All Activity

This stream auto-updates     

  1. Past hour
  2. Please help me, my computer is infected with a ransomware virus with the extension .NOSU File. I still have the ID and the Readme / ransom. I tried the existing Djvu Decryptor variant, but it didn't work.
  3. Today
  4. I've PMed @GT500 with the location of debug logs, from the time of the system restarts a few days ago, through to a few minutes ago.
  5. First you need scan PC to deactivate the malware end eliminate re-encryption processes.
  6. Hello @Reggia99 First you need to deactivate the malware to eliminate re-encryption processes with new variants of encryptor. Soon, a support specialist will answer you and help that you remove the malware.
  7. stapp

    CLOSED Beta 9922

    Thanks Frank for the reply.
  8. @stapp, as for all windows apps, you first have to click the -Restore- button an then you will be able to manually resize the UI. As the restore button currently doesn't do too much, we have to fix that, as it should restore to previous dimensions.
  9. The last restarts were on Mon morning (two and a bit days ago) when I applied some Windows updates.
  10. Jeremy I will ask before anyone else does, have to restarted your machine lately?
  11. stapp

    CLOSED Beta 9922

    I made EAM gui full size to check something in the logs. Now I cannot find a way at all to resize it. I have even tried altering my screen scaling, but there is no double edged arrow around the gui to pull it to an alterable size. Is this related to the fix you did?
  12. Win 8.1, EAM 2020.1.0.9926 I just noticed my EAM systray icon has turned red. Looking at the overview screen I see that apparently the system hasn't updated for two days - see screenshot: https://www.dropbox.com/s/8s3rrekbvjeaabx/20200122 1250 partial protection.jpg?dl=0 I'm pretty sure I've seen regular notification panes saying updates are happening. And the forensic log seems to say so too: https://www.dropbox.com/s/ihf806q65qgglwg/20200122 1251 but log looks ok.jpg?dl=0
  13. I got infected with the STOP/Djvu ransomware a few months ago, the laptop is totally useless since then. The extension is .domn and the ID ends with a t1. I will appreciate any help I could get at recovering my files. NB. The ransomware encrypts any new executable file I send to the PC so I can't even install programs to see if I could rid my PC of the ransomware.
  14. @ferko85 What day did the encryption happen?
  15. No, newer variants with online ID's will remain undecryptable until the private keys kept by the criminals are made public.
  16. Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.
  17. It may be a newer version of ChernoLocker that our decrypter doesn't support yet. I'll ask our malware analysts to be certain.
  18. Maoloa, however I suspect that may be a false positive.
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. OK, thanks for letting us know. Core parking shouldn't be an issue on modern editions of Windows, at least as long as you have a high performance power plan selected, however if you want to verify this then the tool at the following link should help: https://coderbag.com/product/quickcpu You may also be able to find more information and settings in the advanced CPU tweaking utilities available directly from Intel and AMD. https://downloadcenter.intel.com/download/24075/Intel-Extreme-Tuning-Utility-Intel-XTU https://www.amd.com/en/technologies/ryzen-master
  21. any update on .nbes extension files decryption ?
  22. Hi, got the kodc attack, I believe I got lucky and went with the offline key (found on PersonalId): v06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Here is the content of the _readme.txt: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-Oc0xgfzC7q Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1
  23. Yesterday
  24. Please help, What can be happening that I got that message, the extension of the files is .CH) Why the software says that the file type is not supported? Please help!!!!!
  25. Hi, I'm having an issue, I cannot decrypt the files through "decrypt_ChernoLocker", it says "file not supported" The infected file has been deleted with GridinSoft Anti-Malware Please help. Thanks in advance. from https://www.emsisoft.com/ransomware-decryption-tools/ We have identified "ChernoLocker". This ransomware is decryptable! Identified by: ransomnote_email: [email protected] Click here for more information about ChernoLocker. Case number: 2987a1b471b993938d85e38b2cefa859046b431a1579578919
  26. Hello @COnsu1 Как и сказал выше Kevin Zoll, это результат атаки Dharma, точнее крупномасштабного международного крипто-вымогателя Dharma Ransomware Вы можете ознакомиться с подробным описанием по моей ссылке. Тот вариант, который зашифровал ваши файлы, известен нам с ноября 2019 года (.[[email protected] ].harma). Никто достоверно пока не заявлял о том, что может расшифровать файлы после атаки этого шифровальщика. Все утверждения неких фирм по расшифровке и восстановлению, которые можно найти в Интернете — обман или мошенничество. Вас могут обмануть и выманить деньги за якобы проведенную работу и потраченное время. Не верьте! Без сговора с вымогателями, они ничего не могут сделать с расшифровкой файлов. Сговор с преступниками в большинстве цивилизованных стран тоже не менее тяжкое преступление.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up