All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. Can you provide me with both of your licences in a PM please ? Thanks
  4. hi infected by .mool No key for New Variant offline ID: uvEETK84RPC0Q5icp67CP746LJaCJuwq2tG9Kjt1 Notice: this ID appears be an offline ID, decryption MAY be possible in the future. 😩
  5. @Rinoy General Notes With Regards to STOP/DJVU If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes the RSA encryption algorithm. RSA is considered a secure encryption method and is unbreakable using current technologies. It is not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. Old Variant STOP/DJVU. If our decryption tool cannot decrypt the files, submit file pairs to https://decrypter.emsisoft.com/submit/stopdjvu/ What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  6. That is pretty vague. What do you mean by it is not working? General Notes With Regards to STOP/DJVU If the decryption tool tells you the files cannot be decrypted, then they cannot be decrypted. That is not an error message. If your file(s) have an Online ID that means that the file(s) encryption keys were generated and stored on a command & control server under the control of the ransomware gang responsible for encrypting your files. We do not have access to those keys. If your files(s) have an Offline ID and were not decrypted it is because we do not have the corresponding decryption key in our database. Do not ask us when we plan on adding it, because we do not have it or a way for generating your decryption key. Our database does include some Offline ID decryption keys for newer variants of the STOP/DJVU family of ransomware. If the files were encrypted with an Offline ID that matches one of the decryption keys in our database, then our decryption tool will be able to decrypt those files that were encrypted using that key. New Variant STOP/DJVU utilizes the RSA encryption algorithm. RSA is considered a secure encryption method and is unbreakable using current technologies. It is not reversible, cannot be cracked, and we are not able to generate a decryption key. So do not send us encrypted files thinking we can recover your decryption key, we can't. Old Variant STOP/DJVU. If our decryption tool cannot decrypt the files, submit file pairs to https://decrypter.emsisoft.com/submit/stopdjvu/ What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link:https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Also, see https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ for more information on the STOP/DJVU decryption tool.
  7. Hello @GT500. First of all, ty for your help. Edit: i fixed the command This way it will create a log file named Scheduled_log in the Logs folder. And it will quarantine in the quarantine folder. I added the /a /am /n and /dda comands. So it would scan compressed files, mail archives, NTFS Alternate Data Streams direct disk access. But i'm not sure about the /n and /dda purposes. What would be the benefits of add "Scan in NTFS Alternate Data Streams" and "Use direct disk access" comands? And how works?
  8. 100_4706.JPG.oossi also mail all data with this account mail id _readme.txt lokendra.docx.ooss
  9. Hi Can anyone advise me on a couple of questions on licensing please? We have two licences. One is for three seats and covers our server and has two seats unused. The other is for 27 workstation seats. I had been under the impression that I could create two workspaces, assigning one of the licences to one workspace and the other licence to the other workspace. I could then apply the appropriate installation token to the existing EAM installations to assign one licence or the other. This does not seem to work however, and ALL my devices, 28 in number, except the server have placed themselves under the first (27 seat) licence. This has resulted in that licence being oversubscribed. When I try to fix this by removing a device it just pops back in again as a ‘Not Managed’ device. The server cannot be seen at all. Also, when I go to 'Workspace Settings' – 'Licence' there is no option to change the seat count by removing or purchasing additional seats. Am I doing something wrong? What do I need to do? FYI - I was offered a merge of the licences to manage all under one licence but the boss wouldn't go for it as the cost of so doing was greater than two distinct licences. TIA
  10. my computer is attacked by "STOP (Djvu) with ransomnote_email: [email protected] and sample_extension: .ooss and i tried your decryption tool and its not working. it encrypt my whole computer data. some data is important and i need to decrypt that data. o get this software you need write on our e-mail: [email protected] Your personal ID: 0208a7d6lW2AVkqXAcXH0AflfMQDxGtMUzt5Pi12lIYcbiwx
  11. Thanks Frank for confirming what I suspected, that EAM treats detections differently depending on what you are doing. However I don't think many users would guess that this would happen.
  12. hi guys, you're mixing up 2 settings, like stapp already expected. Copy/paste actions invoke the File Guard, which obviously applies the settings as configured under 'File Guard'. The settings under 'Scanner Settings' are applied when running an on demand scan or scheduled scan. For scheduled scans the settings act as a template and can be modified per scheduled scan task. In this way users are offered to set different functionality for both realtime protection (File Guard) and Scans. Archives, like ZIP, are only scanned during (scheduled) custom scans and (manual) explorer context menu scans.
  13. Yes I enabled that before submitting the logs. Logs attached above should have the info I guess. Already 2 other users in this thread faced similar issue so maybe they can share their logs too. In my case both times it was a fresh installation and the second time it was a freshly installed Windows 10 too so that's why I said maybe it would be possible to reproduce the issue with a new installation of Emsisoft.
