Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


GT500 last won the day on August 31

GT500 had the most liked content!

Community Reputation

573 Excellent


About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

48196 profile views
  1. If you'd like to see the criminals prosecuted, then note that the more reports about this ransomware the authorities receive, the more reason they have to track them down. There's information about how to report ransomware incidents to law enforcement in a number of different countries at the following link:
  2. There are certain things that can run on multiple platforms. Java, Python, .NET via Mono, etc. They may also write shell scripts for Linux and batch files for Windows that accomplish similar tasks on both Operating Systems, or just compile different binaries for each platform they wish to infect. The idea of doing multi-platform malware has been around for a long time. There was a paper written in the late 1990's detailing a worm that was platform-agnostic, used scripts to begin execution on the infected system, downloaded a binary payload and executed it, and then began attempting to replicate over the Internet.
  3. I deleted one of your screenshots, since it had an e-mail address in it. That's because you abused our referral program to extend free trials into multi-year license keys (seriously, one of your screenshots shows 358,042 days, which is 980.9 years?)... Now I haven't seen your account, and am just going off of the content of the reply you were sent via e-mail when I say that you abused the referral system. That being said, you should know that our system does make it fairly easy to tell the difference between real referrals and abuse of the referral system, so whoever replied to you was more than likely correct.
  4. We have a new beta that includes a fix for a log related issue (although it may not be the same one you've encountered): Here's how to install the beta if you'd like to try it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  5. Considering the resources required for the Quarantine re-scan, it makes sense that the computer could appear to freeze while it's running. Does it help if you change the scanner settings to reduce the priority of scanning for better multitasking? Here's how to do that: Open Emsisoft Anti-Malware Click on Scan & Clean. Click on Scanner settings in the menu at the top. Change Performance impact from "Scan with highest priority for best speed" to Reduced priority for improved multitasking. After that, re-enable the Quarantine re-scan and let me know if you still have trouble with the computer freezing/hanging. You can turn the Quarantine re-scan off again after you're certain whether or not reducing the scanning priority helped if you'd like to. It's only there to alert you if there were false positives, and you can run the Quarantine re-scan manually from the Quarantine list if you'd prefer that over letting it run automatically whenever updates are installed.
  6. Try the following, and let me know if that helps (feel free to export your settings first to make a backup): Open Emsisoft Anti-Malware. Click on Settings. Click on Advanced in the menu at the top. Scroll down to Factory defaults (second option from the bottom of the Advanced list), and click the Revert button. Select the option in the dialog for Permissions (make sure that's the only option selected), and then click OK to revert permissions back to default. Note that the changes should take effect immediately, however you can also right-click on the Start button, go to Shut down or sign out, and select Restart from that menu in order to force the Emsisoft Protection Service to reload on startup.
  7. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. Also note: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  8. Yes, once you give the criminals your e-mail address, they could continue to try to extort money from you. It's best to never contact them yourself.
  9. Yeah, somebody (who shall remain nameless) likes to use their lawyers similar to how armies use artillery...
  10. There's currently no decrypter for Phobos. Out of curiosity, were the files that were encrypted accessible via FTP or Windows Networking? It seems strange for both a Linux and Windows server to get hit by the same ransomware.
  11. There's nothing new to report thus far, however hopefully it won't be too much longer.
  12. The Behavior Blocker will only take action if the application attempts to do something potentially malicious.
  13. I checked our system real quick, and I don't see any e-mails from the address you signed up for the forums with. If you used a different e-mail account, then send me a private message on the forums with the e-mail address you used and I will see if I can find your e-mail in our system (feel free to add Claude to the private message conversation as well). Also note that right now Verizon, AOL, and Yahoo are blocking all e-mails that our forums and helpdesk are sending (they don't seem to like the service we use to send e-mails from those systems). We're attempting to get this resolved, however if you had contacted us with an e-mail address from one of those three service providers then it's possible that Claude sent you a reply and you didn't receive it due to this issue.
  14. The most important is a2service as it's what monitors other processes, opens hooks, and does just about everything else. That being said, here's a full list of executable files that can be found in the EAM folder (note that by default Windows will hide the .exe on the end of the file names). The ones in bold are the most likely to be running, and should probably be excluded. Proxy.exe - Update proxy, usually used in corporate networks to reduce update download bandwidth usage. EmDmp.exe - Handles collecting and reporting crash info. CommService.exe - Facilitates communication with Emsisoft Cloud Console (MyEmsisoft Workspaces). EmsiClean.exe - Used during uninstall to help ensure all EAM files are removed. a2start.exe - Main EAM interface. a2guard.exe - Handles EAM notifications and System Tray icon. a2service.exe - Backbone of EAM protection. a2cmd.exe - Optional commandline scanner (only runs when executed manually).
  15. Is this the same computer you're having the other notification issue on?