GT500

Emsisoft Employee
  • Content Count

    10280
  • Joined

  • Days Won

    292

Everything posted by GT500

  1. Either the decrypter is crashing, or something is preventing it from opening. Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link (try to run the decrypter again before doing this so FRST's logs will include any Event Logs errors if the decrypter is crashing) : https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If you have Emsisoft Anti-Malware installed, when FRST checks the Windows Firewall settings Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  2. When you say it "does nothing", do you mean there's no visible indication that it's doing anything, or does it display some sort of message about failing to decrypt the files?
  3. That depends on whether or not you want to be able to monitor logs, scans, etc. and be able to change settings remotely via the web interface. Granted you will also need access to your e-mail account from anywhere you intend on logging in to My.Emsisoft from (the Two-Factor Authentication is currently handled via e-mail), so it's only really useful anywhere you also have access to your e-mail account. BTW: Here's a video demonstrating some of the things that can be done in the "Cloud Console" at My.Emsisoft:
  4. That was the Muhstik randomware. If anyone else is curious, there's more information at the following link: https://www.bleepingcomputer.com/news/security/muhstik-ransomware-victim-hacks-back-releases-decryption-keys/
  5. That's an online ID, so there won't be an immediate solution, however there is work on a way to recover your files that's ongoing. Just make sure to keep a backup of all of your encrypted files.
  6. Work is still progressing on you case. Hopefully it won't be too much longer.
  7. We currently have a promotional deal with CactusVPN. I'll ask our sales team if they have more information about it for you.
  8. It provides full remote management of Emsisoft Anti-Malware:
  9. EAM's Behavior Blocker usually tries to terminate the running process when it quarantines an executable file, however an installer will often execute other things while it's running, so it can be difficult to tell what exactly the results of EAM quarantining something may be. In this case specifically I suspect the installation would be completely halted when this happened, however I can't be 100% certain about that.
  10. It's supposed to be that way when Windows is running in Safe Mode (after all, if you forget your password, you need to have a way to regain control). I'll ask if we've changed this functionality.
  11. There is always the possibility that law enforcement may manage to catch the criminals or at least gain possession of their server. There's also the possibility that the criminals may decide to release their database of keys to someone can make a decrypter, or that researchers may discover a flaw in the ransomware that allows for decryption. With more secure ransomwares this sort of thing doesn't necessarily happen quickly, however if you can keep a copy of your encrypted files in a safe place then there is the possibility that some day you may be able to get them back.
  12. Note: The Chromium version of the extension seems to work fine, and this is the result of clicking on the "Report this site as dangerous" link:
  13. It does not appear to have been fixed, however that option appears to have been removed from the Chrome version of the extension (actually it's just hidden for certain trusted websites). I'll ask QA about it.
  14. I'll ask QA and see if that is one of the dialogs that was supposed to have been migrated to sciter for better DPI scaling support.
  15. The GUI in EAM doesn't display how many days remain on your license key when you have a subscription license (this type of license key isn't considered to have an expiration date since it will auto-renew). You should be able to see when it will automatically renew in My.Emsisoft.
  16. WiX# is a framework for building MSI packages, so ExpressVPN is probably just using that to build their MSI's.
  17. The file is a temp file. Normally the Behavior Blocker would only log events like that if it was not digitally signed. In this case it's more than likely safe, but if you need to know more then you can upload one of the files in question to VirusTotal and paste a link to the analysis here for us to look at.
  18. Yes, I would believe that was added some time within the last 3 or 4 months. We've been hard at work over the past year or so trying to improve the features and functionality of our online systems to allow for better online management of Emsisoft Anti-Malware.
  19. It's physically impossible to prevent an attacker from removing security software. Once they're in the system, and have admin rights, they have full control. They can terminate any process, delete any file, disable any startup entry, etc. This is one of the reasons why it is imperative to prevent an attacker from getting in to the system in the first place. EAM does have self-protection that can prevent automated removal of its components, however this will only stop an infection, and won't stop someone who's remotely accessing the system. BTW: If you configure an admin password for Emsisoft Anti-Malware, it won't allow someone to uninstall it without the password while Windows is running normally.
  20. We do have your debug logs, however we can't guarantee how long it will take to resolve the issue.
  21. I would believe that you'll need to contact Dr.Web for this. Note that they do charge for this service, however I would believe that they will take a look at your files and let you know whether or not they can help you recover them before charging you anything.
  22. By "actual" I think he means "legitimate" or "genuine" (a warning not to rely on pirated software).
  23. Let's try getting a log from FRST, and see if it shows the cause of the issue. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  24. One place to keep track of everything sounds nice, however it does unfortunately lead to rather cluttered bug reports when all of QA's testing information ends up there. I think it's fairly normal for BTS these days to have most of those features. The system we use can be a bit complicated, although the developers seem to like it. Granted I don't think they're usually made with QA in mind, so I think most companies use separate systems for bug reports and QA testing.