All Activity

This stream auto-updates     

  1. Past hour
  2. I was sent a link to decrypt my laptop with your software and The first time I installed and started using it, it hung up on a file (4 hours and no movement) and now when i start nothing is showing in the results tab of the decryptor. I've scanned for the malware and and the number of infected files has not gone down in 5 hours of running.
  3. Yesterday
  4. I apologize for the delay in the response, but I did not receive any notice for this reason I was late in responding, thank you my friend and this is the message. ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-ceT7wn7Ioe Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0246regyjnkjddrtatQpRfpTf6bEEYHQxofqkrbRZ6xrCH6OD1M6h6t1
  5. I am also following this thread. I am facing same problem and need proper solution. I tried Google but couldn't found.
  6. We can only hope with you that the keys will be published in the future. There are now many modifications, NextGens and spin-offs, and there are imitators that fake the look, elements, and even IDs, that GlobeImposter originally had.
  7. Whe i star decryption of my files by Emsisoft decryptor proccess finish with an error in each file "this ID appears be an offline ID decryption MAY be possible in the future"
  8. Hello @ainoha, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hours of the posting, but be aware that if you post anytime in the late afternoon or evening on Friday, or anytime on Saturday or Sunday, you will not receive an answer until Monday. Also, be aware that our support technicians may not be in the same time zone as you, therefore there could be several hours difference between when you post and the technician working your support case is available. The below guidelines are for the Help, my PC is infected! Support Forum. They are intended to help you provide the technician, working your thread, with enough information to start formulating a plan to clean your machine; and for you to leave the Emsisoft Support Forums with a safe, secure, functioning computer. Emsisoft does not condone the use of Pirated/Illegal software. If such software is found on your computer, the technician assisting you will insist that the Pirated/Illegal software be removed. We reserve the right to refuse help to anyone who is unwilling to uninstall Pirated/Illegal software We insist that anyone receiving help, here at the Emsisoft Support Forums, install an Anti-Malware program at a minimum to protect their system. Start only one thread requesting help. Keep all your questions in your thread. DO NOT start a new topic. If you don't know, stop and ask! Don't keep going on. Continue to respond until you are given "All Clear" (Just because you can't see a problem doesn't mean it isn't there) Once your case has been solved, the thread will be closed. Your thread will be closed after 72-hours of no activity. DO NOT use any form of Haxor, Leetspeak, Netspeak, IM speak and such in any postings on this forum. Use only proper spelling, grammar, punctuation, and capitalization. The more time the person helping you has to spend trying to figure out what you are saying, the longer it will take them to formulate a response. DO NOT post any logs without first completing the steps in this guide, they will be deleted. DO NOT copy and paste logs into your threads. All logs are to be attached to your post. Download to your Desktop: Emsisoft Emergency Kit Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools from the infected system, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. WARNING: The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. Let's get started: Install and Run Emsisoft Emergency Kit (EEK): IMPORTANT If you have Emsisoft Anti-Malware (EAM) Installed do not install and use EEK. Instead run a custom scan with EAM and provided the EAM Scan report. Double click EmergencyKitScanner.exe to install EEK When the installation of EEK is complete the Emergency Kit scanner will run. NOTE: Make sure to enable PUPs detection. Click "Yes" to Update Emsisoft Emergency Kit Under "Scan" click-on "Malware Scan". IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted. Save the scan log somewhere that you can find it. Exit Emsisoft Emergency Kit. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt Attach the following logs to your reply: Emsisoft Emergency Kit log (C:\EEK\Reports) NOTE: If you ran EAM supply the EAM scan report. FRST.txt Addition.txt IMPORTANT NOTE: Any logs that are copied and pasted to a post will be removed from the post without being read. Do not alter or change the logs in any way. Once a Malware Removal Specialist has replied to your request for malware removal, they will handle your case from start to finish. You will have 72 hours to reply to any instructions given by the Malware Removal Specialist handling your case. Failure to comply with requests for information or instructions from the Malware Removal Specialist handling your case will result in the locking of your thread.
