David Biggar

Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


David Biggar last won the day on May 15 2018

David Biggar had the most liked content!

Community Reputation

11 Good


About David Biggar

  • Rank
    Active Member
  • Birthday 07/11/1969

Profile Information

  • Gender
  • Location
    Idaho, USA
  • Interests
    Cleaning computers, gaming, rock hunting, helping people with computer issues, and teaching those who sincerely want to learn.

Recent Profile Visitors

8002 profile views
  1. Thanks for confirming. If there's anything more our ransomware experts can provide or need in your situation, they'll post here. Good luck!
  2. The link isn't given. What we mean is the website address after you upload the files, and the site shows you what the ransomware appears to be. For instance: https://id-ransomware.malwarehunterteam.com/identify.php?case=0efc985e110efcb8d22bc0d8fbaf066cfd968ede That's what I get when I recreate the ransom note from your post and upload it. You may get something different, but I suspect that Maoloa is correct, and I see Amigo-A agrees.
  3. Please follow Stapp's request to upload a ransom note and an encrypted file to ID Ransomware, and show us the web address of the results. Otherwise, let's wait for one of our ransomware experts to weigh in, but I think this is probably Maoloa. Does the machine you were analyzing have PC Anywhere installed? That's what awhost32.exe could be from. I also see TeamViewer and PC Hunter etc. loaded at around the same time. Which if any of those programs are intentionally on the computer, and especially, configured to load on startup or user login? Process Hacker is a handy and optionally portable task manager replacement. Had you or any other users of the system used Process Hacker in the past? If you happen to still have ares666.exe, please keep it handy, but don't upload it unless requested by an Emsisoft employee or forum moderator.
  4. help my my files are encript

    extension is .neras


    Amber -02.docx.neras

  5. Hi Michael, We have a new page that better describes how to insert the Emsisoft Mobile Security activation code. Click here. Please don't forget Sebastian's request, so he can help with any separation of the license that might be necessary.
  6. Hello Jonathan. It looks like a translation file didn't update itself properly, and the restart reloaded it. Thank you for following up!
  7. Any time, and thank you for purchasing. If needed, you can reach out for support-related issues to us here, and of course via [email protected] Have a great weekend!
  8. Hello Cube! To migrate settings from a current Emsisoft Enterprise Console server to a new server, these steps should do the job: Disconnect all clients from current Emsisoft Enterprise Console server and then shut down Emsisoft Enterprise Console on the current server Install Emsisoft Enterprise Console on new server Close Emsisoft Enterprise Console on the new server, then stop the Emsisoft Enterprise Console services on new server named Emsisoft Enterprise Console Server Service and Emsisoft Enterprise Console Update Proxy Service. You can do this from the task manager's services list on some machines, or from the services list 'services.msc' on others Copy the following folder in its entirety from the current server to the new server: C:\ProgramData\Emsisoft Enterprise Console\Db\ Start Emsisoft Enterprise Console service on the new server, and the computer list(s) and such should be visible Reconnect all managed Emsisoft Anti-Malware computers via deployment or light packages as normal Let us know here or via email to [email protected] if you have trouble.
  9. My pleasure, Scott. No issues I'm aware of, no. As long as the encryption driver is doing its job before attempting to scan, that is. Let us know if you have trouble and we'll try to help.
  10. You're welcome Scott, Yes, wildcards can be used. You'll need to be sure the pattern is proper though. In your example of *.*\blahblah.exe, that would only match folders that have a dot in the name. Otherwise you'd use something like C:\*\blahblah.exe for example, or C:\*\*.blah where 'blah' is the extension you want to whitelist.
  11. Hello Scott! When you enter filenames in the whitelist text file, are you adding just the filename, or the full path to the file? The latter is needed. Folder names should have a trailing backslash ( \ ), and it seems like you're probably already doing that if they're working. If that doesn't get it going for you, please show me a 3-4 line snippet, obfuscated, of the whitelist file you're trying to use so we can take a look.
  12. Handling this via email, will post back with results, here.
  13. Yes, that should be correct. I've only had feedback from a few people saying the issue is fixed, and we've ceased being able to recreate it ourselves. I haven't had feedback yet saying that it doesn't work, but I'd like more "it works" feedback, for sure.
  14. Hi neneduty, we actually appear to have fixed it in the latest update, 2018.5.0.8686. Libor got back to me that the beta worked - shortly after that we released it in the stable feed. Feel free to run them both, and please let us know if you run into trouble with it!
  15. There is a fix that is working in our testing. It has now been released into beta. For those who wish to try it, here are instructions: After booting, install or re-activate Emsisoft Anti-Malware as needed depending on your machine's current state. Do not reboot again until step 5 or it will almost certainly hang. Click Settings in the top row, Updates in the second row. Change the drop-down menu from Stable update feed to Beta update feed. Press the Update now button. The update must complete. Afterward, verify the version by opening Emsisoft Anti-Malware and clicking the "EMSISOFT" logo in the upper left. It should be 2018.5.0.8668. Reboot the computer when it's finished updating to test, only if the version number is verified to match the Beta version listed above. Please switch back to the stable version when the fix is released stable, even if the beta works. Beta releases are just that, beta, and may be unstable in some cases. You may learn more about when releases come out, here: https://blog.emsisoft.com/en/category/emsisoft-news/ (See the column on the right side of the page). Note that the stable release with Comodo fixes should be mentioned as usual in the updates blog, when it is ready. Here is the beta release note: https://blog.emsisoft.com/en/31323/emsisoft-anti-malware-2018-5-beta/ I would appreciate feedback about whether it works for you or not, either here or via email to [email protected] Thanks!