All Activity

This stream auto-updates     

  1. Past hour
  2. @Anbu Some STOP variants are known to install malware in order to ensure that newly added files are encrypted. Let's make sure the is no active malware infection present, and it there is then we can remove it. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  3. @ferko85 Let’s deal with the active malware infection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  4. Hello @Reggia99, Welcome to the Emsisoft Support Forums. Let's deal with the active malware inspection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  5. Please help me, my computer is infected with a ransomware virus with the extension .NOSU File. I still have the ID and the Readme / ransom. I tried the existing Djvu Decryptor variant, but it didn't work.
  6. Today
  7. I've PMed @GT500 with the location of debug logs, from the time of the system restarts a few days ago, through to a few minutes ago.
  8. First you need scan PC to deactivate the malware end eliminate re-encryption processes.
  9. Hello @Reggia99 First you need to deactivate the malware to eliminate re-encryption processes with new variants of encryptor. Soon, a support specialist will answer you and help that you remove the malware.
  10. stapp

    CLOSED Beta 9922

    Thanks Frank for the reply.
  11. @stapp, as for all windows apps, you first have to click the -Restore- button an then you will be able to manually resize the UI. As the restore button currently doesn't do too much, we have to fix that, as it should restore to previous dimensions.
  12. The last restarts were on Mon morning (two and a bit days ago) when I applied some Windows updates.
  13. Jeremy I will ask before anyone else does, have to restarted your machine lately?
  14. stapp

    CLOSED Beta 9922

    I made EAM gui full size to check something in the logs. Now I cannot find a way at all to resize it. I have even tried altering my screen scaling, but there is no double edged arrow around the gui to pull it to an alterable size. Is this related to the fix you did?
  15. Win 8.1, EAM 2020.1.0.9926 I just noticed my EAM systray icon has turned red. Looking at the overview screen I see that apparently the system hasn't updated for two days - see screenshot: https://www.dropbox.com/s/8s3rrekbvjeaabx/20200122 1250 partial protection.jpg?dl=0 I'm pretty sure I've seen regular notification panes saying updates are happening. And the forensic log seems to say so too: https://www.dropbox.com/s/ihf806q65qgglwg/20200122 1251 but log looks ok.jpg?dl=0
  16. I got infected with the STOP/Djvu ransomware a few months ago, the laptop is totally useless since then. The extension is .domn and the ID ends with a t1. I will appreciate any help I could get at recovering my files. NB. The ransomware encrypts any new executable file I send to the PC so I can't even install programs to see if I could rid my PC of the ransomware.
  17. @ferko85 What day did the encryption happen?
  18. No, newer variants with online ID's will remain undecryptable until the private keys kept by the criminals are made public.
  19. Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.
  20. It may be a newer version of ChernoLocker that our decrypter doesn't support yet. I'll ask our malware analysts to be certain.
  21. Maoloa, however I suspect that may be a false positive.
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. OK, thanks for letting us know. Core parking shouldn't be an issue on modern editions of Windows, at least as long as you have a high performance power plan selected, however if you want to verify this then the tool at the following link should help: https://coderbag.com/product/quickcpu You may also be able to find more information and settings in the advanced CPU tweaking utilities available directly from Intel and AMD. https://downloadcenter.intel.com/download/24075/Intel-Extreme-Tuning-Utility-Intel-XTU https://www.amd.com/en/technologies/ryzen-master
  24. any update on .nbes extension files decryption ?
  25. Hi, got the kodc attack, I believe I got lucky and went with the offline key (found on PersonalId): v06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Here is the content of the _readme.txt: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-Oc0xgfzC7q Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up