  9. Hi, Its almost more than a moth is passed. If there is any improvement on this issue. Please help me.
  10. Thankyou for looking into this and getting the right result, I was very confused, because I could find it being called a bunch of other things around the web, I guess I will just keep the files safe and hope that the keys get released in the future, out of interest, what do you think the chance of the actors actually being reachable and getting a decryption key by paying at this point? Because I can check the bitcoin wallet quoted and it hasn't been touched since about 2017?
  11. Hello This result with your files - https://id-ransomware.malwarehunterteam.com/identify.php?case=d9266107bde4003efe5528480b72460b0bd119ea To achieve the right result need upload a ransom note and a encrypted file. IMG_0462a.jpg.crypt + how_to_recover_files.html = GlobeImposter 2.0 Ransomware The email-address can be used in various ransomware. Actors move from one project to another. But ID is very specific for GlobeImposter and is determined mostly without problems.
  12. Hallo, Ich habe das an die Entwicklung weiter gegeben. Wir melden uns so bald als möglich. Claude Bader
  13. Please refer to the screenshot that I have provided as well of the ID by the software, for context this group of files was encrypted probably sometime in 2016-ish, it's been quite a many years since it has actually been encrypted, I've just been re-told to have a look into the files and try to decrypt them again, but I have attached a few test files and their unencrypted counterparts FacebookVideoCallSetup_v1.2.205.0.exe FacebookVideoCallSetup_v1.2.205.0.exe.crypt how_to_recover_files.html IMG_0461a.jpg.crypt IMG_0462a.jpg.crypt IMG_0463a.jpg.crypt
  14. If that's the case, then why is it that when I look up your IP address on ID Ransomware, it shows a result for GlobeImposter 2.0? I'm fairly certain that none of the variants of Globe have been in distribution for years, however I know that GlobeImposter 2.0 is still in distribution. Could you attach a few encrypted files and a copy of the ransom note to a reply for me?
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. That means it is still searching for encrypted files. It will stop saying "starting" once it has found them. Traducción proporcionada por Google: Eso significa que todavía está buscando archivos cifrados. Dejará de decir "iniciando" una vez que los haya encontrado.
  17. I have ran it through the ID website many times and it identifies it as Globe3, because of the email present in the ransomnote: [email protected] I have also looked up the bitcoin address and it seems people have ID'ed it also as Globe3, but I just can't seem to get a positive decryption happening, no matter what I try? Is it possible that there may be some erroneous bits at the end of the file that could be causing it to be a slightly different size?
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. We get these keys when victims who have an offline ID pay the ransom and donate their private key to us, so there's no way to know when that might happen. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu. Si tiene una identificación fuera de línea, una vez que podamos encontrar la clave de descifrado para esta variante y agregarla a nuestra base de datos, debería poder recuperar sus archivos. Sin embargo, si tiene una identificación en línea (que es más probable), no será posible recuperar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  23. Good morning all, I'm Joey Starr and i'm a french rapper & french music producer @joey: we are Nathalie Tulissi, 42 years, Robin Mansencal 9 years & Romane Mansencal 12 years and a friend assigned me a drive letter to the "samsung recovery" partition and without paying attention infected the "samsung recovery" partition with onesafe, and a zip bomb, the D: / disc was also touched by the zip bomb all peripherals are connected (card, usb disk, external disk, etc ...) but only the smartphone & tablet ares recognized by the explorer we must download and then reinstall a new "samsung recovery" partition / pe environment of samsung recovery on the internal disk; But how to do it ? below reports/logs of adsfix pre_scan: Thans... AdsFix_24_09_2020_18_01_52.txt AdsFix_25_09_2020_13_31_26.txt Pre_Scan_26_09_2020_12_49_36.txt QuickDiag_20_09_2020_17_15_36.txt
  24. Then it's probably GlobeImposter 2.0 or something like that. Did you check with ID Ransomware? If it's GlobeImposter 2.0 then it should identify it accurately.
  25. The virus is one everything is new but files are still decrypted in .kolz and its showing my id is online
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up