All Activity

This stream auto-updates     

  1. Past hour
  2. leonir
    I do not understand. I read that you write: "Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back". So why can't you both compare and find out the cipher for this file type?
  3. kunal kanojiya kunal kanojiya joined the community
  4. kunal kanojiya
    please help me how to de-crypt .nlah files
  5. Today
  6. Javierok
    "Run it now. The offline key for the .covm variant has been recovered by Emsisoft. " After I have seen this I runned the program. I´m infected with the variant of .covm. Why isn´t working?
  7. Javierok
    After I run the dercyptor, it shows the message: No key for New Variant online ID: xbjvwGxYwjexkYQcffstv33UYNH5YHeyir53tgdo Notice: this ID appears to be an online ID, decryption is impossible Please help!!
  8. andrewek
    Hello all! I tried on a laptop - disabled Core Isolation. Crash problem (a2guard.exe) - persisted 🙄 (when the notification about removable devices is On) If notifications are turned Off, there is no crash. Of course, I'm not an expert, but, probably, the reason is really in Sciter ( modern UI Development) - after all, only this NEW one appeared in EAM? https://sciter.com/ p.s. For the sake of the experiment: I turned On the Core Isolation on a stationary computer - there is no crash of a2guard.exe. This is evidence that this Windows setting has nothing to do with it! However, it is incomprehensible - notifications about removabledevice are included On a stationary computer - but there is no crash ... It seems this is some kind of local EAM problem on my LAPTOP😔
  9. bjm_
    Yes, I meant Emsisoft Anti-Malware Wonder why Emsisoft has not moved Emsisoft Anti-Malware heavy lifting to the cloud. Just me. Thank you
  10. Raynor
    A little feature request: It would be nice if the cloud console remembered the sorting order of its list view as well as the number of devices displayed per screen (25, 50 or 100) that was last chosen by the user. 🙂 Best regards Raynor
  11. ho3ein
    What can I do to prevent re-encryption of files?
  12. andrewek
    Hello! Exactly this is something new at EAM! Because BEFORE the EAM update (Sciter) (2020.6) - I had NO problems with the crash of a2guard.exe😒 Ok, I’ll try to turn off isolation and look at the crash problem. Then can you turn Core Isolation back On without harming the system? p.s. EAM has been working for me for a whole year (!) with Core Isolation turned On without crash problems. So, the reason, most likely, is not in this setting of Windows, but with a new element in EAM😌 Agree, this is a logical argument?
  13. andrewek
    Hello! I'll try!
  14. spidy0008
    when you suggested to check if there any other Anti-virus service active, that time I disabled the protection and then did a fresh install of EMSISOFT.
  15. GT500
    Just run the decrypter. It will tell you your ID, whether it is online or offline, and whether or not your files can be decrypted.
  16. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. GT500
    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  18. GT500
    I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  19. GT500
    An "online key" refers to a pair of private and public keys that were generated by the ransomware's command and control server. Many ransomwares use this same strategy to ensure that victims can't get their hands on the private key in order to ensure that they can't decrypt their files for free or get help from anyone else. The only reason we use the terms "online" and "offline" in regards to the ID's and keys used by STOP/Djvu is due to the fact that the ransomware has a built-in ID and public key to be used for encrypting files when it can't connect to its command and control servers, which is why we refer to them as "offline".
  20. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. GT500
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. GT500
    Apparently it was suggested to QA already, and they've made a note of it.
  23. GT500
    That reminds me, the Windows Security Center isn't installed on server editions of Windows by default, so Windows Defender may not be shutting off when Emsisoft Anti-Malware is installed and active. You may need to disable Windows Defender manually, or add an exclusion to Windows Defender for Emsisoft Anti-Malware's EXE files to prevent issues. I'll check with QA about that.
  24. GT500
    Behavioral detection (that is detection based entirely on an unknown program's behavior rather than static or heuristic signatures in a database) is governed by a series of rules that are stored locally, and supplemented by a cloud network that uses multiple sources of data to try to reduce false positives and increase quality of detections. EAM also uses traditional Anti-Virus technology where a local threat database with static and heuristic signatures is kept for the purposes of real-time and on-demand scanning of files and programs. This database is updated periodically (once every hour by default) to ensure detection of the latest threats. Partially. We use two Anti-Virus engines (one made by us, and one made by BitDefender) and each has its own database. If you mean the software (Emsisoft Anti-Malware, aka. "EAM") then it relies mostly on its Anti-Virus engines and database of signatures, as well as the Web Protection. The Behavior Blocker is there to stop the small percentage of threats that aren't stopped by the other protection mechanisms, sort of like a last line of defense.
  25. ho3ein
    thanks but ... Where should I look for the id that you said?
  26. GT500
    The Behavior Blocker is capable of producing a significant number of notifications in rapid succession. They have to be contained to prevent blocking too much screen real estate, otherwise they become too much of a nuisance. Currently we handle that by only allowing a single notification on the screen at a time. Also, in this case, as soon as EAM receives information from our servers about the process being queried, the notification that it's looking up the reputation becomes irrelevant since EAM is done doing that and is ready to tell you what it found. That's why the notification changes immediately instead of waiting for its normal timeout period. This was the result:
  27. GT500
    It could be related to the new version of Sciter (the framework we use to build EAM's UI) we updated to in EAM 2020.6. When we do that, there's always the possibility of new UI related bugs, and the content of the notifications is displayed using Sciter just like everything else in the UI. My assumption would be that it probably isn't, however we haven't tested this recently so I can't know for certain. If you turn it off and restart the computer, does that have any effect on the issue?
  28. GT500
    Logs from the stable version are unfortunately not going to tell us anything new (we already have those logs from our own systems that are experiencing this), and we've moved beyond the current stable version in our own testing. Obviously we appreciate the offer to assist us, but right now we need to focus on getting debug information from special testing builds of EAM, and that will go faster if we do it internally as employees with effected workstations can communicate directly with QA and the developers and send them debug info right away when there's need to.
  1. Load more activity

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up