GT500

Emsisoft Employee
  • Content count

    7392
  • Joined

  • Last visited

  • Days Won

    195

GT500 last won the day on October 14

GT500 had the most liked content!

Community Reputation

372 Excellent

1 Follower

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/84

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

41997 profile views
  1. That appears to be the Crysis/Dharma ransomware. Older variants of this ransomware had their master decryption keys publicly released, however newer versions (including this one) have not. In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies). http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia: https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery
  2. Windows Firewall Control

    I think it's essentially the same issue as was posted in the following topic:
  3. We don't recommend excluding the TEMP folder. If you right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), then go to Protection status, and select to disable the Behavior Blocker you should be able to proceed with the driver installation and then turn the Behavior Blocker back on the same way when done.
  4. OK, so the log text could probably be a little clearer. I'll pass that on.
  5. Our server host had some networking/routing issues in their datacenter over the weekend. It was at its worst Friday evening (in the USA) or Saturday morning (for those in Europe, Asia, Australia, etc). If anyone else is still having trouble with updates, then restarting your computer should resolve the issue. On Windows 7 restarting normally should be fine. On Windows 8.1 and 10 you'll need to right-click on the Start button, go to Shut down or sign out, and select Restart from the menu so that your computer will full shut down while restarting.
  6. Are you referring to this notification, or do you have EAM configured to show alerts rather than take automatic action?
  7. About Application Rules

    You're welcome.
  8. About Application Rules

    Application Rules are not necessary in most cases, and will usually only be created if you click something in a Behavior Blocker alert or notification. They will also be automatically deleted if the file the rule is created for no longer exists, or is moved to another location.
  9. License end message

    Let's try getting a diagnostic log. The instructions and download are available at the following link: https://helpdesk.emsisoft.com/Knowledgebase/Article/View/275/55/running-the-emsisoft-diagnostic-tool
  10. Trouble Login to Router

    Yeah, router firmware has changed a lot over the years, and ASUS has a rather fancy UI for a router.
  11. Trouble Login to Router

    What model was it? I had two ASUS RT-N66U routers that literally ran so hot they burned up their own processors (even the replacements did it while they were sitting on laptop coolers), and one of them was in a room with a pretty constant 73 Fahrenheit (23 Celsius) temperature. ASUS was great about getting them replaced for me, but eventually I just decided to go with something from a different manufacturer, since I needed something that would be reliable. As for the original question, if EAM was blocking communication with the router (which shouldn't happen) then it would be logged in the Surf Protection or Behavior Blocker logs, and turning off the Surf Protection and/or Behavior Blocker should allow you to connect until you turn them back on.
  12. EAM is off after startup

    Well, that might explain the log entries then. Technically we can't provide support for using our software along with a pirated edition of Windows. Even if it weren't for the legal issues, we have no way of knowing how the Operating System has been modified, and thus we can't guarantee that our software will work as expected on it. That being said, I suspect that the issue is a combination of the hardware (Celeron processors are budget processors and aren't intended to be fast, plus the system only has 2GB of RAM which is really only enough for Windows itself to run smoothly in) and the fact that there are more than three security softwares on the computer all using resources on startup. This is more than likely slowing down the initialization of our update process (it will start after 5 minutes if system load doesn't drop to 20% or lower within that period of time), and the service may also not be able to load the database in to memory any faster than that as well if there's too much hard drive activity.
  13. Yes, it is unfortunate. It's probably the only way they could stay in business. Firewall software doesn't sell well enough these days to fund a business, and if you give it away for free you have to try to find some way to make money from that. Sadly some companies take that a little too far, and bundle things that are far worse than just Google Chrome...