Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 10/13/09 in all areas

  1. Note: It is recommended to make a backup of all important files before using the decrypter. Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <- Forum post at BleepingComputer.com Can I report this encryption of my files as a crime? Yes. Distribution of malicious files and holding property for ransom are criminal acts in many countries, and we encourage all victims to report such incidents to the national law enforcement in the country where they reside as this helps them determine how best to prioritize investigations into such criminal activity. There is a list of national law enforcement agencies who are participating in the No More Ransom project at the following link with information on how to file a report (if you live in a country not on the list then feel free to report the incident to your local law enforcement): https://www.nomoreransom.org/en/report-a-crime.html Someone says they can decrypt my files, but I will have to pay them. Is this safe? Such individuals or companies are either scam artists, or they are paying the ransom without telling you and overcharging you for it. Either way we recommend avoiding any contact with those who claim they can decrypt your files for a fee. How do I remove the ransomware? The STOP/Djvu decrypter will stop the ransomware from running so that it can't continue encrypting your files, however it doesn't completely remove the ransomware. Most Anti-Virus software will detect STOP/Djvu if you run a scan for it, however if you don't have Anti-Virus software installed then you can run a Malware Scan with Emsisoft Emergency Kit (free for home/non-commercial use). Note that formatting the hard drive and reinstalling Windows will also remove the infection, however this ransomware is particularly easy to remove, so if a computer is only infected with STOP/Djvu then formatting the drive would be unnecessary. Will removing the infection unlock my files? No. Your files are encrypted. This encryption needs to be reversed (via a process called "decryption") before your files will be usable again. This encryption cannot be removed or undone simply by removing the STOP/Djvu ransomware infection. The decrypter can't decrypt my files? In most cases this means you have an online ID. It could also mean your files were encrypted by a newer variant of STOP/Djvu. See below for explanations. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. What does "Remote name could not be resolved" mean? This can happen if your computer isn't connected to the Internet. If your Internet connection is working, then it can also be an indication of a DNS issue, and we recommend you reset your HOSTS file back to default if everything else seems fine. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Why is the decrypter stuck on "Starting"? When you run the decrypter, it looks for encrypted files. It will say "Starting" until it is able to find some. If the decrypter remains stuck on "Starting" for a long period of time, then this means it is unable to find any encrypted files. Offline ID. When the ransomware can't connect to its command and control servers while encrypting your files, it uses a built-in encryption key and a built-in ID. Offline ID's generally end in t1 and are usually easy to identify. Since the offline key and ID only change with each variant/extension, everyone who has had their files encrypted by the same variant will have the same ID and the files will be decryptable by the same key (or "private key" in the case of RSA keys). Online ID. In most cases the ransomware is able to connect to its command and control servers when it encrypts files, and when this happens the servers respond by generating random keys for each infected computer. Since each computer has its own key, you can't use a key from another computer to decrypt your files. The decrypter is capable of working around this with older variants as long as it has some help, however for newer variants there is nothing that can be done to recover files. Old Variants. Old variants were those in distribution until near the end of August, 2019. Our decrypter supports offline ID's for almost all older variants, and can decrypt files for those with offline ID's without needing any help. For online ID's, it's necessary to supply file pairs to our online submission form so that the decrypter can be "trained" how to decrypt your files. A list of extensions from older variants can be found at the bottom of this post. Is it possible to change an online ID into an offline ID? Your files' ID serves to identify which private key is needed to decrypt your files. If you were to somehow change the ID that was added to your encrypted files, then all you would accomplish is making it impossible to decrypt your files at all, even if you paid the ransom. It is imperative that you don't attempt to modify your encrypted files if you want to make sure that they can be decrypted some day. New Variants. These use more secure RSA keys which are impervious to most types of attacks. Support for some offline ID's has been added to the decrypter for newer variants, and support for new offline ID's will be added as we