Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by RSKK

  1. Thanks, I will search the registry for a2guard.exe for each user and remove it.
  2. Greetings, I have Emsisoft Server Edition installed on a Windows 2012 Standard Edition with RDS for their POS software. I cannot find which entries in the registry to edit ("clear" ) to stop having Emsisoft show for the sessions. I don't mind for Administration accounts, but users have the notification on restarts. I could remove GPO, login to each user, set the notification settings in the software and reapply - but easier if I knew which entry to delete and where - per user a2start.exe or a2guard.exe? Thanks Chris
  3. Will gather more details on next victim; most have the HELP_DECRYPT files; hopefully I can gather more details on next one.
  4. Thanks Elise. I am not sure what the payload file is, they usually have ran Emsisoft after the damage is done and clean it before I get to them. If it came from an email attachment, does the software scan the attachment as it sits in their Outlook and display a message?
  5. Good day, We as a company have sold the Emsisoft EAM to many of our customers. As you know, customers for the most part are difficult to teach about the importance of computer security - they assume so much.They often shrug off anything you tell them. Recently, an increasing amount of our customers have been infected with CryptoWall 3.0. I've been assuming they get this via email attachments - but do see some recent fact on website ad-servers pushing down. This brings me to the question: How does EAM (or in our cases), Why is EAM not detecting and stopping the executable/batch/cmd/or script before it causes damage? Is there any plans of EAM scanning email'? Most of our clients are still traditional email servers that have little to no filtering that catches virus/malware before delivery. Thanks
  • Create New...