Leaderboard


Popular Content

Showing content with the highest reputation since 03/26/19 in all areas

  1. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  2. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  3. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  4. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  5. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  6. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  7. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  8. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  9. 1 point
    Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offer https://sharewareonsale.com/ - daily discounts, excluding 100% Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Office https://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux. Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs.
  10. 1 point
    Look at your file that I attached. From personal experience, I use always folders with English words or numbers for decryption. Folders in other languages may not be supported. This does not apply to decrypters from Emsisoft. This is just my experience. @GT500 from Emsisoft or @Demonslay335 experts will tell you in more detail or fix this problem. Wait. I recommend solving problems with decryption through PM, so developers and ransomware actors will not know the secret.
  11. 1 point
    The digital signature has been whitelisted now, so hopefully that should resolve the issue for you.
  12. 1 point
    Hello @karan11 Looking at the format of the encrypted file, we can say that this is the result of the Phobos Ransomware attack. But in order for our help to be more accurate and informative, ALWAYS need to attach to the message 2-3 different encrypted files and a ransom notes, that the extortionists left for you. This may be files info.txt, info.hta I recommend to put them in the archive and attach to the message, in this way they will not be damaged.
  13. 1 point
    This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter  [+] Loaded 59 offline keys Please archive the following info in case of future decryption: [*] ID: fLZ0FsGOpqQKtS85F02McGLS2zvr55u1wR2tblpR [*] ID: 68O9eTFDNbn8z2O956vweaL1v2GY5gvWBYMKcmt1 [*] MACs: 2A:03:9A:C3:93:6B, E8:03:9A:C3:93:6B, E8:03:9A:C3:93:6C This info has also been logged to STOPDecrypter-log.txt
  14. 1 point
    Here are some additional files to assist you guys with finding a possible solution. We have had three clients hit so far, one I cannot pull files from, so I have attached the two that I could pull from, and it includes 3 files and the ransom note. https://www.sendspace.com/filegroup/pQy%2Fr36fUtEYB9TrvQLBEQ
  15. 1 point
    I'll pass this on to the maker of STOPDecrypter, but note that we need to have the MAC addresses of every network adapter on the computer (even if it isn't a normal ethernet adapter). Hopefully the information you provided will be enough to be able to find your decryption key quickly, however please note that we can't make any promises. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  16. 1 point
    It's not abnormal for different companies to give different names to the same malware.
  17. 1 point
    .id-C8DAE7D0.[[email protected]].html - this is the format of Dharma Ransomware (detailed description + link to English translation in the title of the article). These extortionists have been robbing users for 2.5 years with impunity and law enforcement agencies are shamefully inactive.
  18. 1 point
    Thanks a lot!! I dont have access to any executable .. I suspect that it was a remote access and no trace of commands in NAS filesystem or attacheds local network computers 😞 Really, i dont had certainty about the correction of the filepair i submitted. But your discovery of the base64 encoding of the filenames (really great!!) give a clue in order to attempt looking for a good filepair. If i obtain a good filepair i will submite here Thanks, you make a great job!! Francisco Sancho
  19. 1 point
    Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2019-06-25 15:25 - 2019-06-25 15:25 - 000000000 _D C:\Users\klime\Desktop\umowy 2019-06-24 19:00 - 2019-06-24 19:27 - 000000000 __D C:\Users\klime\AppData\Roaming\vrguqgoqzs 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\system32\tmumh 2019-06-20 22:15 - 2019-06-20 22:15 - 000000048 ____H C:\Program Files (x86)\k5wlusm0mk.dat 2019-06-18 11:55 - 2019-06-18 11:55 - 000001024 C:\WINDOWS\SysWOW64\%TMP% ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak plikuClose Notepad.NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST64 and press the Fix button just once and wait.If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.NOTE: If the tool warns you about an outdated version please download and run the updated version.
  20. 1 point
    The .pumax variant is 100% decryptable if you follow the instructions in the README.txt and provide it an encrypted file and its original. Don't bother with the ID and MAC, I don't need to archive those for that variant.