are able to figure out private keys (decryption keys) for them. As for online ID's, due to the usage of RSA keys, there's currently nothing the decrypter can do to help recover files. How long does it take to add support for new offline ID's to the decrypter? Private keys for offline ID's are donated by victims who paid the ransom, and there is no way for us to be able to estimate when this will happen. If you have an offline ID then try running the decrypter once every week or two, and if we have been able to add the private key for your ID then it will start decrypting files. Will it ever be possible to decrypt new variants with online ID's? That depends on whether or not law enforcement is able to catch the criminals who are behind this ransomware. If law enforcement is able to catch them and release their database of keys, then we can add those to our database for decryption. Are there any ways to recover/repair files that can't be decrypted? In most cases this is not possible, however there is a tool called DiskTuna that can help repair some videos that have been encrypted. This tool was made by a third-party, and they are not affiliated with us, however one of our developers has verified that it does work in at least some cases. You can find more information at this link. What is a file pair? This refers to a pair of files that are identical (as in they are the exact same file), except one copy is encrypted and the other is not. Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back. File pairs only work for one type of file. Due to the way encryption works in STOP/Djvu, file pairs can only help the decryption service figure out how to decrypt one type of file. For instance, if you submit a file pair for an MP3 file, then the decrypter will be able to decrypt all of your other MP3 files, however it won't be able to decrypt any other type of file. There are some exceptions to this, such as certain newer Microsoft Office documents (such as DOCX and XLSX) since those files are technically ZIP archives. The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from. Extensions from older variants that the decrypter supports:
    13 points
  2. Official word is, "yes". We will give free license extensions to anyone who upgraded to Windows 10 and was unable to use the firewall. Once the issue has been resolved, please either submit a support ticket in our helpdesk system, or send a Private Message on the forums to me (English Support) or Thomas Ott (English/German Sales). Be sure to mention that you would like to have your license extended due to the Windows 10 issues and include in your message any license keys that were in use on a computer with Windows 10. Feel free to link to this forum post if you would like to.
    7 points
  3. As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
    6 points
  4. Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
    5 points
  5. Guten Tag, Wir haben mittlerweile mehrfach etabliert, dass Emsisoft nicht das Programm Ihrer Wahl ist. Sie haben sich bereits anderweitig ein Antivirus gesucht, dass auch noch dreißig weitere Funktionalitäten mitabdeckt. Fakt ist jedoch, dass viele Leute eben auch ein Antivirenprogramm suchen, dass nicht noch fünfzig Extras mitbringt, die man nicht will oder nicht braucht. Für diese Leute gibt es eben Emsisoft Anti-Malware und die meisten unserer Kunden sind mit der Tatsache, dass es eben 'nur' ein Rundumschutz für den Rechner ist und nicht mehr, zufrieden. Für all die angesprochenen Features - Passwortgenerator, Kinderschutz, etc - gibt es bereits gute Programme, die man sich bei Bedarf installieren kann. Viele Leute haben aber entweder keine Kinder oder wollen diesen den Zugang nicht beschränken, warum sollten wir diesen Leuten einen Kinderschutz mitinstallieren. Einige haben eben auch nicht RAM oder CPU im Überfluß, für diese Leute ist es noch ärgerlichr wenn das RAM durch ein AV belegt ist, dass aufgrund von ungenutzten Features die Ressourcen auffrisst. Fazit: Es gibt viele Antivirenprogramme, die die eierlegende Vollmilchsau sein wollen und versuchen alle Programme in einem zu vereinen. Es gibt User, die diesen Ansatz nicht mögen und nur ein Antivirenprogramm wollen. Nicht mehr. Für diese Leute gibt es, zum Beispiel Emsisoft Anti-Malware. Sie gehören nicht zu dieser Gruppe und das ist ok. Mit freundlichen Grüßen Kathrin
    4 points
  6. Which for everything related to our core technologies (engine, behavior blocker, cleaning engine) would be me. Hi, nice to meet you! Next time someone looks strange at me for talking to myself I can now point them to this post and tell them you asked me to talk to me . Your argument is that we chose Bitdefender because it is "the best". Both Kaspersky as well as Avira consistently score higher in pure on-demand tests than Bitdefender does. If you consider PUP detection ESET is a superior contender as well. We considered all of them at one point or another but they were discarded for various reasons. The article is based on the submission we got through the "Submit information about detected Malware" option in all our products, which reports back meta data (infection names, number of infected objects) about all infections found by our products.
