Sarah W

Emsisoft Employee
  • Content Count

    226
  • Joined

  • Last visited

  • Days Won

    10

Sarah W last won the day on May 12 2017

Sarah W had the most liked content!

Community Reputation

26 Excellent

5 Followers

About Sarah W

  • Rank
    Forum Regular

Profile Information

  • Gender
    Female

Recent Profile Visitors

7011 profile views
  1. Hi Fabio Sajoratto, Another thing to note is that the criminals hack in via RDP which has weak passwords, so if you can disable RDP then please do so otherwise change the passwords to something more secure. Also, please install all critical windows updates. Regards, Sarah
  2. Hi Josh, Can you upload your ransom note (or if it's a message box, upload a screenshot of it) and an encrypted file? Can you also upload the file which 360 total security alerted on, and submit the website link you clicked on to virustotal (change to url and paste the website address in there) and then paste a results URL. Regards, Sarah
  3. Hi len4bfs, Unfortunately, crypt0l0cker is not decryptable for free. Some users have had luck with paying Dr Web to assist them with file decryption. Here is the updated policy from Dr.Web (11/25/15): Free file decryption assistance only for PCs protected by Dr.Web at the moment of infection. How to submit a request to Doctor Web's support service Submit a request Let us know if you have any success. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah
  4. Hi Howard, When you say it stops responding and closes, are you trying to interact with it before that? What stage is it at when it closes (a screenshot would be useful)? Regards, Sarah
  5. Hi Howard, Can you attach 01.07.2017_09.52.33.zip to your next reply? Are you able to run the Amnesia2 decrypter now? Regards, Sarah
  6. Hi Howard, Sorry, I forgot users could not download from this forum. Click Start. Choose All Programs -> Accessories -> Notepad. Notepad opens. Copy the context below and paste into Notepad: Zip: C:\WINDOWS\WinDebug_32.exe 2017-06-23 06:34 - 2017-06-23 06:34 - 00023915 ____N C:\WINDOWS\WinDebug_32.exe IFEO\Magnify.exe: [Debugger] cmd.exe IFEO\sethc.exe: [Debugger] cmd.exe Choose File -> Save from the menu bar (Ctrl + S). The Save As dialog box appears. Save your file to the downloads folder. Name your document as fixlist. In the Save as type drop-down box, be sure your document is saved as a text document. Click Save. Then continue with the FRST instructions above. Regards, Sarah
  7. Hi Howard, First of all, please download this security patch as currently your system is vulnerable to pretty much anyone accessing it. You still need to reboot after doing so. If possible, I would disconnect from the internet whilst doing so. Once done continue with the steps below: We need to run a fix with FRST: Please download the attached fixlist.txt file and save it to the same location as FRST Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system fixlist.txt Run FRST.exe/FRST64.exe and press the Fix button just once and wait If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply You will also need to attach a zipped file with the format Date_Time.zip which FRST created on the desktop to your next reply. Regards, Sarah
  8. Hi JT, Please share some encrypted files, the ransom note (if there is one) and the malware file, if you have it. Regards, Sarah
  9. Hi COnsu1, Currently, Shade ransomware is not decryptable. You can either backup your files and wait for a solution, or pay the criminals (we do not recommend this) currently. A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. We currently have an offer on with free backup software. Regards, Sarah
  10. Hi rajipillai, We released a new decrypter for the updated version here. Regards, Sarah
  11. Hi LeonardCaldwell, You're dealing with Cry36, you can see more of the discussion about it here. I suggest making sure RDP is secure and no weak passwords are being used, and also making sure all critical windows updates are installed. Regards, Sarah W
  12. We just released a new decrypter for this variant, you can find it here. Please make sure to secure RDP, install all Windows updates and make backups of files (disconnected from the system, hopefully). If you appreciate the work we do and need a security solution that can protect against ransomware; we have our own security software Emsisoft Anti-Malware. Regards, Sarah W
  13. Hi Monkish, Unfortunately, a file pair cannot provide the information we need to look into whether we can help. We will see what we can do though, however, I am not sure if we can help currently. Regards, Sarah
  14. Hi RodneyHamp, Sorry we couldn't provide better news, hopefully, one day this will be decryptable. Regards, Sarah
  15. Hi junaid12, Glad we could help A good backup procedure is very important and well worth the investment, especially make sure not to keep the backup attached to the system unless you are backing up (it is best to have two different backups). As a note, Emsisoft Anti-Malware would have prevented your system from being compromised and encrypted in the first place. So if you appreciate our support, why not do yourself and your files a favour and check our product out, and consider buying it. Regards, Sarah