GT500

Emsisoft Employee
  • Content Count

    9170
  • Joined

  • Last visited

  • Days Won

    253

GT500 last won the day on February 11

GT500 had the most liked content!

Community Reputation

500 Excellent

4 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

45975 profile views
  1. Since this was more than likely Remote Desktop related, I'll paste some steps below to help with getting started securing Remote Desktop: First I recommend temporarily disabling all port rules in your firewall (closing all open ports) until you can do a full audit of your firewall configuration and determine which ports need to remain open. There are some basic recommendations below to help get you started with the port audit. If you are managing a company network, then some form of IPS/IDS is highly recommended to monitor the network for intrusions. If you already have such a system in place, then I recommend a full audit of any rules you have configured to make sure that the device is providing adequate monitoring. It is also recommended to have someone with penetration testing experience verify that the IPS/IDS is properly alerting when there are intrusion attempts. Also, quickly change all passwords on any workstations and/or servers that are connected to the same network as the compromised system. Also be sure to change passwords on any online accounts, as well as any routers or switches (or other devices that have network-accessible administration functions). I recommend that every account have a different password, that passwords be no shorter than 25 characters and be made up of a random combination of uppercase letters, lowercase letters, numbers, and symbols. Obviously passwords like that are difficult (if not impossible) to remember, so a password manager may be required in order to aid in managing passwords. KeePass is probably the simplest password manager, and stores password databases locally instead of on some "cloud" server. If something capable of automatically filling in passwords (or sharing passwords between multiple devices/users) is necessary then there are reasonable passwords managers from LastPass, bitwarden, 1Password, Dashlane, etc. Note that unlike KeePass, these password managers work as extensions added to web browsers (or apps on mobile phones), and they store password databases online. When auditing your firewall configuration and preparing to reopen ports, I recommend never opening ports globally unless absolutely necessary. I also recommend requiring anyone who needs access to sensitive services (RDP, Windows Networking, etc) to connect to the network via a VPN so that you don't have to open ports for those services in the firewall, and then only open the VPN port in the firewall for IP addresses that need access to it. If someone who needs access has a dynamic IP, then many firewalls these days support something like Single Packet Authorization or Port Knocking to dynamically open ports for unknown IP addresses.
  2. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  3. FenixLocker 2.0 uses a more secure form of encryption, and it isn't possible to decrypt files that have been encrypted by it without first obtaining the private key from the criminals who made/distributed the ransomware.
  4. Phobos appears to use AES-256 encryption. Unless there's a flaw in their implementation of that encryption, then it is more than likely not possible to decrypt files that have been encrypted by Phobos.
  5. GT500

    GlobeImposter 2.0 Infection

    GlobeImposter 2.0 generates new keys for each computer it infects, so a decryption tool sent to another victim won't decrypt your files, as your private key will be different from theirs.
  6. I am not aware of any compatibility issues with the Emsisoft Browser Security extension, however the more extensions you have installed the greater an impact it will have on browser performance.
  7. Malware isn't generally distributed in large files like that. If it is, it generally needs to be extracted and then executed, at which point protection will catch it.
  8. GT500

    your computer is not protected

    Let's try getting a diagnostic log. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/ It might also be useful to have logs from FRST. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  9. GT500

    Pause protection via a batch command?

    It's technically possible, however you'd have to turn off self-protection in EAM, terminate a2guard.exe and a2start.exe using something like taskkill, then stop a2service.exe. Keep in mind that, as Jeremy pointed out, if it's possible for you to automate disabling EAM, then it's also possible for malware to do it.
  10. It's Chromium based, however it has been significantly modified, and at least will use different paths for the extensions. I'm not certain how much would need to be modified to support Vivaldi, and I can't say whether or not support for it will be added in the future.
  11. I am not aware of any Anti-Virus scanner that will scan files that are gigabytes in size. I would believe the maximum file size that our scanning engine supports is 100 MB, however this has been revised a number of times over the years, and may have changed.
  12. I use Vivaldi as well, however (as is usual with Jon von Tetzchner's browsers) Vivaldi's market share is extremely low, and it can't be considered a mainstream/major browser. I was only able to find the following site that even listed market share for Vivaldi: NetMarketShare - Vivaldi = 0.11% Unfortunately Vivaldi's market share is so low that most browser usage stats don't even show it at all.
  13. I'm glad to hear that the issue appears to be resolved now. If you need anything else, then please let us know.
  14. GT500

    Ayuda!!! ransomware extensión .writeme

    If you'd like to keep an eye out for news about the ransomware that has encrypted your files, then BleepingComputer's news feed is a good resource, although I don't think they offer their news in languages other than English: https://www.bleepingcomputer.com/
  15. Michael Gillespie has updated his STOPDecrypter for some of these newer variants of the STOP ransomware, however please note that in most cases it will only work if the ransomware was unable to contact its command and control server when it encrypted your files. There is more information available at the following links: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-21#entry4667165 https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/page-23#entry4668025