GT500

Emsisoft Employee
  • Content Count

    12878
  • Joined

  • Days Won

    388

Everything posted by GT500

  1. chkdsk doesn't look for problems with files. It's concern is primarily with the filesystem, as that has a greater effect on system stability. chkdsk probably had to restore filesystem data regarding the file (presumably data from the MFT) from the journal, which probably contained out of date data describing the location of the various parts of the file on the filesystem. I don't think I was ever given specifics about why. What I do remember is something about your scripting system not operating like most programs (at least in regards to what it's doing when it triggers alerts), and that's why the issues you run into with it aren't seen by other EAM users.
  2. Sure, you can send logs in a private message. Technically the FRST logs can be sent at any time, but if you want to wait until the issue happens then run FRST after collecting and sending debug logs. FRST will add the last 10 errors from the Windows Event Logs to its Addition log file, so if it's been too long since the last time the issue has happened then we may not see it in the FRST logs.
  3. FYI: We do have referral and affiliate programs if you're interested. This can come in handy especially if you have a website, blog, or social media pages where the terms of service allow referral/affiliate links. Referral program: https://www.emsisoft.com/en/referral/ Affiliate program: https://www.emsisoft.com/en/partner/affiliates/
  4. We'll also need debug logs if that's not too much to ask. Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click Advanced in the menu at the top. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day. After that, close the Emsisoft Anti-Malware window. Reproduce the issue you are having (restart the computer so that the Security Center fails to read Emsisoft Anti-Malware's status). Once you have reproduced the issue, open Emsisoft Anti-Malware again. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles. Click on the button that says Send an email. Select the logs on the right that show today's dates (if you try to send too many logs, then we may not receive them). Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message). If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time). Click on Send now at the bottom once you are ready to send the logs. Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.
  5. Could you attach logs from FRST to a reply? You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  6. This appears to be the Matrix ransomware. Unfortunately there is no known way to decrypt files that have been encrypted by this ransomware. Traducción proporcionada por Google: Este parece ser el ransomware Matrix. Desafortunadamente, no hay una forma conocida de descifrar archivos que han sido encriptados por este ransomware.
  7. Then decryption is impossible. At least it's impossible without the private key for your ID, and only the criminals have that.
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. What did the decrypter say when you tried it?
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. That's certainly a difficult one. I imagine that over time hearing about your good experiences with us could help convince some people, however it's important to try to avoid coming across as a "fanboy" as that may lead people to dismiss what you have to say.
  21. I'm glad to hear that fixed it. If you need anything else, then please let us know.
  22. Applications can ask Windows to reserve memory for them in case they need more as they load more data into memory, that way they don't have to worry about whether or not there is free memory when they need more. Windows doesn't list this reserved memory as in use by running processes, but rather lists it as free (memory that isn't in use). Because of this, most memory usage information isn't actually going to give you an accurate picture of when crashing will happen due to the system running out of unreserved RAM. Click the Back button in the left below the list of monitors to go back to the screen that shows all the graphs. Read the memory usage from that graph. Technically I think it's showing the commit charge.
  23. So it only happens on startup then, and not just after the system has been running for some time?
  24. chkdsk is intended to repair the filesystem. Corrupted files can't be validated or repaired unless there are backup copies of them. From what I've been told about similar issues you've reported in the past, my understanding is that this probably won't be the case, and you'll more than likely only see the issue when using your scripts.
  25. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/