    4 points
  7. Actually, there is a system behind it: My workstation computers are named after noble gases, like Krypton or Helium. Computers that I only use temporarily or belong to guests are named after transition metals like Titanium. Non-computer devices like smartphones are named after non-metals like Oxygen. All systems and VMs that are used for malware testing are named after radioactive elements like Uranium. Needless to say my WLAN and local workgroup is called "Periodic Table". And yes, I spent a significant amount of time coming up with that system and I am proud of it .
    4 points
  8. You've not yet adequately answered my questions. I have however noticed that EAM hasn't nagged me recently; does that mean that someone's tweaked the code to stop the nagging, or is it just coincidence (since the nags seemed to be at irregular intervals)? If the nagging is going to continue, then please explain once and for all WHY this authentication is needed for a user who is not using the website-based console. Please also address all the other points I've raised here, namely: - the possibility (if there's not multiple instances) that your backend server is a single point of failure - the possibility (if someone manages to hack into those server(s)) of the security of customers' systems being at risk. I'm sure you won't have forgotten that an Emsisoft server was breached in Jan-Feb 2021. I know that was reported as a fairly minor data leak, but that doesn't mean that other kinds of breach are impossible. I wonder how much thought Emsisoft have given to how they'd mitigate effects (on customers' systems) if such a breach were to occur. And, do you run disaster-recovery tests on your infrastructure? If eg a data-centre which houses your servers burns down (as did OVHcloud, Strasbourg, France, in March 2021) how long will your customers be affected for? - the point about the website console, if one chooses to change to "Local Only" resetting my (private) PC's EAM configuration to default - two problems there: why would it reset anything, and secondly how/why (if my PC is not authenticated to the workspace) does it have the right to perform a reset? - the tooltip text for the "Local Only" option I do not think I have muddied the waters with conjecture. But note that "conjecture" means speculation based on inadequate information. The very fact that I've been asking the initial question here (about the nagging) over and over again without a proper answer being given has not helped. Questions about single points of failure etc might have been less relevant before when your customers' systems were less tightly integrated with your servers; I mean all of us could cope with occasional absences of signature updates. But centralised control of our copies of EAM by your servers considerably heightens risk for customers. I would like you to understand that I ask about these things based on my professional experiences in a UK bank's datacentre.
    3 points
  9. Everything is clear, except the parts that are in Russian. I'm going to send you a private message with some instructions.
    3 points
  10. Hello @SalasKafa, Thank you for contacting Emsisoft Support. TOPI is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the TOPI variant of STOP/DJVU.
    3 points
  11. It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
    3 points
  12. Please note that Emsisoft Anti-Malware for Windows XP hasn't been updated (as in program updates) in over 2 years, and we never intended on continuing long-term database update support for it. In fact, we discontinued our own database updates for it over a year and a half ago, and those still running Emsisoft Anti-Malware on Windows XP have only been receiving BitDefender database updates. We've decided that it is time to stop redistributing those BitDefender updates for Windows XP, as all they are doing is giving those on Windows XP a false sense of security. In addition, it is extremely dangerous to continue using Windows XP. It has (for several years now) had well-known and major security vulnerabilities that Microsoft will never fix. These vulnerabilities make it trivial to infect a Windows XP system, and there is no security software in the world that is capable of preventing it. We can not, in good conscience, continue to provide any support for this version of Windows, as we announced on December 31st, 2015: https://blog.emsisoft.com/2015/12/02/why-we-believe-its-not-ethical-to-sell-antivirus-software-for-windows-xp-any-longer/ We highly recommend that you upgrade to a newer Operating System that is still supported. It doesn't matter if that's a newer version of Windows, or something free like Linux or BSD, as long as you'll be receiving security updates from whoever makes it. New vulnerabilities are discovered almost every day for every major Operating System (Windows, Linux, BSD, MacOS, Android, etc) so it is absolutely critical that you are able to receive security updates from whoever made the Operating System to help keep you and your data safe.
    3 points
  13. Wenn alle Features eingebaut würden, die Galaxy wünscht, dann würde ich EAM sofort deinstallieren. Ich mag das Programm so wie es ist und hoffe, das bleibt auch so.
    3 points
  14. Is this working OK now for everyone else? If it is, then there's no need for any more logs. All we needed was a traceroute to send to our CDN provider to help in identifying the server that was having the issue, and I managed to get one of those the other day.