  21. 1 point
  22. 1 point
    One more case here. Files encrypted over last weekend - .COPAN extension added and as far as I can see no single trace of ransomware software left except ransom notes. Attached ransom notes and two encrypted files. Best regards and thank you. TEHNIČKA PODRŠKA.xlsx.COPAN Tehnički zadatak.docx.COPAN HOW TO DECRYPT FILES.hta HOW TO DECRYPT FILES.txt
  23. 1 point
  24. 1 point
    EAM doesn't work on XP or Vista now. System requirements are :- For Windows 7/8.1/10, 32 & 64 bit
  25. 1 point
    OK, it looks like any infection had already been removed. Your computer should be OK for now.
  26. 1 point
    Yes, Emsisoft Anti-Malware includes protection from Potentially Unwanted Programs (PUPs).
  27. 1 point
    https://blog.emsisoft.com/de/33459/neu-in-2019-5-verbesserte-myemsisoft-uebersicht-beta/
  28. 1 point
    Hi Zwergenmeister Thanks for your feedback. Please note that ECC is in beta stage and we're adding new stuff and fixing things on a regular base. 1. planned 2. known and being worked on 3. data: what would you like to get from and send to a device ? german translation will be updated. VG Frank
  29. 1 point
    As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  30. 1 point
    Sophal You correctly think this site with kmspico is the source of the infection! Due to the launch of a malicious file from there STOP Ransomware encrypted your files. Before you decrypt the files, you need to make sure that there is neither this infection nor any other infection on the PC. We have seen cases when those who suffered from previous versions STOP Ransomware successfully decrypted files, but then they were attacked by the same encryptor, which encrypted files with a different extension, and used an encryption key that cannot be calculated. In punishment for haste and complacency, the user lost his files a second time and, possibly, forever. As experience shows, very often after encryption on a PC, this or another infection remains, which you could get together with the encryptor. Malicious programs often work in groups: trojans of a different type, password hijackers, backdoors, dormant malware, dangerous browser plugins. Therefore, I advise you to check your PC for active and dormant malware. This can be done here in the forum in the next section. You can also download the free tool Emsisoft Emergency Kit yourself and check the computer.
  31. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  32. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  33. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  34. 1 point
    Ich kann mich der Kritik nur anschließen. Die ganze Richtung, die Emsisoft in den letzten Monaten genommen hat, gefällt mir auch nicht.
  35. 1 point
    That is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Actually, Demonslay335 told me earlier today that he already helped you, so you should be good to go. If you need anything else, then please let us know.
  36. 1 point
    Independent certification body Virus Bulletin recently released the results of their latest rounds of VB100 tests. Once again, we’re happy to announce that Emsisoft Anti-Malware aced the tests and walked away with a perfect score! What is the VB100? The VB100 is a certification test designed to evaluate the detection capabilities of antivirus software. To perform the tests, each antivirus product is installed on a physical computer or virtual machine with specifications you would expect to find on a business PC. The products are installed with default configurations on a clean, dedicated instance of Windows. Each test is performed on two different systems, one running Windows 7, the other running Windows 10. The security products are then exposed to a range of malicious samples taken from various malware sets, including: The WildList set: A set of a few thousand samples curated by the WildList Organization. The AMTSO RTTL: The Real-Time Threat List is a continuous feed of 1,200-3,000 new samples collected by malware experts around the world and managed by the Anti-Malware Testing Standards Organization. The Diversity set: A set of 1,000-2,000 recent malware samples. The products also scanned a subset of 100,000 files taken from the clean sample set, which is a collection of 400,000 non-malicious files. To achieve VB100 certification, a security product had to be able to meet the following criteria: Identify at least 99.95 percent of malicious samples. Generate no more than 0.01 percent false positives. How did we do? We’re delighted to report that Emsisoft Anti-Malware achieved a perfect score in every category. Our flagship software identified 100 percent of the 2000+ malware samples used in the tests while generating zero false positives along the way, earning it VB100 certification. We’re pleased to see Emsisoft Anti-Malware excelling in test conditions, and we’ll continue working hard to provide the best malware protection on the planet! About Virus Bulletin Virus Bulletin a security information portal, testing and certification body based in the UK. VB100 certification tests are designed to assess the detection capabilities of endpoint security solutions. A product that has been awarded VB100 certification can generally be trusted to provide a certain level of protection against malware. Click here to see the full report, or click here to have a look at some of the other awards we’ve won in the past. Have a good (malware-free) day! The post Emsisoft Awarded VB100 certification in April 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  37. 1 point
