Jump to content

Sergey Korzukhin

KL Russia
  • Content Count

    358
  • Joined

  • Last visited

Everything posted by Sergey Korzukhin

  1. Poss Support Hello, Kaspersky Anti-Ransomware Tool for Business 4.0 is not a decryption utility, it's a protection tool. Once your files are encrypted, it's hardly possible to decrypt them.
  2. Hello tembo441 Please try to clean up possible leftovers using kavremover and reboot, then reinstall. If the problem will not be solved, please collect GSI report and attach it to this topic. Thank you!
  3. kathmandu64 Please disable KART's traces: open Settings-> uncheck "Enable tracing" checkbox. Then open "logs" folder and simply delete all files inside using Windows Explorer. Please notice that you are still using beta-version and it is strongly recommended to uninstall in an install release version of the product.
  4. Вижу, что у вас не последняя версия KART. Попробуйте обновить до версии 2. Потребуется переустановка, брать отсюда: https://go.kaspersky.com/Anti-ransomware-tool.html Для скачивания нужно заполнить форму.
  5. Hello, do you have any other AV solution installed on your server?
  6. I guess you can ask sales managers about this. Here is technical forum, this part is dedicated to https://go.kaspersky.com/Anti-ransomware-tool.html
  7. Hello, KART's functionality is fully included both in KIS 2018 and Kaspersky Security Cloud.
  8. Hello, previous attempts didn't helped to locate the root cause of the bug. Please enable traces in KART's settings, restart, reproduce the problem and send us: 1) files from "C:\Users\All Users\Kaspersky Lab\AntiRansom\logs\" (PM, or attach files here, or use any public source), 2) files from "C:\Users\All Users\Kaspersky Lab\AntiRansom\protected\data" foler. 3) GSI report Hope this will help to locate the error. Thank you!
  9. Once your server was infected with arena ransomware it is impossible to recover data as soon as arena uses strong encryption. Please change your passwords and disable RDP if it was enabled to prevent future infection/
  10. Hello, You can try existing dharma decryptor, http://media.kaspersky.com/utilities/VirusUtilities/EN/RakhniDecryptor.zip May be it will help. But I doubt it can recover files encrypted by arena ransomware.
  11. Hello Nishant, 1. Which Kaspersky product did you have installed on your PCs, (and on what OS, I guess win 7 smth)? 2. Do you have any remote admnistration tool such as TeamViewer, RAdmin, etc or Remote Desktop connection enabled on infected PCs?
  12. Have to agree with richbuff. BTW, guys who asking about solution, how about to provide info I requested? The way of infection/attack looking is questionable now.
  13. Please check this out: https://sensorstechforum.com/arena-files-virus-dharma-ransomware-remove-restore/ May be it will be helpful.
  14. Thank you! I'm not form Kaspersky Support team and work in tetslab and responsible for KART product's lifecycle after release. Could you please also PM me here with the same message? Kaspersky Anti-Ransomware Tool provides real-time protection against ransomware, and cannot restore your data unless tool was working at the moment of infection. This is not a decryption tool (plase see pinned posts in KART's part of the forum). If files are already encrypted by Arena or Aleta, and no security solution was installed/working at the moment of encryption, for now it is inmpossible to restore files as soon there is no decryption tool for this ransomware at the moment. The info I asked actually necessary to understand why that happend to your PCs/servers. I would be gald to help, but there is a number of situations with ransomware when nobody can help. Now I can't determine if this one of such situation or no.
  15. Questions about Kaspersky Security for Windows Servers should be addressed to https://forum.kaspersky.com/index.php?/forum/5-protection-for-business.This part of forum is about Kaspersky Anti-Ransomware Tool for Business. But nevertheless, could you please show us the reports (full) from attcked PC(s)?
  16. Of course, our anti-malware research unit is constantly working on decryptor tools. But it is not always possible to decrypt encrypted data if you are already a victim of ransomware attack, and moreover I have no information about any terms. I can advise you to write to support@kaspersky.com and to periodically check https://www.nomoreransom.org and https://noransom.kaspersky.com. But as I mentioned, in number of cases decryption is hardly possible. What about questions I asked? If you are a victim of the atack, could you please also send the export of product's reports from infected PCs? P.S. Just a reminder, this is part of Kaspersky Anti-Ransomware tool's forum, NOT KES's forum. If you have questions related to Kaspersky Endpoint Security / Kaspersky Security Center, please ask at https://forum.kaspersky.com/index.php?/forum/5-protection-for-business/
  17. P.S. There is no decryption tool for Arena ransomware at the moment. So it is critical for protection to keep all protection components permanently enabled. Especially System Watcher.
  18. The set of protection components for KES installed on Windows Server is not thet big as for KES installed on Windows Desktop. System Watcher is absent in KES on servers. Could you please send us KES reports from infected machine?
  19. Hello, thank you very much for the report! This is known issue - unfortunately KART is not compatible with Avira at the moment. May be we can solve this in the future.
  20. Thank you for the answer, so what about System Watcher? This is one of protection components of KES 10. Was it enabled at the moment of infection?
  21. Hello friends. Could you please answer the following questions: 1. Do you have any Kaspersky solution installed on infected PCs, if yes, which one? 2. If you you have any Kaspersky solution installed on infected PCs, was System Watcher enabled ath the moment of infection? 3. Do you have any remote admnistration tool such as TeamViewer, RAdmin, etc or Remote Desktop connection enabled on infected PCs?
  22. Hello Patrik, did you already tried https://noransom.kaspersky.com? Did you had Kaspersky AV solution installed on your company's PCs before the attack? If you are Kaspersky user, you can also e-mail to support@kaspersky.com to get help there.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.