    3 points
  15. @achtsam Es wird eher langsam Zeit, dass Du deinen privaten Kreuzzug einstellst. Das nimmt ja wirklich paranoide Züge an.
    3 points
  16. Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
    3 points
  17. Today, we've received information that our Dutch team member Rob R. passed away yesterday afternoon, after suffering from an unexpected heart attack last Wednesday. Rob was our lead software tester and we always admired him for his special eye to track down the most tricky bugs. He joined our team more than five years ago by voluntarily sending over a brand new and complete Dutch translation of our software. Shortly after he initiated our efforts in offering physical delivery of our software on CD boxes and USB sticks. He also demonstrated a great interest in testing security software which recently led him to becoming our lead tester for Emsisoft Anti-Malware and Emsisoft Internet Security. Rob will truly live on in our memories as a valued team member and friend.
    3 points
  18. Hardik587 You are indeed becoming most wearisome. There is an old expression among diehard Texans. "No matter how much you kick a dead horse it won't get up" This is exactly what you are doing.
    3 points
  19. Hello, please send me your license key via PM (personal message). I will add some days to your key as a sign of goodwill.
    3 points
  20. It's more difficult with pictures. They are more compressed and less fragmented than video files, so the cipher damages them much. If you transferred a collection of photos from one disk to another and after that did not fill this place on the disk with anything, then using data recovery programs you can recover some of the photos from the previous location.
    2 points
  21. Because the decrypter already supports it. The reason it can't decrypt files encrypted by this newer variant is due to the fact that we don't have the private key for it's offline ID. We have to wait for a victim with an offline ID who paid the ransom to donate their private key to us.
    2 points
  22. Hello, The posts you found are more than 5 years old. In terms of security software that means the information there is severely outdated. In the past years considerable changes have been made to our products and currently Emsisoft Anti-Malware protects against fileless malware. Fileless malware detection has nothing to do with the reputation settings you asked about; our behavior blocker routines were adapted to adequately detect and block fileless malware a few years ago.
    2 points
  23. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be able to obtain private keys for decryption. Unfortunately it isn't possible to know if or when that may happen.
    2 points
  24. Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files. For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.
    2 points
  25. I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."
    2 points
  26. My WSC does not recognise EAM either. Recommending that we should "uninstall EAM, restart the PC twice, and then reinstall EAM", on top of having to constantly disable and re-enable EAM components to deal with the still unfixed issue of excessive CPU usage, is uncceptable for a piece of software that is not exactly cheap.
    2 points
  27. Password protected archives work, as long as the password isn't posted with the link. Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there. We've started an analysis on it as well, however I don't think our malware analysts have had a chance to finish yet. I'll pass your links on in case they come in handy.
    2 points
  28. The Emsisoft Browser Security extension is now available on the Microsoft Addons store for Chromium Edge: https://microsoftedge.microsoft.com/addons/detail/jlpdpddffjddlfdbllimedpemaodbjgn Hopefully we'll be able to update EAM soon to check whether or not it's installed when you launch Chromium Edge.
    2 points
  29. Hello. This link can help! https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bitdefender Labs has made a decryption tool.
    2 points
  30. If you want to make sure the Behavior Blocker is working, there's a batch file in the ZIP archive at the following link that should trigger a detection when you run it: https://www.gt500.org/emsisoft/bb_test.zip Just extract it somewhere, double-click on the batch file, and let Emsisoft Anti-Malware quarantine it. If you don't allow it to be quarantined, then it won't work as an effective test anymore.
    2 points
  31. @Kevin Zoll @GT500 Just tried using STOP djvu decryptor a while ago and my files were successfully decrypted. Thank you so much Emsisoft Team. 😭
    2 points
  32. @SalasKafa Try running the decryptor again; we may have just received a key for that ID recently. 😉
    2 points
  33. Hi @Kevin Zoll, Thanks for your comprehensive answer. Also I just read that informative post written by @GT500 I'm sure you'll find how to fix this issue someday As far as I can see for now, unfortunately, I think I should clean my driver from [useless] exe.topi files and go on... Thank you again.