    Hallo Emsisoft und hallo Thomas! Muss das Thema noch einmal aufgreifen: Hatte im letzten Jahr schon meinen Unmut zur Abo-Variante des Lizenzsystems kundgetan. Immerhin war da noch über die Mail von Cleverbridge eine umgehende Kündigung relativ einfach möglich. Vermutlich hat Emsisoft dies auch bemerkt und nun mit dem neuen Abrechnungsdienstleister "2Checkout" auch diese Möglichkeit entfernt. Beim heutigen Kauf der Verlängerung kamen insgesamt drei Mails (1. Bestätigung des Kaufs / 2. Bestätigung der Zahlung / 3. Produkt-/Abonnementinformationen). In keiner dieser Mails ist eine Möglichkeit beschrieben oder verlinkt, die Kündigung des Abos auszuführen. Dieses Geschäftsgebaren hat nichts mehr mit dem bisher üblichen vertrauensvollen Verhältnis und den angenehmen Kontakt bei Fragen zu tun! Kundenbindung wird nicht durch Abos sondern durch gute Produkte (welche Emsisoft nach wie vor fertigt) und vernünftigen Support erreicht. Also: Wie kann ich nun mit einfachen Mitteln das aufgezwungene Abo umgehend kündigen??? - Danke für kurzfristige Antwort und hoffentlich baldige Änderung des Lizenzsystems - Back to the roots! VG Holger
  38. 1 point
    Hello. Yes, there was a malfunction and some messages could be lost. Fortunately, the forum was promptly restored. Your files are encrypted with the new STOP Ransomware variants with extensions .verasto and .hrosas This STOP Ransomware successfully, to our general pity, attacks users around the world already a 1,5 year... Decrypting files in some cases is possible with the efforts of Demonslay335 (developer STOP Decrypter). You need to read important information on the link.
  39. 1 point
    I just started playing around with the new "My Emsisoft Cloud Console". My first experiences have been quite positive. 🙂 Two little things that I would like to suggest for improvement: 1) I use only one policy for the whole network (i.e. workspace). This is why I delete all computer groups except "New Computers" (which cannot be deleted). I then set all required policy settings/options on the highest possible level, which is the "root" group called "Workspace". These settings are then of course inherited by the "New Computers" group (and possibly some other groups that I might add later). The problem is that whenever you re-visit the "Protection Policies" section by clicking in the navigation bar on the left hand side, the view defaults to the "New Computers" group. So if I'm not very careful, I'll change settings in this group instead of the root group "Workspace". It would be nice if the selection could default to "Workspace" whenever you re-visit the Protection Policies section. 2) Using the Enterprise Console, it was easy to see at a glance if the settings on some client PCs deviated from the original policy setting (the overview in EEC then shows a little round arrow next to the policy name in the "Computer Policy" column). In the cloud console, you must have a detailed look at the settings of each client PC to see if there is anything different to the original policy. It would be very helpful to be able to see policy vs. current client settings differences directly on the overview dashboard. (please bring back the round arrow 😉) Furthermore, there are some minor cosmetic issues: - When clicking on the menu of the root protection group "Workspace", the menu item "Clone" is not greyed out. It is clickable, but (as expected) nothing happens. It should be greyed out like the rest of this group's menu items. - Some German translations don't fit into the UI (mostly on buttons) - When using browser zoom (I use 120% by default) some lines around some UI fields get cut off And two final questions: - I was wondering what the setting "Detect registry policy settings" in the Scanner Settings section does (see attached screenshot). -Why does my license vanish from the "Licenses --> Personal Licenses" section after assigning it to a workspace ? Is this by design? This seems confusing to me... What happens if I delete a workspace - will the license be returned to the "Personal Licenses" section? What about client PCs that are NOT associated with the workspace - will they have licensing problems (I don't want to add all my PCs to the workspace)? Thanks for the great job so far! Raynor
  40. 1 point
    Hello, Here are some example files Let me know if you need something more.
