David Biggar

Emsisoft Employee
  • Content Count

    101
  • Joined

  • Days Won

    2

David Biggar last won the day on May 15 2018

David Biggar had the most liked content!

Community Reputation

11 Good

6 Followers

About David Biggar

  • Rank
    Forum Regular
  • Birthday 07/11/1969

Profile Information

  • Gender
    Male
  • Location
    Idaho, USA
  • Interests
    Cleaning computers, gaming, rock hunting, helping people with computer issues, and teaching those who sincerely want to learn.

Recent Profile Visitors

8226 profile views
  1. Thank you, Mark. That's good to hear! I've read your support email thread, and it's being taken care of. We'll contact you there, since any sort of transaction details or keys would not be able to be shared via the forums anyway. Have a great day!
  2. Mark, No need to mail in again. We can take care of you there. Thank you for letting me know!
  3. Hello Mark, You're right, that doesn't seem right to me, either. Would you email us at [email protected] please, from the email address you use to log into MyEmsisoft? It is far easier for me to verify ownership and track down information to rectify the situation that way, and also faster for me to respond.
  4. Hello SteelWheel, I've sent you a private message with a possible solution. Let me know if you have questions!
  5. Hi there,

     

    I got hit from [email protected]

    I downloaded an unknown setup 2 days ago

    and encrypted yesterday 

     

    my all files got encrypted to .kvag

    there is now 3 questions worries me

    I was saving every signal site data i registered  in one note files  and word files

    and my bank account and password to my bank interment service

    what should i do about that

    are they going to check such files? and what should i do?

     

    To reconfirm 

    is there any way to decipher my files or recover some of it?

    unfortunately i don't have any backup anywhere

     

    and I couldn't get spyhunter so i cleaned with  malewarebytes, norton, hitman and girdein soft

    is that enough or i still need to do more?

     

    I attached the note they put and one encrypted file

    and I don't know if that would be useful in anyway

     I cleaned the hosts file

    those are the links I found in it

    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 htagzdownload.pw
    127.0.0.1 360devtraking.website
    127.0.0.1 room1.360dev.info
    127.0.0.1 djapp.info
    127.0.0.1 sharefolder.online
    127.0.0.1 telechargini.com
    127.0.0.1 fffffk.xyz
    127.0.0.1 smarttrackk.xyz

     

    thank you and waiting for your reply

  6. Thanks for confirming. If there's anything more our ransomware experts can provide or need in your situation, they'll post here. Good luck!
  7. The link isn't given. What we mean is the website address after you upload the files, and the site shows you what the ransomware appears to be. For instance: https://id-ransomware.malwarehunterteam.com/identify.php?case=0efc985e110efcb8d22bc0d8fbaf066cfd968ede That's what I get when I recreate the ransom note from your post and upload it. You may get something different, but I suspect that Maoloa is correct, and I see Amigo-A agrees.
  8. Please follow Stapp's request to upload a ransom note and an encrypted file to ID Ransomware, and show us the web address of the results. Otherwise, let's wait for one of our ransomware experts to weigh in, but I think this is probably Maoloa. Does the machine you were analyzing have PC Anywhere installed? That's what awhost32.exe could be from. I also see TeamViewer and PC Hunter etc. loaded at around the same time. Which if any of those programs are intentionally on the computer, and especially, configured to load on startup or user login? Process Hacker is a handy and optionally portable task manager replacement. Had you or any other users of the system used Process Hacker in the past? If you happen to still have ares666.exe, please keep it handy, but don't upload it unless requested by an Emsisoft employee or forum moderator.
  9. help my my files are encript

    extension is .neras

     

    Amber -02.docx.neras

  10. Hi Michael, We have a new page that better describes how to insert the Emsisoft Mobile Security activation code. Click here. Please don't forget Sebastian's request, so he can help with any separation of the license that might be necessary.
  11. Hello Jonathan. It looks like a translation file didn't update itself properly, and the restart reloaded it. Thank you for following up!
  12. Any time, and thank you for purchasing. If needed, you can reach out for support-related issues to us here, and of course via [email protected] Have a great weekend!
  13. Hello Cube! To migrate settings from a current Emsisoft Enterprise Console server to a new server, these steps should do the job: Disconnect all clients from current Emsisoft Enterprise Console server and then shut down Emsisoft Enterprise Console on the current server Install Emsisoft Enterprise Console on new server Close Emsisoft Enterprise Console on the new server, then stop the Emsisoft Enterprise Console services on new server named Emsisoft Enterprise Console Server Service and Emsisoft Enterprise Console Update Proxy Service. You can do this from the task manager's services list on some machines, or from the services list 'services.msc' on others Copy the following folder in its entirety from the current server to the new server: C:\ProgramData\Emsisoft Enterprise Console\Db\ Start Emsisoft Enterprise Console service on the new server, and the computer list(s) and such should be visible Reconnect all managed Emsisoft Anti-Malware computers via deployment or light packages as normal Let us know here or via email to [email protected] if you have trouble.
  14. My pleasure, Scott. No issues I'm aware of, no. As long as the encryption driver is doing its job before attempting to scan, that is. Let us know if you have trouble and we'll try to help.
  15. You're welcome Scott, Yes, wildcards can be used. You'll need to be sure the pattern is proper though. In your example of *.*\blahblah.exe, that would only match folders that have a dot in the name. Otherwise you'd use something like C:\*\blahblah.exe for example, or C:\*\*.blah where 'blah' is the extension you want to whitelist.