    2 points
  34. @Amigo-A All variants of ChernoLocker do not leave a ransom note. It is a Python compiled script that just displays a message box when done, and opens a URL in the browser. url = f.decrypt('gAAAAABd5uHecSzXalJbhS48cQlhKynkcDotLAv8c3TD0jBkUvDQb-Z5snS7XgONHXqiNd5Czd94vCQix280kyHSjNnAwzgl66vYj_-YyTtPnNxTN3YjP-tZdQtd1bqe1WyRwrD-2m0xvruurd37CbHVSf2cTy-yCDCTN-MadttLITlVisEFMcKstpwHOUi-KV6YZ-7MmWcz2aaB1WmgSDNs_SN2buoKTg==') # url = 'https://platinumdatasolutionsltd.co.ke/wp-content/uploads/2018/11/landing-screenshot-img-9-768.jpg' webbrowser.open_new_tab(url) win32ui.MessageBox("All Your Files have now been encrypted with the strongest encryption\nYou need to purchase the encryption key otherwise\nyou won't recover your files\nRead the Browser tab on ways to recover your files\nMake Sure you dont loose this Email as you it will be loosing it will be fatal \nWrite it in a notepad and keep it safe \nEmail: [email protected]", 'YOUR FILES HAVE BEEN ENCRYPTED') @Raúl Try re-downloading the decryptor for v1.0.0.2 now. I've added support for your variant.
    2 points
  35. Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
    2 points
  36. Other companies have 10 to 100 times the number of employees we do. Having one person there that fixes bugs in Windows Insider builds isn't much of an issue there. However, us doing that would mean ~30% of all development time disappears to keep a couple of hobbyists happy who use a system that is not intended for use in production systems on their production system. We do include insider builds in our QA runs, so we know if or what is broken so we can fix it in time for a release. But unless something is fundamentally broken, risking system security or stability, we won't fix bugs specific to insider builds before a release to web is close.
    2 points
  37. We had to turn off XP updates because the latest scan engine and its signatures are no longer compatible with it. Instead of pretending that we could protect you from malware (which we effectively can't because XP is full of holes and flaws that aren't gonna be fixed at all) we would rather strongly recommend you to upgrade your computer. If that is for any reason impossible and means that you can't use our software anymore at all, we're happy to issue a refund for the remaining period.
    2 points
  38. According to several reports, the latest Windows 10 Update pushed on Jan. 3rd is supposed to address the "Meltdown" security problem. However, due to changes to Windows kernel, Microsoft didn't make the update available to users without the "ALLOW REGKEY", and directed users to confirm with AV vendors if their products are compatible with the latest update. So is the current version of EAM compatible with this update?
    2 points
  39. Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
    2 points
  40. Both products are based on the same code, but server operating systems require a different (more expensive) license key.
    2 points
  41. Hi LandLord323, Unfortunately, we can't decrypt your files for free. I suggest either making sure you change the RDP password to be more secure or disabling it if you do not use it as that is how they get access. Regards, Sarah
    2 points
