Malware Hunter
  • Content Count

  • Joined

  • Last visited

  • Days Won


Posts posted by Aura

  1. Salut Claude :)

    Malheureusement, il semblerait qu'il n'y ai aucun moyen de déchiffrer les fichiers chiffrés par cette version du Rancongiciel Dharma (.cesar).

    La seule chose que tu peux faire en ce moment, c'est de sauvegarder tout les fichiers affectés dans un lieu sûr, et espérer qu'un jour, une solution de déchiffrement gratuite pour cette version de Dharma soit découverte et publiée.

  2. Quote

    I Never compared or Considered MBAM as competive with EIS, the latter is very special in my view

    You do not, but it can be seen as such.


    I want a second opinion scanner not a malware scanner. No scanner found better than EIS. What other scanners detected were nearly all false positives.

    In that case, you can go with Malwarebytes. If you only want a second opinion scanner, the free version is all you need.


    MBAM = Antimalware & Anti-expliot Protection

    Malwarebytes Anti-Malware (MBAM) only offers malware and web protection.

    Malwarebytes 3.0 offers malware, web, exploit and ransomware protection.


    Does EIS have Expliot Protection?

    You could see the BB module (Behavior Blocker) as being kind of an Anti-Exploit.


    Do you mean not all un-updated software pose expliots?

    That's right. Let's see that I run an outdated game launcher for League of Legends. I really doubt that there are significant "in the wild" EKs abusing an older version of the game launcher for an exploit/security bug that have been patched in the newest launcher.

    Usually, web browsers, plugins, multimedia players, Office, etc. programs (and your OS obviously) are the ones you want to always keep updated as they are the most commonly targetted by EKs.

  3. Quote

    = System vulnerability patching tool [Heimdal Free or IObit ASCU]

    = System optimization suite [IObit ASCU or Glarysoft Utilities Pro 5 +]

    I would stay away from IObit products, and I would also stay away from "System Optimization" suites. These aren't needed at all on your system and if anything, can mess it up in the long run.


    Addition 1

    I saw these features in this review

    Anti-Spyware/Adware & Vulnerability Protection

    Where are they evident in the software settings?

    I've never heard of that website for security products reviews, so I would take what is posted there in a grain of salt.


    Addition 3

    Does MBAM 3.0.6 add more security than other stuff [ RansomFree or KS Antiransomware Tool or VoodooSheild]

    Personally, I don't know how to answer you, since I don't see myself giving recommendations about other products on the forum of a "competing" product.


    Does Heimdal Free really add to protection to the system with its patching? I need no malware scanner

    The protection is added only if you update the outdated software it reports. So if you know to keep your Adobe Flash Player, Adobe Reader, Java, VLC, Windows, etc. up to date, there's no need for Heimdal (unless you want it to automate everything). The "protection" you're referring to is to not run outdated software that can be exploited (via EK for instance).

    • Upvote 1

  4. Salut Françis! smile.png

    Personellement, je ne crois pas avoir vu de problèmes de compatibilité entre Emsisoft et Sandboxie. De plus, en 2010, Emsisoft offrait d'ailleurs une promotion incluant un rabais pour l'achat de Sandboxie, en disant que les produits marchaient bien encore.

    Même si la promotion date de 6 ans, je crois qu'ils doivent encore bien marcher main dans la main!

  5. I've read that it ispossible to contain malicious file in a picture but i wonder if it would execute when opened in twitter\facebook envoirment. Or do we have to download picture and it executes only then?

    It's actually possible to have infected media file (such as pictures). In the case of pictures, it's done via what we call "stenography" and the malicious code can leverage a known vulnerability in the application used to handle that picture file, and from there, execute malicious code that can lead to infection.

    Personally I've only encountered malicious picture in google graphics. Said picture transfered me to unknown site which tried to download suspicious files. I still wonder if it's possible that malicious picture could execute in twitter, facebook envoirment. I've heard that taking screenshoots is 100% safe method of 'downlaoding' any picture ( i know it may have impact on its quality), could you guys confirm it?

    What told you exactly that the picture transferred you to an unknown site which tried to download suspicious files? And like I said, I don't think it's possible since unless the leverage an exploit on Twitter, Facebook, etc. and these have yet to be found (in the context you're referring to). Taking screenshots of a picture (using a screenshot software like ShareX or the Print Screen button) is safe to me since no code gets executed, except the one of your screenshot software.

    If i am transfered to a unknown page I can suspect infection, but i wonder ( as previosuly said) if I'm looking for something in google graphics, and opened a picture ( not going to the page that hosts one and it does not transfer me to any page) it can infect me without any clues.

    Like I said before, I've never heard of a such case, so I'll wait for an actual employee in the Malware Research team to answer that one.

    • Upvote 1

  6. Hi Adam smile.png

    I've never heard of any of the infection methods you're mentionning in your post. At most, the biggest danger of browsing YouTube, Facebook, etc. would be to get hit by malvertising (malicious ads), and/or willingly clicking on malicious links. Other than that, embedding malicious code in YouTube videos, Facebook pictures, etc. isn't something I've seen or heard.

    And yes, Emsisoft Internet Security will block redirections to malicious websites/links if these are flagged by Emsisoft. If they aren't and somehow the payload manage to get downloaded and executed on your system, it'll most likely trigger Emsisoft's Behavior Blocker and from there you'll be able to block the execution.

    I'm sure an employee will be able to give you more details about the process above, but that pretty much sums it up smile.png

  7. What Peter said is right. You're installing two Antivirus programs on one system, which you should never do since it can create system instability and conflict.

    Can it replace my current antivirus software?

    Yes. Emsisoft Anti-Malware is a complete antivirus solution that provides protection against all manner of threats that are lurking on the internet. Two full virus scanning engines are used to ensure optimal detection and cleaning, while the three-layered real-time protection prevents new infections from entering your PC.


    And this article in Emsisoft's KB confirms it.

    Are Emsisoft products fully compatible with other security products?

  8. Having the same issue as well. For SkypeHost.exe, HexChat.exe, etc. Basically, every time I start my computer and launch the program, Emsisoft asks me what I want to do. I click "Allow all connections", for the process and then it goes away. However, it comeback after a reboot, as if it didn't save the settings. I'll grab debug logs tonight and post them here.

  9. Je crois savoir d'où vient une partie du problème. Il semble qu'Emsisoft Anti-Malware soit installé sur l'ordinateur, mais il n'apparaît pas dans la liste des programmes ni installé, et ne semble pas être inscrit dans l'Action Center non plus. De plus, avast! Antivirus est installé. On ne devrait jamais installer plus d'un Antivirus à la fois sur un système, car cela peut nuire à l'instabilité de celui-ci car les produits peuvent entrer en conflit. Dans ce cas-ci, je te suggère de désinstallé Emsisoft Anti-Malware et d'utiliser emsiclean.exe pour nettoyer l'installation au complet. Après ça, si tu veux réinstaller Emsisoft Anti-Malware, il faudrait que tu désinstalle avast! Antivirus pour éviter tout conflit.

    ntuser est un fichier qui contient la "ruche" du Registre pour l'utilisateur du profil dans lequel il se trouve. Ce fichier est légitime et ne devrait pas être supprimé. En ce moment, tu le vois car tu as cocher l'option de voir les fichiers cachés, et de voir les fichiers systèmes dans tes options de dossiers.