All Activity

This stream auto-updates     

  1. Past hour
  2. elhakim
    Please help me, my computer is infected with a ransomware virus with the extension .NOSU File. I still have the ID and the Readme / ransom. I tried the existing Djvu Decryptor variant, but it didn't work.
  3. Anbu
    please help me
  4. Today
  5. JeremyNicoll
    I've PMed @GT500 with the location of debug logs, from the time of the system restarts a few days ago, through to a few minutes ago.
  6. Amigo-A
    First you need scan PC to deactivate the malware end eliminate re-encryption processes.
  7. Amigo-A started following Domn ransomware
  8. Amigo-A
    Hello @Reggia99 First you need to deactivate the malware to eliminate re-encryption processes with new variants of encryptor. Soon, a support specialist will answer you and help that you remove the malware.
  9. stapp

    CLOSED Beta 9922

    stapp replied to stapp's topic in Beta Community

    Thanks Frank for the reply.
  10. Frank H

    CLOSED Beta 9922

    Frank H replied to stapp's topic in Beta Community

    @stapp, as for all windows apps, you first have to click the -Restore- button an then you will be able to manually resize the UI. As the restore button currently doesn't do too much, we have to fix that, as it should restore to previous dimensions.
  11. ferko85
    Great! Thanks! Yesterday
  12. JeremyNicoll
    The last restarts were on Mon morning (two and a bit days ago) when I applied some Windows updates.
  13. stapp
    Jeremy I will ask before anyone else does, have to restarted your machine lately?
  14. stapp

    CLOSED Beta 9922

    stapp replied to stapp's topic in Beta Community

    I made EAM gui full size to check something in the logs. Now I cannot find a way at all to resize it. I have even tried altering my screen scaling, but there is no double edged arrow around the gui to pull it to an alterable size. Is this related to the fix you did?
  15. JeremyNicoll started following EAM wrongly(?) claiming system partially protected
  16. JeremyNicoll
    Win 8.1, EAM 2020.1.0.9926 I just noticed my EAM systray icon has turned red. Looking at the overview screen I see that apparently the system hasn't updated for two days - see screenshot: https://www.dropbox.com/s/8s3rrekbvjeaabx/20200122 1250 partial protection.jpg?dl=0 I'm pretty sure I've seen regular notification panes saying updates are happening. And the forensic log seems to say so too: https://www.dropbox.com/s/ihf806q65qgglwg/20200122 1251 but log looks ok.jpg?dl=0
  17. elhakim elhakim joined the community
  18. Reggia99
    I got infected with the STOP/Djvu ransomware a few months ago, the laptop is totally useless since then. The extension is .domn and the ID ends with a t1. I will appreciate any help I could get at recovering my files. NB. The ransomware encrypts any new executable file I send to the PC so I can't even install programs to see if I could rid my PC of the ransomware.
  19. Reggia99 started following GT500
  20. Amigo-A started following Harma ([email protected]) and Rasomware .kodc
  21. Amigo-A
    @ferko85 What day did the encryption happen?
  22. GT500
    No, newer variants with online ID's will remain undecryptable until the private keys kept by the criminals are made public.
  23. GT500
    Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.
  24. GT500
    It may be a newer version of ChernoLocker that our decrypter doesn't support yet. I'll ask our malware analysts to be certain.
  25. GT500
    Maoloa, however I suspect that may be a false positive.
  26. GT500
    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  27. GT500
    OK, thanks for letting us know. Core parking shouldn't be an issue on modern editions of Windows, at least as long as you have a high performance power plan selected, however if you want to verify this then the tool at the following link should help: https://coderbag.com/product/quickcpu You may also be able to find more information and settings in the advanced CPU tweaking utilities available directly from Intel and AMD. https://downloadcenter.intel.com/download/24075/Intel-Extreme-Tuning-Utility-Intel-XTU https://www.amd.com/en/technologies/ryzen-master
  28. Bodytester2 Bodytester2 joined the community
  29. Rohith
    any update on .nbes extension files decryption ?
  30. ferko85 ferko85 joined the community
  31. ferko85
    Hi, got the kodc attack, I believe I got lucky and went with the offline key (found on PersonalId): v06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 Here is the content of the _readme.txt: ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-Oc0xgfzC7q Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1
  32. Yesterday
  33. Raúl
    Please help, What can be happening that I got that message, the extension of the files is .CH) Why the software says that the file type is not supported? Please help!!!!!
  34. Raúl Raúl joined the community
  35. Raúl
    Hi, I'm having an issue, I cannot decrypt the files through "decrypt_ChernoLocker", it says "file not supported" The infected file has been deleted with GridinSoft Anti-Malware Please help. Thanks in advance. from https://www.emsisoft.com/ransomware-decryption-tools/ We have identified "ChernoLocker". This ransomware is decryptable! Identified by: ransomnote_email: [email protected] Click here for more information about ChernoLocker. Case number: 2987a1b471b993938d85e38b2cefa859046b431a1579578919
  36. Amigo-A
    Hello @COnsu1 Как и сказал выше Kevin Zoll, это результат атаки Dharma, точнее крупномасштабного международного крипто-вымогателя Dharma Ransomware Вы можете ознакомиться с подробным описанием по моей ссылке. Тот вариант, который зашифровал ваши файлы, известен нам с ноября 2019 года (.[[email protected] ].harma). Никто достоверно пока не заявлял о том, что может расшифровать файлы после атаки этого шифровальщика. Все утверждения неких фирм по расшифровке и восстановлению, которые можно найти в Интернете — обман или мошенничество. Вас могут обмануть и выманить деньги за якобы проведенную работу и потраченное время. Не верьте! Без сговора с вымогателями, они ничего не могут сделать с расшифровкой файлов. Сговор с преступниками в большинстве цивилизованных стран тоже не менее тяжкое преступление.
  1. Load more activity

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up