Jump to content


Emsisoft Employee
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Elise

  1. Then don't enter any data in any webform that doesn't have the https:// prefix, avoid any security products that use https intercepts, see also this article: https://www.bleepingcomputer.com/news/security/us-cert-security-products-that-perform-https-interception-weaken-security/ Besides that, always be sure to use strong passwords, personally I'd recommend using a password manager like LastPass or KeePass to ensure you use unique and strong passwords that can't easily be hacked.
  2. Hi Paul, Unfortunately without more information its impossible to say what this file is/does. Can you check the file path in the log and try to upload it to www.virustotal.com? Afterwards, post the link to the scan results here so I can check it out.
  3. Hello, While it is good to treat online privacy as a serious concern, it is also a very broad subject. It would help to know what exactly you're afraid of.
  4. Hello, This is just a scam webpage, it does not actually infect your computer or mean that your computer is infected. Just closing the browser will be enough. I will also add the URL to our surf protection database, if you have any other URLs, please let me know.
  5. Hello, If you already set up an appointment with CloudEight, I'd recommend you to contact them to make sure they can do this. If you need malware removal help you also can also follow the steps here and post the required information.
  6. Depending on what you use the servers for and how important any data is, I strongly recommend you to invest in a reliable backup system and security software instead. It might also be a good idea to ensure you use strong RDP passwords to avoid server hacks (no matter what security you have in place, if the server is hacked via RDP, an attacker can bypass anything).
  7. Hello, While I understand the endeavor, unfortunately developing something like that without false-positives is not a minor project. We include this in our Behavior Blocking technology at Emsisoft and it takes continuous work to ensure it blocks all ransomware but does allow legitimate programs as well.
  8. That already exists, think Apple. Apple hardware is not safer than Windows, its just less exploited than Windows because it has a smaller user base, the same goes for Linux (examples: look up BashBug/Shell Shock for Linux or FlashBack for OSX).
  9. To be honest, I think Microsoft does a reasonable job when it comes to security. For example, if I want to use a Windows 10 VM out of the box for malware removal, I always need to tweak it in order to make sure my samples run uninterrupted. As for bugs, any software piece has them, you can't just redesign a platform like Windows to get rid of them because you'll just have other bugs: software is coded by human beings, human beings make mistakes.
  10. As far as I know Windows 7 is safe enough and security updates are being released (as in: there are no disclosed vulnerabilities that have not been fixed). However Windows 10 has some features that Windows 7 lacks (think about SmartScreen or working with SecureBoot), still if it comes to your average trojan or ransomware, it really matters little if you use 7 or 10.
  11. Its quite simple, with every Windows (or other OS) upgrade bugs are fixed and security measures are improved. As such you can state that Windows 10 is supposed to be more secure than Windows 7. In practical terms though as long as the software you use still supports Windows 7 and as long as Microsoft still supports Windows 7, you're just as safe on Windows 7 as long as you use an adequate security product, keep your software up to date and practice safe surfing.
  12. No, unfortunately no decryption is possible for that variant.
  13. TBH, in that case I'd just wipe/reinstall the server because since encryption is not possible, it is unlikely you will be able to restore functionality (you can reinstall a number of programs, but if IE's been affected, then likely so are other Windows components. You can transfer files using a flash drive, just make sure it does not contain anything important in case the encryption process is still active. The actual executables shouldn't spread on a USB drive, meaning that content could be encrypted, but it could not be used to transfer the infection to another computer. .
  14. The scan will give you to delete or quarantine any files detected yes. If you want to be sure you can delete everything found, please feel free to post the scan log here. Based on your information decryption is not possible. Just to be sure you identified the correct variant, you can check it here: https://id-ransomware.malwarehunterteam.com/
  15. Hello, You can just run a Malware Scan with Emsisoft Anti-Malware or Emsisoft Emergency Kit, which you can download from our product website.
  16. Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  17. Strange, I would just change the action in the alert then to ignore this file.
  18. Can you tell me what Windows version you have on the computer this is detected on (and is this the same Windows version as the other laptops have)?
  19. Thank you, I suspect that Windows Defender didn't update yet. I checked and the file is no longer detected by Microsoft:
  20. Can you please attach a copy of the file or upload it to http://www.virustotal.com so I can check the hash of the file?
  21. According to the site its fixed now: https://www.microsoft.com/en-us/security/portal/submission/SubmissionHistory.aspx?SubmissionId=297169d0-2f96-4e31-b4d0-5726c6cfe62a If you still encounter detection with the latest Windows Defender definition updates, please let me know.
  22. Any chance you can check if the hash of the file (in beta version) is the same as the one I posted above? Unfortunately besides reporting this to Microsoft and hoping they'll fix it ASAP, there is very little we can do about it. Even if the file is deleted, any update should redownload the file, so as long as you disable Windows Defender or create an exclusion for the file you should be okay. FTR, Microsoft FPs can be reported here: https://www.microsoft.com/en-us/security/portal/submission/submit.aspx
  23. As a follow up, only the a2hooks64.dll file in the stable version of EAM/EIS is detected (the same file in beta is not detected). According to MS malware protection: Let's hope they will fix this ASAP.
  24. Just to clarify, this is a false positive from Windows Defender. The problem is that if this file keeps getting deleted, your computer will be at risk because without this file Emsisoft products cannot properly protect your computer. If possible I would either disable Windows Defender or create an exclusion in Windows defender for this file to avoid possible problems.
  25. Hello, Can you please check if this is still detected, I just submitted it as FP to Microsoft, they listed it as "not detected".
  • Create New...