David Biggar

Emsisoft Employee
  • Content Count

    109
  • Joined

  • Days Won

    3

David Biggar last won the day on November 7

David Biggar had the most liked content!

Community Reputation

12 Good

6 Followers

About David Biggar

  • Rank
    Forum Regular
  • Birthday 07/11/1969

Profile Information

  • Gender
    Male
  • Location
    Idaho, USA
  • Interests
    Cleaning computers, gaming, rock hunting, helping people with computer issues, and teaching those who sincerely want to learn.

Recent Profile Visitors

8454 profile views
  1. Yes, it will attempt to reconnect at its next scheduled update usually. Thank you for letting me know it's working!
  2. Hello DuroTech We've just updated Emsisoft Mobile Security, and in some cases it is detaching from the subscription in the process. This should fix it: Open Emsisoft Mobile Security. Tap the pyramid of three dots in the bottom right corner. Tap your device's Google account name at the top of the menu. Tap logout. Wait 10 seconds. Tap login. Is it working again? If yes, there should be nothing else to do. If not, please let us know.
  3. Hello Aggy, I've sent you a private message with a possible solution. Let me know if you have questions!
  4. Hello Mark, 2FA can be done in more than one way - email for example, which you should be able to access from another device. In a situation where you'd need to wipe the phone, the carrier responsible for your phone number usually will issue a new SIM card and deactivate the old one so you can also receive text 2FA messages as needed. Extra hurdles involved, but that's the nature of the extra security brought by 2FA in the first place.
  5. Quite alright, and I'm glad you found the culprit. If you have any other active antivirus software on these computers, I would start there where conflict is concerned. You're also welcome to email as I'd mentioned before, so we can gather logs to see if there's something we recognise that can conflict.
  6. Isn't LabTech an automation / MSP / RMM software? It may be configured to install Emsisoft Anti-Malware if it is not detected at computer boot time. I'd check to see if perhaps it has been enabled in LabTech settings, as that would definitely explain it. The only instances of Emsisoft Anti-Malware being installed in the manner you're referring to that I'm aware of are all due to MSP type software. If that's not it, we should probably switch to email so we can gather some endpoint logs and see where it might be coming from, with a bit of research.
  7. Hello MartinB, All active antivirus can potentially fight with other active antivirus, and Emsisoft Anti-Malware is no exception. Often it will run alongside others with no trouble, but sometimes it cannot. Again though, that applies to all active antivirus products. Do you have software such as Repairtech's Syncro or Kabuto on any of these computers? Those are MSP (managed service provider) programs that can and often are configured to install and maintain software such as ours. Those two in specific are often used for Emsisoft Anti-Malware installation and maintenance. If for example you'd signed up for remote management service, that could have come as part of the package. Without knowing more of the situation, I can only make guesses such as that one. Emsisoft Anti-Malware has never to my knowledge been 'maliciously' installed. I'm not sure what the point would be, since it is designed to be cleanly uninstalled, has a free trial, and is designed to fight malware rather than be malware. If it keeps reinstalling itself though, that is a hallmark of MSP software activity. If you'd like, email me at [email protected], and I can help you dig a bit without risking sensitive information from any of the computers is posted on the public forum.
  8. It's our pleasure, Mark. Have a great weekend!
  9. Thank you, Mark. That's good to hear! I've read your support email thread, and it's being taken care of. We'll contact you there, since any sort of transaction details or keys would not be able to be shared via the forums anyway. Have a great day!
  10. Mark, No need to mail in again. We can take care of you there. Thank you for letting me know!
  11. Hello Mark, You're right, that doesn't seem right to me, either. Would you email us at [email protected]isoft.com please, from the email address you use to log into MyEmsisoft? It is far easier for me to verify ownership and track down information to rectify the situation that way, and also faster for me to respond.
  12. Hello SteelWheel, I've sent you a private message with a possible solution. Let me know if you have questions!
  13. Hi there,

     

    I got hit from [email protected]

    I downloaded an unknown setup 2 days ago

    and encrypted yesterday 

     

    my all files got encrypted to .kvag

    there is now 3 questions worries me

    I was saving every signal site data i registered  in one note files  and word files

    and my bank account and password to my bank interment service

    what should i do about that

    are they going to check such files? and what should i do?

     

    To reconfirm 

    is there any way to decipher my files or recover some of it?

    unfortunately i don't have any backup anywhere

     

    and I couldn't get spyhunter so i cleaned with  malewarebytes, norton, hitman and girdein soft

    is that enough or i still need to do more?

     

    I attached the note they put and one encrypted file

    and I don't know if that would be useful in anyway

     I cleaned the hosts file

    those are the links I found in it

    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 htagzdownload.pw
    127.0.0.1 360devtraking.website
    127.0.0.1 room1.360dev.info
    127.0.0.1 djapp.info
    127.0.0.1 sharefolder.online
    127.0.0.1 telechargini.com
    127.0.0.1 fffffk.xyz
    127.0.0.1 smarttrackk.xyz

     

    thank you and waiting for your reply

  14. Thanks for confirming. If there's anything more our ransomware experts can provide or need in your situation, they'll post here. Good luck!
  15. The link isn't given. What we mean is the website address after you upload the files, and the site shows you what the ransomware appears to be. For instance: https://id-ransomware.malwarehunterteam.com/identify.php?case=0efc985e110efcb8d22bc0d8fbaf066cfd968ede That's what I get when I recreate the ransom note from your post and upload it. You may get something different, but I suspect that Maoloa is correct, and I see Amigo-A agrees.