Emsisoft Employee
  • Content Count

  • Joined

  • Last visited

  • Days Won


GT500 last won the day on November 13

GT500 had the most liked content!

Community Reputation

489 Excellent


About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

45428 profile views
  1. GT500


    I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: You can paste a link to the results into a reply if you would like for me to review them.
  2. GT500

    Notification box placement

    There are some known issues with notifications with high screen resolutions and high DPI. We hope to be able to resolve these issues soon so that notifications are readable.
  3. BitDefender's scan engine is supplemented by their own automated behavioral blocking technology. Since we only use their scan engine, our detections will always be different from theirs. They tested on Windows 10, and Emsisoft Anti-Malware has an issue on Windows 10 where the first update can take an abnormally long period of time to initialize (it doesn't happen 100% of the time, but I expect that it must have happened in their test to have not achieved a perfect score). As for the abysmal results for installation, I'm not entirely certain why that is. Possibly because we use an MSI installer, whereas I would believe that most of the other Anti-Virus software companies have built their own installers. MSI has its advantages, however it is rather slow. <- Sorry, I misread the column header in the results. It was installing applications, not installing the AV software. They tested Emsisoft Anti-Malware version 2018.9, which had some bugs in a new driver, so that's why the result was so poor. If the test was run with the current stable version (2018.10.1) then the results would be quite different.
  4. GT500

    How do I stop this continuous behavior

    OK. Kevin may want to see the file in question as well, however it's probably best to wait until he asks for it (if he hasn't already).
  5. It looks like there were issues with several of our CDN's servers in Europe yesterday (the notifications say "degraded performance"), and they were down for maintenance until about 16:00 to 17:00 UTC. Since traffic was being rerouted to other servers during the downtime, it more than likely caused abnormal delays and timeouts while checking for updates for some customers.
  6. Most ransomware will automatically delete itself after it has finished encrypting files (this is done to make it more difficult for analysts to get a hold of a copy of the ransomware). Also note that there is currently no known way to decrypt files that have been encrypted by GlobeImposter 2.0 without first obtaining the private key from the criminals who made/distributed the ransomware.
  7. Let's try getting a diagnostic log. The instructions and download are available at the following link:
  8. GT500

    How do I stop this continuous behavior

    I'm not finding any matches for that SHA1 hash. If you restore the file from the Quarantine in Emsisoft Anti-Malware, then you can upload it to VirusTotal and have them scan it, then post a link to the analysis here for us to review: Here's how to restore something from the Quarantine: Open Emsisoft Anti-Malware. Click on Quarantine in the Scan & Clean tile, or click on the icon on the far left (sidebar) that looks like a square with a white circle in it. Click on the file you'd like to restore from the list to select it (it should be highlighted in light blue when selected). Click on the Restore button in the lower-left.
  9. GT500

    How do I stop this continuous behavior

    If you could do the following, I could try and see if I can find information about the file in question: Open Emsisoft Anti-Malware. Click on Logs. Type sll.exe into the search field at the top. Find an entry in the list from the Behavior Blocker showing it detecting suspicious behavior for sll.exe and double-click on it for more information. The third line should be enclosed in parenthesis and should have SHA1: followed by a long string of numbers and letters. Copy this line, and paste it into a reply.
  10. To download updates to the threat databases that Emsisoft Anti-Malware uses. Running without the latest database updates is dangerous. If you keep your machine offline and don't allow Emsisoft Anti-Malware to update, then when you do go online the machine will be more vulnerable. Emsisoft Anti-Malware will report to the Windows Security Center that it is "out of date" if it has been more than 24 hours since the last time it checked for updates.
  11. Thank you for letting me know. If you had switched to the Beta update feed, then note that 2018.10.1 was released to the Stable update feed late yesterday, so you can switch back to the Stable update feed if you'd like to:
  12. Did yesterday's program update have any effect on these issues? That's understandable, however please keep in mind that its best to have confirmation from those who are effected by an issue that a fix is working as expected before it's released in a stable update, so even if the beta could be tried on one or two systems then that would help with validating that the fix is ready. Ask them to switch to the Delayed update feed. This feed exists primarily for corporate clients that can't afford downtime in case of a problem with an update. We only publish builds to this feed that have demonstrated better than average stability, so they shouldn't cause any problems with systems that need to have 100% uptime.
  13. @jedsiem is correct, the fixes in the beta were released in a stable build late yesterday: If you've already installed the beta, then feel free to switch back to the Stable update feed, and let us know if you're still having any trouble.
  14. Is this issue fixed by the current beta version? Here's how to try the beta: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  15. The test is a removal test. Apparently there were some threats that our cleaning engine had trouble removing after they had infected the system. Our developers will have to look into the data from AV-Comparatives to see what wasn't removed and why.