  42. The following innovations make Online Armor 5.5 our best firewall ever: Integration of Anti-Malware Network: Unknown programs are immediately cross-checked against the cloud. The Online Database contains around 4 million entries and relies on the intelligence of the cloud. Programs considered harmless are automatically permitted, while annoying pop-up windows and alerts are omitted. So you can totally focus on your work! New cloud-based scan: Our cloud scan, already used in Emsisoft MalAware, has been included in Online Armor. Even if there is no record of a file in the Anti-Malware Network, more than 7 million signatures mean that malware can be recognized reliably to keep your PC safe. Improved license and update system: Software updates are downloaded and installed way quicker. Moreover, Online Armor relies on the license system used for other Emsisoft products. Access our Customer Center to find and manage the licenses for all your Emsisoft products in one place. Your Online Armor license key will be automatically transferred to the new system as soon as you use version 5.5 for the first time. Unnecessary key resets when reinstalling your OS are a thing of the past. New pricing system rewards your loyalty: The 1-year license is 25 % cheaper if renewed once the initial 1-year period has expired and will be a further 5 % cheaper for every additional year you renew it. Long-term customers can thus benefit from discounts of up to 50 %. Fine tuning: We have added news popups that keep you up to date with the latest Emsisoft news and fixed several potential incompatibilites, e.g. in combination with Ad Muncher or WinCrypt. As well as countless minor changes for improved user experience and best protection. To get the latest version, just run an online update or alternatively uninstall and reinstall the latest setup package from the official Emsisoft Online Armor product page. If you are using Online Armor FREE earlier than 5.0, please uninstall this version and download the new one. Introductory offer: Pack of 3 for the price of 1 = 45 % discount! Limited offer until February 14th, 2012: Buy a 1-year license now for Emsisoft Online Armor Firewall for 3 PCs at a special price: Instead of US $73.- only US $40.-. Buy here
    2 points
  43. Ich kann diesen beinahe hysterischen Umgang mit dem Virenschutz ohnehin nicht nachvollziehen. Ich vertraue Emsisoft, weil es im Unterschied zu sehr vielen anderen nicht spioniert und keinen Crap mitinstalliert bzw. anbietet. Das ist fast ein - und mir persönlich sehr wichtiges - Alleinstellungsmerkmal. Außerdem arbeiten an der Software Menschen, da kann es durchaus vorkommen, daß jemand temporär mal ein Brett vorm Kopf hat, es urlaubsbedingt oder aus anderen Gründen (Todesfall) zu personeller Unterbesetzung kommt oder man kurz hinter einer Erkennungsrate herhinkt, weil da jemand bei XXX einen Geistesblitz hatte oder besonders empathisch war. In solchen Fällen wird dann schnellstmöglich "aufgeholt". Folglich kein Problem und bei jedem Hersteller so vorkommend. Außerdem soll und kann jeder Schutz ja auch nur "Spitzen kappen". In erster Linie ist bei jeder Maschine derjenige gefragt, der davor sitzt, also brain.exe. In Grunde hat dieses permanente Vergleichen der Tests mit etwas Abstand betrachtet so'n Beigeschmack von Pimmellängevergleichen - oder auch dieser Anspruch, daß Deutschland gefälligst die Goldmedaillen holen muß, das ist eine verzerrte Sicht aus der gleichen Ecke. Gelassenheit und ehrliche Fairness, daran mangelt's immer häufiger. Und das obwohl das ständige "cool" doch in aller Munde ist...
    2 points
  44. Hallo und vielen Dank für die Anfrage bei uns im Support-Forum. Bitte vielmals um entschuldigung, bei einem Upgrade zu Emsisoft Internet Security wurde scheinbar die Rabattstufe nicht richtig auf den neuen Lizenzschlüssel übertragen. Ich habe das nun für Sie nachgeholt und eine Verlängerung mit angemessenen Kunden- und Mengen-Rabatt ist nun über unsere Verlängerungsseite möglich: http://www.emsisoft.de/de/order/renew/ Da das Lizenzende schon sehr bald eingetreten wäre habe ich die Lizenz ein wenig verlängert so dass genügend Zeit für eine Verlängerung übrig bleibt. Vielen Dank dass Sie unsere Softwarelösungen verwenden. Sollten noch weitere Fragen bestehen, so stehe ich gerne dafür zur Verfügung.