  14. Hello and thanks again for the help with the decryption of the server last night; it went well and we are extremely grateful for the hard work; we were able to restore all but two additional servers and I am hoping you don't mind helping with those as well if you are inclined; this came from the same executable as earlier (ssvchost.exe), and here is a link to the encrypted and non encrypted file pair as well as the ransom note if you don't mind helping us further, and all of our thanks here for certain! https://drive.google.com/file/d/1W9KbbwoNqE9gPcvUeMBNKsh_53vNY06r/view?usp=sharing
  15. Not unless the logs you attached are /debug/ logs - which you'd have had to enable (at the foot of the list of options in: Settings - Advanced). Maybe, but nobody will be able to tell what went wrong without seeing debug logs (which will show the programmers definitely why EAM thinks what it does). Many bugs don't get fixed (in any application) unless programmers can recreate the issue, or they can see from the logs and traces why the program got it wrong. Of course, the problem might get fixed as a side-effect of aome other change being made in future. That might not be enough. The users who've seen this problem might have systems which share a characteristic that causes the problem.
  16. Hello @Kc34 This is the result of STOP Ransomware attack that has been attacking computers around the world for several years. Demonslay335 and Emsisoft are working on decrypting various variants of this ransomware. Thet variants are a lot of them, you can familiarize yourself with the list of versions with different extensions. You can find multiple posts with a similar problem on this forum to find out how many similar cases. It seems that your case still has hope for decryption when a decryption key will added to the decryptor. You also need to check the PC and make sure. that the malware is not in the system. https://www.emsisoft.com/en/business/eek/ Otherwise, the files may be re-encrypted with a different key. This is very important to do as quickly as possible.
  17. @Geraldreeves Dawn Hello You need attach file _readme.txt to message
  18. Thanks I had to go in and take it out of quarantine because i didn't get the pop up it just blocked it. I assume I didn't get the notification even though the logs say I did because of a switch to silent mode maybe can't really tell. Thats what the log said for the event. One of the two is possible added it to my exclusions so will it send the data back that way?
  19. I have attached logs in my post above. Does that contain the necessary data? Besides I faced another problem today. Emsi was installed and running fine but suddenly I noticed Anti malware service, the service which is related to Windows Defender was running. Why would that be enabled? Didn't go away after reboot. Even Windows Security center was showing that I have Windows Defender enabled. Other utility programs which can show security center information was showing that both Emsisoft and Windows Defender are enabled. So what actually happened? Maybe while downgrading Emsisoft didn't register itself properly in security center. I had no choice but to uninstall Emsisoft. Btw, in another thread I showed that even after unstallation, Emsisofts registry key was still there in security center section. The same happened again. This is a freshly installed Windows 10 so it's not possible that it's a continuation of the my previous issue but rather the uninstaller of Emsisoft probably has some kind of a bug which is why it's failing to remove its registry key from security center. Anyway, I had too much trouble with Emsisoft this week and won't install it again till the bugs are fixed. I may try reproducing the issue in a VM and share logs. In the meantime, maybe other users facing these issues can provide the necessary logs. To reproduce the bug on your system try installing Emsisoft in a fresh system where it wasn't installed before.
  20. I do have "Automatically quarantine programs with bad reputation" however this must not apply when running a scan but does apply when doing copy and paste. Very strange. Let's s ee what Frank says.
  21. @stapp Do you have "Automatically quarantine programs with bad reputation" set in Settings - Advanced? (It seems to me that that option doesn't make it clear under what circumstances reputation would be examined. It does say in the tooltip, that this follows an "alert", whereas the log above shows "Notification" actions. Since the difference between "notification" and "alert" is significant, I wonder if that's just loose logging terminology or part of the problem.) I would be most unhappy if anything here got auto-quarantined, since that's more than likely to break applications dependent on files staying put.
  22. Win 10 64bit 1909... EAM beta 9977 As well as a Reflect image, I also have a little USB stick which, every so often, I copy and paste my docs, downloads and pictures to. It is sort of an emergency backup of files which I keep in a drawer. On this PC I have 5 eicar items which I keep to test the scanner. The scanner always tells me it has detected them but never quarantines them. I have report only selected in scanner settings. I have attached what EAM usually does and finds from a scan report. Today I selected documents, downloads and pictures in C\ users\ username (room) and chose copy. Then with my usb stick plugged in and opened I selected paste. EAM quarantined 2 items. (screenie attached) The 2 items were from Downloads. Why did it do that when I had it set to report only ? Was it because it wasn't a scan but a copy and paste? The Zip files in Downloads were not quarantined. The eicar.com.txt in root of C was also not quarantined. scan_200125-054319.txt
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up