All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. Hello, please support [*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas ) [*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C Is there a solution to this problem? Even after a while!!!!!! Do I wait and leave the encrypted files as they are? _readme.txt Model(1).png.mtogas
  4. No, I didn't checked the Cloud Console. Having everything local is an important factor for my clients and myself. With the new pricing scheme, EMSI business licences are in the pricerange of Endsecurity solutions. So I would expect to see EMSI moving the Client into that direction too. The "competition" is coming from Windows 10 too. I see people asking to ditch third party antimaleware at all. I'm currently opposing that, but once Win7 is EOL it will become harder to convince customers to see the benefits of EMSI in comparison to EndSecurity solutions (bundled with SPAM filter etc) or the plain Win10 defender tools. But back to the main topic of Enterprise Console: Currently the Enterprise Console seems to not offer all settings of the EMSI client (e.g. Appearance: Dark / Bright is not found in the policy/settings)?
  5. One of our servers had a SAMBA share left open for reasons we are unclear of. Currently the VMs running on the machine are fine (seems to be in memory) but if they reboot the .vdi files are unusable. We do have backups but this would ofcourse result in alot of work reinstalling these servers. I have tried the decrypt tool on some offline .vdi files but it will not work. What happened to your files ? All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus. What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files. Your unique id: 6C95029F8EFD463899B724524B86F659 This is the ID on our files.
  6. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  7. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  8. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  9. I've confirmed the behavior you've reported, and forwarded the info to QA along with debug logs.
  10.  

    Hello, please support

    [*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas )

    [*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C

    Is there a solution to this problem? Even after a while!!!!!!

    Do I wait and leave the encrypted files as they are?

    _readme.txt

    50793901_1454499264684933_1188840440657346560_n.jpg.mtogas

  11. I didn't have any trouble executing EmsisoftAntiMalwareSetup.exe on Win 10 1903 (x64) from the command prompt with the parameters you used. It installed without any trouble. The two most obvious possibilities right now are either the installer can't write to the TEMP folder, or it isn't executing with administrator rights.
  12. We digitally sign our software using SHA-256 certificates (it is no longer possible to obtain SHA-1 certificates), and Windows 7 didn't originally have support for the SHA-2 family of hashing algorithms (which includes SHA-256). You need to make sure that Windows is up to date. Please see the following link for more information about updates that include SHA-2 support: https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update
  13. Last week
  14. Hi Tim, We've made the Syncro developers aware that their software is not fully compatible with our platform and are waiting for a fix on their end. Thanks
  15. Thank you, I've already reported to support. I've tested this on Windows 10 Pro 64 bits, version 1903. How to reproduce: - Run EEK (accept the licence, there's no need to update the definitions); - Close EEK; - Try to delete C:\EEK, even after a restart. In my computer, and also inside a VM running Windows 10, it was not possible to delete the epp.sys. Tried to disable Windows Defender and to disable fast start-up. The result was the same. What makes me think that this may be a more general problem, is the fact that I'm having the same results inside a VM running a clean and updated image of Windows 10 (version 1903). Hopefully it's only on my computer.
  16. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  17. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You have already attached the note _readme.txt to the message and you can proceed further by yourself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  18. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  19. attache file that encrypted and the readme.text from the virus plz help me ... Dunkirk.jpg.nasoh _readme.txt
  20. Hi Arthur, I'm using the EmsisoftAntiMalwareSetup.exe installer.
  21. Hello, I hope this is the right place for this topic. We use the SyncroMSP platform for our RMM/ PSA solution. As you may know, Syncro is integrated with Emsisoft, so Emisosft licenses can be purchased and managed transparently from within Syncro. Meanwhile, we are testing the new Emsisoft Cloud Console. The problem is that when I connect Emsisoft instances that have been created/licensed from Syncro to the ECC, they show as unlicensed. I cannot apply the license key for the instances that I find at "Show License" in the program, as I receive error "The license you entered does not exist or is already registered with another user account or workspace." I expected this, because Syncro owns the license, not me. Thoughts on how to get this working? I will also engage with Syncro support but your team is faster and more clever 🙂 Thanks!! -Tim
  22. my files is encypyed with .fedasot so i wanted to ask if there is any decrypter tthat can help me to restore my data this data very impotant and i donot have backup so plz somebody helps me to restore it Folder.jpg.fedasot
  23. Hi guys, my files infected by ransomware with extension .nacro file named STOP DJVU. Pls. help me I can't access my files. Thank you. ID : cSGvfcaFvgzYFNJX7zgblhaqtA6ZgCh1ULp1kz5v (.nacro ) Miles
  24. Secondarily... While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Then, after checking and cleaning, you will need to change the passwords on the accounts in browsers. Ransomware do not come by just one, they come with backdoors, trojans and password-stealers to inflict maximum damage and take more money.
  25. I have been tracking the malicious work of this program since December 2017. This was much earlier than the well-known anti-virus companies. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Firstly... You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  26. There is no separate ransomware with that name. This is varint of STOP Ransomware Look at the list in The versions numbers and extensions of STOP-Djvu Ransomware - extension .mtogas under #144 An international criminal group, behind this criminal business, infects sites, software distributions, key generators and other tools for hacking and illegal use of paid programs. If you became a victim of this ransomware, it means that you poorly protected your PC, probably using free anti-virus programs that a priori will not protect against ransomware and similar complex attacks. Their functionality is limited and almost useless. Also, the new Windows 10, even loaded with the latest updates and critical patches, will not protect against ransomware. This has been tested by my test team many times.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up