GT500

Emsisoft Employee
  • Content count

    8668
  • Joined

  • Last visited

  • Days Won

    236

GT500 last won the day on September 12

GT500 had the most liked content!

Community Reputation

467 Excellent

3 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

45112 profile views
  1. It appears to be a variant of Dharma: https://id-ransomware.malwarehunterteam.com/identify.php?case=baa3ee75ebdd3a2b789c02e1176bdfaee9308f4c In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery
  2. GT500

    Possible GUI glitch

    That's due to the system for telling time that EAM uses: https://en.wikipedia.org/wiki/Unix_time It's probably happening because the security news is empty. I'll ask to confirm that.
  3. GT500

    Can't uninstall Emsisoft

    Let's try a fresh copy of Emsiclean (we updated it not too long ago). Please try downloading Emsiclean from this link (save it on your Desktop) and follow the instructions below. Right-click on the Emsiclean file you saved on your Desktop, select Extract All, and click the Extract button in the lower right. Note: If you have 7-Zip, WinRar, etc. then you can use those to extract the Emsiclean files instead. Open EmsiClean64, and if you get a message about it not being compatible with your computer or not being able to run on your PC then open EmsiClean32 instead. When running Emsiclean, you will first be presented with a disclaimer. You will need to accept this disclaimer to continue. Emsiclean will scan your computer for leftovers after the uninstall, and give you the option to remove what it finds. Please do not allow it to remove anything at this time. In the lower-right corner will be a button that says Close Emsisoft Clean. Click on that button to close the program without making any changes to your computer. Emsiclean will save a log on your desktop as it closes (it may take a moment for the log file to appear). Using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls, please attach the log you saved on your desktop to a reply. Note: You can start Windows in Safe Mode With Networking before following the above instructions in order to make it easier for Emsiclean to remove stuff. Steps for starting Windows in Safe Mode With Networking can be found at this link.
  4. GT500

    IE11

    Microsoft does still provide security updates for it, however I wouldn't consider it to be as safe as other browsers. Microsoft isn't adding new features to it, and that includes security features. They're just fixing security bugs, and that's it. In addition, you can't use uBlock Origin with Internet Explorer. The only adblocker that appears to still support Internet Explorer is Adblock Plus.
  5. OK. Thanks for letting us know.
  6. You were referring to the notifications rather than the main Emsisoft Anti-Malware interface? If so, then please note that they have yet to be updated to scale properly at higher DPI settings.
  7. GT500

    user defined scan via context menu

    You may need to add the full path to PowerShell.exe at the beginning of the command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  8. GT500

    Adobe Flash Player

    Adobe is discontinuing Flash Player in 2020, and Adobe is (as far as I know) no longer promoting it. You can try disabling the Behavior Blocker in Emsisoft Anti-Malware, and see if that helps. Here are the steps to do so: Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Go to Protection status. Select Disable Behavior Blocker from the list. When you're done trying to install Adobe Flash Player, you can turn the Behavior Blocker back on the same way. Also, be sure you're downloading Adobe Flash Player from the following link, and make sure that none of the optional offers are selected before you download it: https://get.adobe.com/flashplayer/
  9. GT500

    Hidden Installer Behaviour

    You should be able to find out with a tool like Process Hacker. By default it shows running processes in a tree view, where each process is listed as a child (or "branch" if you prefer) of its parent process (the process that executed it). This makes it very easy to see what executed what, and you can even hold your mouse over a process for a few seconds to see the command used to execute a particular process. Note that you may need to select "Show details for all processes" in the "Hacker" menu in Process Hacker to see all of the information about processes that are running with Administrator or System rights.
  10. @maniac2003 what version of Windows did you encounter this on? 32-bit or 64-bit? I was able to get close to that resolution in a Virtual Machine, although I couldn't get it exactly 3000x2000 (had to try to drag the VMware Workstation window to the right size on a 1080p monitor using NVIDIA DSR to force the output to 4K) :
  11. GT500

    Can't find scan scheduling area

    You can also click on the "Scan & Clean" tile to go the the scanner screen, with Scheduled Scans and Scan Settings at the top.
  12. Based on what I'm seeing in the log, it certainly looks like something malicious was running on the system. I recommend following these instructions for posting in the "Help, my PC is infected!" section of the forums. Alternately, you can also contact us via e-mail and send us the logs requested in the instructions if you prefer.
  13. Google had made the decision to hide certain parts of addresses (URL's) by default. They've temporarily reversed that decision, however it looks like it will happen again in Chrome 70. https://www.bleepingcomputer.com/news/google/chrome-69-removing-www-and-m-subdomains-from-the-browsers-address-bar/ https://www.bleepingcomputer.com/news/security/chrome-69-shows-the-www-and-m-subdomains-again-but-it-s-only-temporary/
  14. GT500

    Hidden Installer Behaviour

    I'm not seeing any sign of infection in the logs. Have you tried repairing Windows Update? Microsoft has tools available to check for and fix common update issues. You can get started at the following link: https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors