recently, and has been slowly pushing out to everyone's computers. They made some sort of change in the Creators Update that caused this to happen. For Windows 7 the easy fix is to uninstall EIS, restart the computer twice, and then download and reinstall EIS from the following link (I don't think this would help on Windows 10 though): http://dl.emsisoft.com/EmsisoftInternetSecuritySetup.exe
  48. 1 point
    I would believe our developers are still looking in to it, however thus far we have been assuming it is an issue with Windows 10 since certain Windows tools still read the firewall status correctly.
  49. 1 point
    We're aware of the issue. Some parts of Windows 10 seem to detect that Emsisoft Internet Security's firewall is active, and some do not.
  50. 1 point
    It's not abnormal for Windows to say that when a program update for Emsisoft Internet Security gets installed. When that happens, Emsisoft Internet Security has to restart itself in order to update itself, and during that brief period of time Windows will report that Emsisoft Internet Security is turned off. I would believe we made some changes recently so that Windows doesn't do that anymore, however I have not tested to verify that (I would have checked before posting, but there's currently no beta version for me to install in order to test).
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up