  41. 1 point
    There is something more interesting on the encrypted files: The encryption speed seems to depend on the number of files; not on the size of the file. A very large file is ‘encrypted’ with the same speed a very small file. On average I calculated a speed of about 13 files a second. More analyzing shows to my first impression that only the first 64kB of each file is encrypted. This does however not mean that smaller files cannot be encrypted as well. What I further think is that encryption is done in blocks of 128 bit and when the filesize does not match the remaining few bytes are left as is, keeping the filesize unchanged
  42. 1 point
    You can find instructions on using STOPDecrypter to get your ID and MAC address at the following link: https://kb.gt500.org/stopdecrypter
  43. 1 point
    The Behavior Blocker in Emsisoft Anti-Malware does do cloud lookups on unknown applications that are exhibiting potentially malicious behavior. This is primarily used for determining if an application is known as safe, as a form of whitelisting, however there are malicious programs that are detected through cloud lookups as well. The reason we don't rely heavily on cloud lookups for detection is simply due to the fact that the Behavior Blocker will block/quarantine any unknown applications that exhibit potentially malicious behavior, so it will generally take care of infections on its own, and only needs help with identifying safe applications so that its less likely to block/quarantine them along with malicious applications.
  44. 1 point
    Ja, Icewolf, wie Du hatte auch ich gedacht, daß Emsi sich unserer Kritik annimmt und da nachbessert. Für mich erstaunlich wegen der bisher so besonders kundenfreundlichen Praxis (keine Daten verhökern, keine Toolbars etc. mitinstallieren...), daß man unsere Beschwerden offenbar stumpf ignoriert. Bei allem Pipifax,wie "nicht übersetzt, fehlt was am Rand, Farbe nicht gut, Anpassung an Monitor unzulänglich etc.)" wurde irgendwann - meist schnell - reagiert und nachgebessert. Jetzt kommt man mal mit einer wirklich schwerwiegenden Kritik - und nix passiert. Naja, Win10 bringt ja den inzwischen reiferen Defender mit, und da "der Geiz geil ist" werden die meisten Kunden keine zusätzliche AV Software installieren. Da scheint die Firmenleitung ihre Felle schwimmen zu sehen... Anders kann ich mir einen so schwerwiegenden Fauxpas nicht erklären bei der bisherigen Philosophie des Herrn Mairoll. Schade
  45. 1 point
    Ich dachte das wollte man ändern? https://support.emsisoft.com/topic/30225-neues-lizenz-system-abonnement/
  46. 1 point
    You can technically just remove all entries from your hosts file using Notepad. Just delete everything except the "127.0.0.1 localhost" entry if there is any. Lines starting with "#" are comments by the way. Pretty much. We are not an ad blocker, no. You use uBlock Origin which is pretty much the best adblocker you can get. So you are well covered in that area already. Correct. When you try to click the link, it will block access to the site. But I do understand that a lot of people would like to know before they click, which is why we consider adding it. Interestingly enough WOT got in trouble for the very same thing that some AVs are doing with their extension. You can always set up your own DNS server locally or in a cheap VPS box online. DNS also can be tunneled via various secure protocols (DNS-over-HTTPS for example). Those use methods that provide k-anonymity. Firefox in addition also sends "fake" requests if I remember correctly so the hoster of the block list does not know whether that was a website you actually surfed to or a random request. If you are so concerned, just host your own VPN. Get a cheap VPS with bitcoin at njal.la for example, host OpenVPN and your own DNS server on it and there will be no link between you and the VPS. It's serious overkill though.
  47. 1 point
    uBlock is exceptionally good at removing duplicate filter rules. So if you enable the MVPS filter list there, it will only enable it for stuff that isn't covered by other lists. That's also why in the rules list it says "x used out of y". Because it tells you how many rules it actually used out of that filter list. The rest was already covered by other lists. uBlock is also a lot more efficient as parsing and applying these filter rules than the DNS API in Windows is, which is the component that parses the "hosts" file. Depending on the browser you use, the "hosts" file may actually get ignored entirely. Some browsers like Chrome, for example, implemented their own, faster DNS client as the Windows DNS API isn't the fastest. So in the worst case scenario, you were having this huge hosts file, slowing down every program that does remotely something with networking, while at the same time your browser completely ignored it. Yeah, most people aren't aware of it and it is the main reason why we decided to create our own browser extension. The worst part is, that it is completely unnecessary from a technical point of view as well. But yeah, as it is often the case: If something a free, you pay with your data. Unfortunately not. If you find one, let me know which one and I can check how intrusive it is for you though. We are also considering adding search indicators in our extension. So you may want to wait for that. There is no ETA though.
  48. 1 point
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  49. 1 point
    Then you should already know how to get them.
  50. 1 point
    I would believe our developers are still looking in to it, however thus far we have been assuming it is an issue with Windows 10 since certain Windows tools still read the firewall status correctly.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up