    2 points
  45. Hallo Thomas, vielen Dank für die ganzen Informationen, ich bin begeistert von der Reaktion des Supportteams hier im Forum, bei Avast hat es Tage gedauert und die ganzen Moderatoren haben sich schon nicht mehr ins Forum getraut grade bei dem Thema Win 10 Update erst 6 Monate nach Veröffentlichung von Win 10 ..... und das für zahlende Kunde... der Witz daran die Consumer Version ist von Anfang an win 10 kompatibel ... Egal das Thema ist Geschichte aber es ärgert mich immer noch ;-) Es freut mich auch schon direkt ein Key im Postfach zu haben ich mach mich an die Arbeit zu testen, der Großteil aller Fragen ist schon von dir beantwortet worden eine Wichtige wär für mich noch das Thema Rückmeldung der Updates und Notebooks extern. 6) Wie bekommen Notebook Clients Updates die nur selten im Netzwerk sind vielleicht 2-10 mal im Jahr ? Wie kommen die Informationen von den Clients zurück in die Console wird eine VPN Verbindung benötigt ? Gibt es dazu ein Best practice? Ich hoffe ihr geht immer mehr in die Richtung Business Lösung mit einer sehr guten Console und guten Support könnt ihr da ganz viele Kunden generieren mache da gerne Werbung für wenn ich mit eurem Produkt zufrieden bin. Fangt bitte nur nicht an die alle anderen AV Hersteller alles in die Cloud zu packen das sehe ich bei dem Thema AV sehr kritisch wenn dann jmd. mal an den Account kommt. Klar ne art proxy für Rückmeldung andere Clients ist ja ok aber die komplette Kontrolle der Console sollte immer im geschützten Netzwerk bleiben! Irgendwie freu mich mich jetzt aufs testen Gruß Zwergenmeister
    2 points
  46. Upgrade from EIS 10.0.0.5735 to EIS 11.0.0.5847 (Beta) I currently have for the 'Advanced Firewall Settings' to "Ask" to allow incoming/outgoing firewall rules. (all 4 options are set to Ask) Application Rules did not Update after Upgrade ----------------------------------------------------------- After the upgrade/restart i deleted the custom rules to allow ports 80/443 and yet it still allowed the connection even after restarting firefox and did not prompt me to allow it again either. So I went to Settings -> "Factory Defaults" this seemed to do the trick, and this time asked me to allow the port connections 80 / 443. Real-Time Firewall Blocking ------------------------------------ At first I allowed port 80 / 443, and then tried adding a BLOCK TCP/UDP 0-65535 (below to the first rule) i could still browse successfully (where before in v10, 0-65535 was over-riding everything) However then i removed the rules, then tried this time to "block" the connections, except it was still allowing the connection, even though 80 / 443 were blocked. It wasn't until I restarted firefox that the blocking rule took effect. so it appears real-time firewall blocking of the application is not quite working. Real-time Application Blocking (or Suggestion) ------------------------------------------------------------------- Another issue ,prevalent in v10 also, is when you block an application in Application Rules or Behaviour Blocker, it does not close the application once blocked, it just prevents it from running the next time. Where in v9 i remember it used to close the application immediately once blocked. Automatic Custom Montioring (Suggestion) ------------------------------------------------------------------- Even though I have automatic firewall settings set to "Ask" about trustworthy applications, the behaviour blocker still sets everything to "All Allowed", so each time I do say.. a Factory Reset or new install, I have to reset each application to "Custom Monitoring" if I want to be confronted with potential behavioural threats. The behavioural blocking is the pride and joy of EIS, so I think it should be an option in "Advanced Firewall Settings" to set "All Allowed" to "Custom Monitoring" by default. Which will warn you about code injection and such. Automatic Behavior Blocking Template(Suggestion) ----------------------------------------------------- Also think you should be able to create something like a Template that applies to all applications by default, for example.. "Block Backdoor Related Activity" "Block Spyware Related Activity" could be set by default, based on your template you created. More Detailed Information About Intrusions (Suggestion) ---------------------------------------------------------------------------------- I mentioned in the previous suggestion about behavioural blocking, and how it warns you about code injection and potential intrusions. These errors can come from system applications, for example... when changing personalize settings, a message appears saying Explorer.exe wants to change something, or when Firefox tries to run a program from the downloads menu, it will say something along the lines that Firefox is acting like a trojan or something to that nature. These are scenarios where it was likely a false detection, but was warning of a potential problem, which is great! However, there are also scenarios where Explorer.exe or Firefox.exe may be doing something it shouldn't, and yet the options are to Allow something potentially bad, or Block, which closes the application, not really knowing what you just blocked. So what i'd really love to see.... is the offending command, i believe v9 had it right... when it popped up the behaviour, it gave you much more verbose input, like Explorer.exe -> Shell32.dll -> hotdog.dll -> somethingweird.exe then i could tell the difference between, a simple desktop entry being modified, or of an actual threat that needs to be dealt with. So would really really love to see an option in "Advanced rule settings" for [ X ] verbose behaviour messages Application Rules & Behavior Rules Merging (Suggestion) ---------------------------------------------------------------------- I think v9 also had it right in this case.... all of the application rules were all in one neat tidy window, maybe i'm a little daft, but i don't quite understand why these two are seperated, and why some applications will show up in Behavior Blocker and not in Application Rules, and if i want one in the other, i have to create the rule myself. Then tediously set everything to Custom Monitored, to get it to monitor its behavior. Theming (Suggestion) ---------------------------- I know i've said this before, but i'll say it again... i'd love to have an option to theme/skin the EIS application, maybe to something with more neutral colors. Insights ---------- If everything gets automatically allowed, then its only passively protecting the system for the sake of letting Windows run smoothly, The goal here is easy to use security, i think its important not to let security take a back seat for the sake of making it easy to use. In the Blog you make mention that everything should be kind of behind the scenes without much intervention and fiddling around with settings, however I think a lot of people don't really mind the extra popups as long as they know their system is actually being protected. Special Thanks -------------------- I'd like to thank the emsisoft team for their dedication and hard work on this amazing application. I hope everything i've said has not been discouraging but has inspired you to keep working to make this program even better. Keep up the good work, and please tell Santa about everything on my wish list.
