GT500

Emsisoft Employee
  • Content count

    7788
  • Joined

  • Last visited

  • Days Won

    210

GT500 last won the day on January 2

GT500 had the most liked content!

Community Reputation

405 Excellent

2 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

42976 profile views
  1. cry36 attack, RDP logs intact

    In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery
  2. nemesis cry36

    In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery
  3. Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst
  4. Firewall Information

    ZoneAlarm's firewall should be fine.
  5. EEK crash

    Once you're in Safe Mode, if EEK isn't able to find/remove any threats, then try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/274/55/running-a-scan-with-frst
  6. EEK crash

    Are you able to follow the instructions at the link below to start your computer in Safe Mode With Networking? https://www.computerhope.com/issues/chsafe.htm If that doesn't work, then you can try the following: Click on the Start button and then click on the power button in the lower-left to open the shutdown/restart options. If you hold down the Shift key on your keyboard while you click on the option to restart, then your computer should restart in Recovery Mode, and you can get into Safe Mode from there. When your computer starts in Recovery Mode, it will show you a blue screen that says Choose an option in white at the top, and has the following options: Continue Use a device Troubleshoot Turn off your PC If you click on Troubleshoot, then click on Advanced options, and then click on Startup Settings then there will be a button in the lower-right to restart your computer to get advanced startup settings (such as Safe Mode). After your computer restarts you should see another blue screen that says Startup Settings at the top. Simply type the number 4 on your keyboard to load into Safe Mode, or type the number 5 for Safe Mode With Networking (if you need Internet access in Safe Mode), and Windows will start in Safe Mode.
  7. Firewall Information

    It's possible that Comodo's software has some sort of hooking related issue with Emsisoft Anti-Malware, and needs exclusions to prevent issues.
  8. Firewall Information

    If the computer is a server in a datacenter, then that's entirely possible. If it's a home computer (especially if there's only one user), then the odds are you'd never notice a performance decrease from the patch for the CPU vulnerabilities. Those are several of the most popular ones. I think GlassWire is also fairly popular, but is also just a front-end for the Windows Firewall like Windows Firewall Control. Most of the other dedicated firewall software out there has disappeared over the years.
  9. Key remapping

    OK, I recommend sticking to the troubleshooting steps that whoever you're in contact with on our Support or Sales team has recommended. We don't want to cause any confusion by having two or more of us sending you instructions or asking for information.
  10. Something appears to be blocking the connection to arctic.emsisoft.com (there's no response from the server recorded in the log). What happens if you try to visit https://arctic.emsisoft.com/ in your browser? Does it redirect you to our homepage? It looks like you're using GlassWire to manage the Windows Firewall. Does it have logs that show when it blocks something? It's possible that the firewall configuration is preventing access to the server.
  11. Let's try getting a diagnostic log. The instructions and download are available at the following link: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/275/55/running-the-emsisoft-diagnostic-tool
  12. Key remapping

    You have the license key activated on two computers, correct? Have you tried reactivating the license key on each computer to see if that resolves the issue? Also, are you in contact with someone from our sales team as well? Your license key's mapping history has been deleted, which suggests that someone else may be trying to help you.
  13. Apocalypse (new variant)

    You're welcome.
  14. Key remapping

    Let's try getting a diagnostic log. The instructions and download are available at the following link: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/275/55/running-the-emsisoft-diagnostic-tool
  15. Apocalypse (new variant)

    There's not much information out there about that e-mail address. I did find your topic on BleepingComputer, but with limited information available about this particular ransomware there's really no good recommendations we can make. The only possibility (and it's a remote possibility) is to try a tool such as ShadowExplorer, however ransomware usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery