Aura

Malware Hunter
  • Content Count

    599
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by Aura

  1. Not really important. My native language is French, but I use every OS, program, etc. in English. Way easier to understand, troubleshoot, research, etc.
  2. Hi Sam Would you happen to have an encrypted file, and the original file (not encrypted)? If not, we'll try something.
  3. You do not, but it can be seen as such. In that case, you can go with Malwarebytes. If you only want a second opinion scanner, the free version is all you need. Malwarebytes Anti-Malware (MBAM) only offers malware and web protection. Malwarebytes 3.0 offers malware, web, exploit and ransomware protection. You could see the BB module (Behavior Blocker) as being kind of an Anti-Exploit. That's right. Let's see that I run an outdated game launcher for League of Legends. I really doubt that there are significant "in the wild" EKs abusing an older version of the game launcher for an exploit/security bug that have been patched in the newest launcher. Usually, web browsers, plugins, multimedia players, Office, etc. programs (and your OS obviously) are the ones you want to always keep updated as they are the most commonly targetted by EKs.
  4. I would stay away from IObit products, and I would also stay away from "System Optimization" suites. These aren't needed at all on your system and if anything, can mess it up in the long run. I've never heard of that website for security products reviews, so I would take what is posted there in a grain of salt. Personally, I don't know how to answer you, since I don't see myself giving recommendations about other products on the forum of a "competing" product. The protection is added only if you update the outdated software it reports. So if you know to keep your Adobe Flash Player, Adobe Reader, Java, VLC, Windows, etc. up to date, there's no need for Heimdal (unless you want it to automate everything). The "protection" you're referring to is to not run outdated software that can be exploited (via EK for instance).
  5. Emsisoft Anti-Malware is an Antivirus, so no, you shouldn't have two Antivirus installed on a system at once. It's one or the other. Also, why would you want to use Bitdefender with Emsisoft Anti-Malware, when Emsisoft's includes Bitdefender engine and their own (more powerful that way).
  6. My computer froze (couldn't do anything at all, only the mouse was responding/moving) directly after installing EIS v12 Beta and getting past the initial scan. Otherwise, it seems to be running fine. I might be throwing Malwarebytes Anti-Ransomware Beta tonight in the mix to see what happens though.
  7. It's actually possible to have infected media file (such as pictures). In the case of pictures, it's done via what we call "stenography" and the malicious code can leverage a known vulnerability in the application used to handle that picture file, and from there, execute malicious code that can lead to infection. What told you exactly that the picture transferred you to an unknown site which tried to download suspicious files? And like I said, I don't think it's possible since unless the leverage an exploit on Twitter, Facebook, etc. and these have yet to be found (in the context you're referring to). Taking screenshots of a picture (using a screenshot software like ShareX or the Print Screen button) is safe to me since no code gets executed, except the one of your screenshot software. Like I said before, I've never heard of a such case, so I'll wait for an actual employee in the Malware Research team to answer that one.
  8. Hi Adam I've never heard of any of the infection methods you're mentionning in your post. At most, the biggest danger of browsing YouTube, Facebook, etc. would be to get hit by malvertising (malicious ads), and/or willingly clicking on malicious links. Other than that, embedding malicious code in YouTube videos, Facebook pictures, etc. isn't something I've seen or heard. And yes, Emsisoft Internet Security will block redirections to malicious websites/links if these are flagged by Emsisoft. If they aren't and somehow the payload manage to get downloaded and executed on your system, it'll most likely trigger Emsisoft's Behavior Blocker and from there you'll be able to block the execution. I'm sure an employee will be able to give you more details about the process above, but that pretty much sums it up
  9. I fail to see why you would post this on Emsisoft Forums since it doesn't seems related with Emsisoft products at all to be honest.
  10. Same. No more pop-up on reboot after update to 11.9.0.6513. Thanks!
  11. 0.0.0.0 can be used in various different ways, it just depends on where it is used. 0.0.0.0 in your hosts file isn't the same as my "ip route 0.0.0.0 0.0.0.0 s/0/0/0" on a Cisco router. Here's the answer you're looking for. http://www.howtogeek.com/225487/what-is-the-difference-between-127.0.0.1-and-0.0.0.0/
  12. What Peter said is right. You're installing two Antivirus programs on one system, which you should never do since it can create system instability and conflict. Source: https://www.emsisoft.com/en/software/antimalware/ And this article in Emsisoft's KB confirms it. Are Emsisoft products fully compatible with other security products?
  13. Having the same issue as well. For SkypeHost.exe, HexChat.exe, etc. Basically, every time I start my computer and launch the program, Emsisoft asks me what I want to do. I click "Allow all connections", for the process and then it goes away. However, it comeback after a reboot, as if it didn't save the settings. I'll grab debug logs tonight and post them here.
  14. Pretty sure you could have enabled the Windows Firewall during that time, which is also a good firewall.
  15. This is what I would do. These applications are just bloating your system down, and can be annoying at time, and now they are even a security issue. The best way to proceed is to grab the drivers directly from the computer/laptop manufacturer's website. If you cannot find it, then you go on that hardware's manufacturer website and if you still can't find, you rely on Windows Update for WHQL drivers.
  16. It happened back then in another Ransomware thread on BleepingComputer. Someone had copy/pasted the JS code used by a Ransomware, and avast! was flagging the page as malicious and blocking access to it. Disabling the Web Protection module stopped that behavior, so it's as Fabian said:
  17. It looks to me like this detection was triggered because of some malicious code posted in the Cerber Ransomware thread. Nothing unsual, nor new. Many Antivirus products will give a warning when they detect malicious JavaScript (for instance) on a webpage, even if that code is copy/pasted and not actually used on the page. Did you get that warning when browsing the Ransomware section, or were you in the Cerber Ransomware thread directly?
  18. ReimagePlus is considered as a PUP/Adware by many security companies. Personally, I consider it as a PUP/useless PC Booster kind of program. "PC Booster/Tune Up" programs are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples: Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (built-in); Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry Editor (built-in); Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware; Registry Cleaner/Defragger: Completely useless and also dangerous; Disk Defragging: Disk Defrag (built-in), O&O Disk Defrag (installed), Defraggler (installed); Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller and GeekUninstaller are two good alternatives; "Enhanced" Task Manager: ProcExp from Sysinternals Suite (standalone executable), Process Hacker (portable or installed); "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such; Repair bad sectors on a hard drive: Simple chkdsk /r command under Windows (built-in); Having such program installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it. Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless: How to Optimize and Tune-Up Your PC Without Paying an Eletronics Store - HowToGeek 10 Types of System Tools and Optimization Programs You Don't Need on Windows - HowToGeek PC Cleaning Apps are a Scam: Here's Why (and How to Speed Up Your PC) - HowToGeek
  19. As of right now, 48.5 MB for the Emsisoft Protection Service, 0.6 MB for the Real-Time Protection, 1.2 MB for the Security Center and that's it.
  20. The question and situation is way too common (and insignificant). It could be anything. There's no way to answer this with a definitive answer so I'll just tell you this: it looks normal to me. Simple as that.
  21. Personally, if I could only pick one, I would go with Malwarebytes. But I know that the folks at HitmanPro are doing a great job as well. I don't have many experience with Zemana, so I can't say.
  22. I think this procedure is outdated and doesn't apply anymore. I've reinstalled Emsisoft Internet Security many, many times when VirtualBox was already installed, and not once did I get a BSOD. So I would try to install EIS, and if you get a BSOD, then try to follow the instructions in this guide. However, I doubt these are necessary now.
  23. Are you adding the "block" rule for the program when the process is running? Or do you kill the process, add the rule and then try to launch it again (and it works)?
  24. Do you ever shutdown your computer, or do you always put your system in hibernation, and wake up from it?