All Activity

This stream auto-updates     

  1. Past hour
  2. Hello there, GT500, thanks for replying. Ok FRST program has finished running. Here are the 2 files attached. Addition.txt FRST.txt
  3. Today
  4. Surya dinata You have shown the "Logs" tab. Are there objects in the "Quarantine" tab? In this case, your need export the TrojanGenericKD.31967470 file for expert analysis.
  5. Only candidate in this list - TrojanGenericKD.31967470 in CupVAUuPRKt.dll In my list him is not. But my list is also not complete, it is only what I was able to collect.
  6. Hallo Olynt, ich bitte um Verzeihung für die späte Rückmeldung. Eine private Nachricht mit einem Link habe ich gerade versendet. Ich wünsche noch einen schönen Tag!
  7. Thanks for your feedback stapp.
  8. Just for info, released build of Win 10 1903 upgraded with EAM installed and running without any issues at all.
  9. Dear Anky In principle, this can be done if you save all the files and notes on the redemption where they are. Sometimes files can be encrypted in several steps. Some are encrypted with one key, others with another, it depends on how your PC worked at the time of encryption - was turned on, then off, connected to the Internet or not. For Demonslay335 may need to search for files, if there are no other samples of the malicious file, that was active on your system. Wait for Demonslay335 answer and make the final decision.
  10. Dear sunny parmar Above, GT500 wrote you what need to do according to his instructions. This can help to developer of STOPDecrypter, and you, of course.
  11. Dear sunny parmar The solution is possible, but not immediately. You can view other topics to familiarize yourself with the process. First, the Ransomware is created, then it is distributed through the sites, then the user downloads something, starts it.., then malware infects the PC and encrypts the files. After that, the user discovers that the files are encrypted. Then he turns for help ... How to help him if the files are his PC and encryption occur on his side? Specialists are ready to help, but they need to examine the encrypted files and get the keys for decrypt in order to make decryption possible and more simple. This is a more complicated process than to smear an injured finger with antiseptic, iodine and cure it.
  12. if i move my encrypted data to new hard drive and formate my whole laptop and instal new window in it then also i can decrrypt my data
  13. sir pls help me, my pc all fia.txt.fordanles fordan extension and encrypted pls solve my problem
  14. I don't know the source of the infection MR, By the why the contents quarantina has ben delete by the avast boots scan. Here I'm attach the log from EEK, i don't know whether this can help. sory my bad english...
  15. [!] No keys were found for the following IDs: [*] ID: 3yJSDu5l4JvViyu408oZ0z2JDewnlpR6dttPgZt1 (.radman ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 10:78:D2:31:55:87 This info has also been logged to STOPDecrypter-log.txt
  16. Most components of Emsisoft Anti-Malware don't run in Safe Mode, however if the systems boots and our disk filter driver isn't running then it will BSoD on startup. I haven't heard any other reports of issues since this update was released. It's possible that there's a third factor on the system beyond just Emsisoft Anti-Malware and the Windows Update in question. Let's try getting a log from FRST, and see if it shows anything relevant. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  17. Would you happen to know where the infection came from? If you can send us a copy of the source for the infection, we can take a look at it. If we can get our hands on this variant of the ransomware and forward it to the guy who makes STOPDecrypter, then he'd be able to take a look at it as well. If I'm right about your ID being an offline ID, then your files would be decryptable.
  18. Hello, I am been using Emsisoft Anti Malware for a number of years............ No major hiccups........till this problem. I am referring to Windows 7 Update: KB4493472 https://support.microsoft.com/en-my/help/4493472/windows-7-update-kb4493472 https://www.ghacks.net/2019/04/11/oh-look-another-broken-windows-update-kb4493472-and-kb4493446-causing-issues/ Has anyone experiencing isssue with this update? My problem is after doing this update, my PC will have blue screen, which normally indicates Hardware driver issues, I spent days and nights, trying to find the root cause, but no avail, till I uninstalled Emsisoft Anti Malware. Once Emsisoft Anti Malware was not in the system, reboot and install the KB4493472, Windows 7 will work as per normal. Except booting up in Windows 7 desktop was rather slow. POST -> Windows 7 logo-> Blank screen(black, can only see the mouse cursor only, 2-3 minutes wait) ->Windows 7 desktop loads up. If EAM is not removed, and I applied the updates while EAM still installed, this will happen after you have to restart PC (when updates finish updating): POST=>Windows 7 logo=> Blue screen appears for few seconds => system reboot and the process will recycle endlessly. Press F8 to go into Safe Mode is fruitless......... POST=> Safe Mode for a few seconds => System will auto reboot Appreciated if someone can advise a solution. Thank you. Kind regards, Marcus
  19. As Amigo-A said, that is more than likely a variant of the STOP ransomware. ID Ransomware can confirm that, and can let you know if STOPDecrypter can recover your files. Here's a link to ID Ransomware: https://id-ransomware.malwarehunterteam.com/ If STOPDecrypter can't recover your files, then note that it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Also, while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  20. We'll need the ID from one of the ransom notes as well. They should have a name like _readme (or something similar to this).
  21. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be split into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  22. The screen name he uses here is Demonslay335, and he'll more than likely contact you directly if he's able to figure out your decryption key.
  23. Nothing at the moment. The creator of STOPDecrypter is hard at work trying to help people get keys to decrypt their files. We just need to give him enough time to work out solutions for everyone.
  24. We don't have an ETA on this. Hopefully it'll be soon, however it's not possible for us to know for certain yet.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up