GT500

Emsisoft Employee
  • Content Count

    9410
  • Joined

  • Last visited

  • Days Won

    263

GT500 last won the day on April 16

GT500 had the most liked content!

Community Reputation

518 Excellent

6 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

46359 profile views
  1. I just heard from one of our malware analysts that this is a new ransomware, and that we're actively looking for a copy of it so that we can analyze it. If you happen to know how your computer became infected, then let us know.
  2. I ran it through ID Ransomware, and I suspect it misidentified it. I've asked our malware analysts for more information.
  3. You're welcome. If you need any help with the instructions, then let me know. If you'd prefer to post your ID and MAC address on BleepingComputer as mentioned in the instructions, then feel free to do so.
  4. I just did some testing, and I wasn't able to get this option to work. I even tried manually adding the compatibility flag to the registry, and that didn't work either. When adding it to the user registry hive Windows would automatically delete it when restarting the computer, and while it wouldn't be deleted when adding it to the system registry hive it also didn't have any effect on Emsisoft Anti-Malware. Unfortunately it doesn't look like there's any way to scale the window down unless you reduce DPI globally. Windows isn't designed to allow DPI scaling on a per-application basis.
  5. Any possibility of debug logs? The option is in advanced settings now, in case you aren't already aware that it's been moved.
  6. In that case you'll need the Application Compatibility Toolkit from Microsoft. There's a tool that comes with it called "Compatibility Administrator" that will allow you to create compatibility settings for any program you want, however it is a bit complicated to use. There's information at the following link that may help you use it to disable the DPI scaling for a any program you want: https://superuser.com/a/1018284 The information at that link was intended for advanced users, so let me know if you need me to try to write instructions that are easier to follow.
  7. The issue is that the option to disable DPI scaling on a per-application basis doesn't work. From what I'm reading, if you're able to change the setting at all (64-bit Windows 7 doesn't normally allow you to change it for 64-bit applications) then it doesn't actually do anything unless you switch your Desktop theme in your Personalize settings to one that doesn't use Aero (the Windows 7 Basic or Windows Classic themes for instance). There may also be other settings that need to be changed. Out of curiosity, is the option for "Disable display scaling on high DPI settings" grayed out for you in the Compatibility Properties for a2start sort of like it is in the following screenshot?
  8. To add to what Amigo-A said, your ID doesn't appear to be an offline ID, so the chances of being able to decrypt your files is slim. That being said, if you download STOPDecrypter, run it, and copy and paste the ID and MAC it gives you into a reply then I can forward them to the create of STOPDecrypter in case he is able to figure out your decryption key at some point in the future. Here's a link to instructions on how to do that: https://kb.gt500.org/stopdecrypter
  9. This appears to be an issue with Windows 7. There may be a way around this, but first I need to know whether you have 32-bit Windows 7 or 64-bit Windows 7. Here's how to check: Hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap R to open the run dialog. Type control system into the field, and click the OK button. Roughly in the middle, below where it says System, look to the right of System type to see if it says 32-bit Operating System or 64-bit Operating System.
  10. I'm fairly certain it was due to some changes we made to our systems. If it happens again, then please be sure to let me know.
  11. That would have gone directly to our malware analysts. They don't typically respond to e-mails they receive (unfortunately they receive to many of them to respond to them), however they do read everything and check everything that is submitted. Note that they probably won't let me know what they found unless I ask them, so I'll have to see if they remember the e-mail. In this case you'd most likely either need a computer running Linux to connect the drives to, or a Linux Live DVD (you can usually put these on USB flash drives using a tool like Rufus). Maybe something like Knoppix? Unfortunately it's difficult to get a hold of anything newer than version 8.1 of Knoppix, as newer versions were only distributed via third-parties (for instance version 8.5 was only distributed through a German magazine). Granted there are alternatives that do run on Windows and can recover files from drives formatted in fourth extended (ext4), most of them cost money, however I was able to find at least a couple of free softwares that can at least access fourth extended (ext4) formatted partitions. TestDisk only appears to be able to recover files from a second extended (ext2) partition, however R-Linux appears to support fourth extended (ext4). R-Linux actually has a Windows version (there's a "for Windows" tab just above the description of the software on the R-Linux page I linked to), and in theory should be able to read a fourth extended (ext4) partition even from Windows. I wasn't able to test this quickly, since every Linux installation I have is on XFS formatted partitions instead of ext4... Keep in mind though, all of this is really just a "shot in the dark", and there are no guarantees. It sounds like in the case of your NAS some sort of malicious code did execute on it, so the odds of data recovery succeeding are very low. Just be sure you don't write any data to the drive you're trying to recover data from, or you may permanently prevent data recovery. Always recover data to a different drive than the one you're restoring from. Guest accounts are fairly normal, at least in Windows. It's possible the account is there on your NAS merely for proper Windows networking support, since Windows will expect it to be there. I don't know if there will be any side effects to disabling it, however you may want to contact Synology to ask them. EXE files are Windows executables, and can't run on Linux without some sort of API wrapper or emulator (such as Wine). If something was copied to the NAS and executed, then some sort of script would be more likely. Is it possible that these files were unrelated to the ransomware? EXE files wouldn't be able to run on a Linux-based NAS without assistance, and Linux executables usually name no file extension.
  12. Is it still too large if you set your DPI scaling to 100%, and then restart the computer? The Emsisoft Anti-Malware window should fit a 1024x768 resolution screen with DPI scaling set to 100%, and that's smaller than 1280x1024 so it should fit your screen as well.
  13. Some of your posts have been edited, so I'm not sure if you posted it here and then removed the links later, or if you sent them via e-mail. Regardless, I didn't download any files from this topic in the last week. I must have missed that in your original post. Would it be possible for you to send those to me? You can do so in a private message, or by attaching the files to a post here (only authorized personnel can download file attachments, unless they are pictures/images).
  14. Yeah, that sounds about par for the course (assuming that means the same in Russian that it would in English).
  15. This may have been fixed by some changes we made to our licensing system, however it's also possible that a simple restart of the computer resolved it. If you ever encounter the problem again, then try restarting the computer again, and let me know if that helps.