All Activity

This stream auto-updates     

  1. Past hour
  2. Also... Maybe you will need something from archives. Try the next trick for archives. Archive files are not encrypted like all files. The first 1-2 files may be damaged there, the rest will be serviceable. You can make a copy of the encrypted archive and then remove the .lapoi extension from this copy, unzip the archive and find the intact files.
  3. Here is a sample list where you can find the originals of the encrypted files : 1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2) in attachments of emails sent or received by you; 3) among the copies of shared photos of friends, relatives (in their PC) that you gave; 4) among the uploaded photos in the social. networks, including via smartphone and tablet; 5) among the uploaded photos to cloud services (Google Disk, OneDrive, Yandex Disk etc.); 6) on the sites of ads, forums, where you could previously send photos or images; 7) among unencrypted files, copies, renamed files on your PC; 8 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 9) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 10) you can use sample images supplied with Windows; 11) take photos or pictures that you previously posted on the avatar on the forums. 12) extract previously deleted files from the Recycle Bin or restore it with a special program. If decryption failed ... It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed. Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, because the repetition of the name is unlikely.
  4. Today
  5. Hi, Thank you for notice. when my laptop was affected with .lapoi virus and all my files with .lapoi extension. I re-installed my laptop and keep all the documents affected . So i don't have the originals files to upload since all the files were encrypted. what can i do in this case? Thank you🙏
  6. At the moment, this ransomware is poorly understood by researchers. Although I found and presented various samples and different variants. Therefore, at the moment there are no decryptors without paying a ransom. Collect encrypt files ans notes, do not delete, and wait, maybe in the future there will be a decryptor.
  7. Yes, the files were encrypted new variant of Estemani Ransomware. I was certain this on the October 15th and add the information to the article with the description. Your files confirm this.
  8. Thank you so much, finda attached some files and waiting for you savingmylife help. Reinstallazione Crash GX 280.docx @[email protected] ABP CF V5 - by quarter.xlsx ABP RIEPILOGO ACCERTAMENTI ICI-IMU.xls Accert ICI Garbagnate 2010.pdf ARESE I^.doc
  9. Hello My PC is infected from BORA RANSOMWARE, i download the decrypt tool from emsisoft ... but it shows me some error like this while using decrypt tool " Your Personal ID received from the infected file is 0171mHffOvde5RySDvGbZPWvC9M9u37uhbovJZlON5VEKvKjN
  10. Hello, They could be false positives. Please upload these files here to see if they are viruses and let us know the results: https://www.virustotal.com/gui/home/upload Claude
  11. C:\Program Files (x86)\Windows Media Player\wmpshare.exe detected: Gen:[email protected] (B)C:\Windows\SysWOW64\odbcad32.exe detected: Gen:[email protected] (B) We're also showing this on scan today.
  12. Yesterday
  13. Perhaps tomorrow you will be answered by the employees of Emsisoft or Demonslay335.
  14. I did try it! And it is working! Thank you very for that. However, I tried putting and MP4 file which is just 85mb and it is not giving me a result. And I thought that maybe because it is a big file. And I read that for bigger files I should ask for support. Is this something that you can work on?
  15. You need to upload files of different formats to the new decryption service, but you need to do this separately for each file type (PNG, JPG, DOC, PDF, RTF, TXT... ) If you found the largest original PDF, then need find its encrypted version. This must be uploaded to the service so that the decryptor finds a way to decrypt this file. After that, you should try to decrypt all other PDF files. Similarly, you need to do with other types of files. This way you can decrypt almost all files, but it will take a lot of time for all operations.
  16. Please follow the steps here and attach the requested logs so that one of our experts can help you. https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/
  17. Hi, My Windows file: C:\Program Files (x86)\Windows Media Player\wmpshare.exe Gen:[email protected] (B) C:\Windows\SysWOW64\bthudtask.exe Gen:Variant.Strictor.58214 (B) C:\Windows\SysWOW64\Dism\DismHost.exe Gen:[email protected] (B) C:\Windows\SysWOW64\iexpress.exe Gen:[email protected] (B) C:\Windows\SysWOW64\odbcad32.exe Gen:[email protected] (B) How to clean up this file ??
  18. Scan type: Custom Scan Objects: Rootkits, Memory, Traces, C:\, E:\ Detect PUPs: On Scan archives: On Scan mail archives: On ADS Scan: On File extension filter: Off Direct disk access: Off
  19. Just wondering what type of scan it was Jeremy.. a malware scan?
  20. Win8.1 64 bit, EAM 2019.9.0.9753 Clicked Pause in scan GUI, which did change to show Resume, but scan continued. Probably complicating things, a signatures update happened around the same time. There was definitely communication happening between the scanning service and the GUI. because the display of a just-scanned filename continued to change. Debug logs sent to @GT500
  21. Thank you so much! I just checked it. But unfortunately I was not able to automatically decrypt my files. I have to pair first. I tried on some pdf files and glady it works!! But the my problem right now is that. I have to make all my files be processed. And some of my files are really big. So I will have a hard time uploading it. My question will does all of my files needs to be learnt? And what if I have bigger files? I've read that you guys can help if the files are so big. Thank you for the big help!
  22. That's more than likely STOP/Djvu, and we have a new decryption service to aid with recovering files (as Amigo-A already pointed out). There is more information and instructions on using the service at the following link: https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
  23. This new decrypter is capable of decrypting files that were not encrypted using an offline key, however it requires a little help. You need to have a few original (unencrypted) files and encrypted copies of the same files (called "file pairs") in order to upload to our decrypter page so that it can learn how to decrypt some of your files. Note that this doesn't work for all files, for instance if you upload a file pair for a PNG image, then the decrypter will be able to decrypt any other PNG pictures on your computer that were encrypted at the same time, however it won't be able to decrypt anything else, so you'll need file pairs for each type of file you need to decrypt. The BleepingComputer article has more detailed information and instructions on how to use the decrypter. https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
  24. @GT500 and @Amigo-A, thank you for the insights. I'll report back as soon as I do as instructed.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up