    2 points
  47. You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
    2 points
  48. Hallo, Ja das ist kein Problem. Vermieden werden sollte lediglich zwei Desktopfirewalls parallel zu installieren. Zum Beispiel Emsisoft Internet Security und Bitdefender Internet Security gleichzeitig zu installieren. Sollten weitere Fragen bestehen kontaktieren Sie uns bitte erneut.
    2 points
  49. Dies ist die Kernaussage des m.M.n exzellenten Artikels auf der offiz. HP: http://blog.emsisoft.com/de/2015/06/26/antivirensoftware-schutz-fuer-ihre-dateien-aber-auf-kosten-ihrer-privatsphaere/ Ich finde, dieser wichtige Aspekt wird viel zu wenig gewürdigt, sei es in den Tests der ganzen Testinstitute, die meist nur nach Erkennung, Beseitigung und Performance unterteilen oder in den ganzen "Fach"zeitschriften wie computerbild oder chip, etc. Aber auch bei den Usern: Wenn ich mir anschaue, dass auf dem beliebtesten Donwload-Portal Deutschlands Avira über 400.000 Mal diesen Monat heruntergeladen wurde, dann muss man sich fragen, ob es den meisten Usern nicht schlichtweg egal ist, was mit Ihren Daten passiert oder sie wissen es erst gar nicht: Motto, Hauptsache, es ist umsonst. Erschwerend dazu kommt der Herdentrieb: Soviele User können sich ja gar nicht irren. Umsonst soll ja heute sowieso alles am besten sein; wer bezahlt die Malware-Analysten, die Developer, die an den Erkennungsroutinen und am Selbstschutz des Programms arbeiten, die normale Verwaltung und die angebundene Hardware/Server u.v.m? Das alles wird ausgeblendet. Wirklich umsonst ist heute fast nichts mehr, sei es Avast (in o.a. Artikel ja erwähnt), AVG (Toolbar) oder Avira - lange Jahre Ask-Toolbar in Verwendung, heute angeblich eine eigenständig entwickelte ("Hust"!). Hier bezahlt man m.M.n indirekt mit den persönlichen Daten. Ich finde, jede Software ist heute immer Vertrauenssache, das trifft vor allem auf AV Programme zu. In dem Kontext finde ich Emsisoft und seine Datenschutzpolitik klasse , neben der sehr guten Erkennung war das für mich das Hauptkriterium bei der Kaufentscheidung! Weiter so Emsisoft!
    2 points
  50. Online Armor covers all these applications except the "Behavior Blocker" part. Behavior blockers and HIPS in the same product are pretty much mutually exclusive. They essentially both refer to the same underlying technology. The only difference is the way decisions are made on whether or not to allow a certain action. A HIPS will ask the user, while a behavior blocker tries to figure everything out on its own. Given that it should be obvious why those modes are mutually exclusive and why running both at the same time makes little sense: You can't both ask a user about everything and not asking him and figuring it out internally on your own at the same time. You can install two different products (one HIPS, one behavior blocker) at the same time, but the only thing you achieve will be that you have to allow things twice. So either go with a HIPS or with a behavior blocker. But not both.
    2 points
  • Who's Online   0 Members, 0 Anonymous, 34 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...