Jump to content


Emsisoft Employee
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Elise

  1. Thank you, I've added the URL to our surf protection database. I also deactivated your link. To avoid accidental clicks better use hxxp or put it in a code box.
  2. Ont thing to keep in mind is also when exactly you're redirected to such scam pages and to avoid the sources at all. web addresses and content change constantly so I'm not sure that blocking this content via your adblocker will make much of a difference.
  3. Hello, Thank you for reporting this issue. This is not a new scam, the good news is that nothing is actually installed on your computer, the not-so-good news that this type of scam uses a large number of different URLs, making it hard to block. The initial redirect link is already down apparently, could you please copy/paste the actual link from the address bar of the scam page?
  4. Hello, Emsisoft does not have a password manager, but there are some excellent products you can use, for example LastPass, which has a good free version, is easy to use and secure.
  5. Hello, Where exactly did you find contact details for Outlook support? There are a lot of scams out there that pretend to be from trusted companies and in fact only try to get money from you. An Outlook problem does not mean you have malware, it can have a lot of other causes as well.
  6. The article you linked to is very old. regarding FinFisher and Emsisoft, see this blog article.
  7. This topic has been unlocked as requested by the original poster. Please update this topic with your reply to the last instructions ASAP.
  8. Thank you, we are aware of this resource and check their samples on a regular basis.
  9. Hello, you can do this by clicking on the Statistics tab of the submitted item. You see your own vote there, hover with the mouse under your username you see in the list and the option "undo vote" will appear. Clicking this will remove your vote.
  10. Unless you run Windows 10 Anniversary Update, this shouldn't be a problem, but as Aura pointed out, it really isn't necessary when it comes to protecting your system.
  11. Thank you for your suggestion. In my opinion the whole idea of a second engine is to offer better protection. I don't think that just offering yet another engine does anything to improve security. We give priority to our own behavior blocking technology because this is more effective against new malware than adding an extra detection database.
  12. No, sorry, I haven't tried any so I cannot give you any recommendations there.
  13. I'm not aware of any unfortunately, I'd just use a browser add-on.
  14. No, that is extremely unlikely, especially on well-known websites. Sure, users can distribute malicious content (think about links or attachments), but for embedded malware in a picture to become active you need to do more than view it on Facebook. No, this is typically malvertising, but keep in mind that there are various tactics to make a very smart looking video overlay that makes it all to easy to trick a viewer to click on it. Keyword here is "don't open it". If it is not opened, it cannot infect you. Yes, you can use that. Technically speaking you don't need it though. In case there is any interference from Emsisoft products, you can just set an exclusion for Sandboxie.
  15. Typically, sites like facebook, twitter and youtube do a lot to make sure undesirable/malicious content is removed. However it is always possible that a user with nefarious intentions can create an account and upload something malicious before they are caught and this malicious content is removed. Usually there is a very short time window before removal, but it is possible. However, if for example you open a picture with embedded code and this code is executed, Emsisoft products will catch this malicious activity.
  16. Hello Paul, Can you please follow the steps here and post the requested logs?
  17. It completely depends on the variant. Some ransomware variants have vulnerabilities that are used to retrieve decryption keys, however for you that doesn't appear to be the case unfortunately. I'm very sorry.
  18. You're most welcome! At Emsisoft we provide malware help for free for everybody, if you'd like to make a donation please consider a local charity. You could also consider purchasing Emsisoft Anti-Malware as it would have prevented this infection from installing on the computer in the first place, for more information, see this blog post. Since this issue appears to be resolved, I will close this topic. If you need it reopened, please send me a Personal Message.
  19. You're most welcome. As this issue appears to be resolved, I will lock this topic. If you need it reopened, please send me a Personal Message.
  20. You're most welcome! You can delete the tools we used as well as the created logs. I strongly recommend you to keep all your software (both Windows and third-party) up to date. As this topic has been resolved, I will lock it now. If you need it reopened, please send me a Personal Message.
  21. It looks like that was only a folder though. Please be sure to restart your computer, then use your browser for a bit. Let me know if you still have the problem with the search provider pop up.
  22. If it is decrypting and the original files are restored, then leave it run, it means you're lucky. However, as soon as the decryption process is done, please let me know because there is active malware on the computer as well that could start to encrypt file anew.
  23. Just to make sure everything is gone, let's run AdwCleaner. Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply. NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
  24. Hello, Unfortunately it looks like this ransomware variant cannot be decrypted. I can still help you cleaning up the computer so all active malware is removed, however this will not do anything to recover the files.
  • Create New...