All Activity

This stream auto-updates     

  1. Past hour
  2. I haven't had any more problems so guess I'll just leave things alone for now.
  3. Yesterday
  4. Dear Emsisoft, can you please write/make, .Maas extension ransomware decryptor/decrypted tool?! 🙏 🙏 😟 Your experience, knowledge, will and You, are our only hope. You can do it! Please help. 😞 a lot of files and data is gone, becouse of these negative stuff. Please help 🙏
  5. @GT500 how about? version 4.1.2.73 component 1.0.979 https://forums.malwarebytes.com/topic/257102-malwarebytes-41/?tab=comments#comment-1393497
  6. The offline ID for .msop is d8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 - .msop It is NOT the same as yours.
  7. Actually someone posted for .msop, same Id as I have with .rote files. There is decrypter log in attachment as you can see the ID is the same. If you want I will send posted rsa key in private message or whatever you want.
  8. I would like to add something to this topic, because I made the same observation. I have a 1 Gbit/s connection, and for some downloads it's limited to 500-700 Mbits because of huge CPU load, only when Emsisoft Web Protection is enabled. You pointed out the huge load on the MS process "System" and not necessarily on the Emsisoft processes themselves. Thats right, but I noticed this CPU load on "System" is completely gone when Emsisoft Web Protection is disabled! So it's not the Emsisoft process itself pushing the CPU, but something related to Emsisoft causing the System process to do something bad. To sum it up: My speed test reports 950 Mbits (limited by wired GBit ethernet) downstream when Emsisoft Web Protection is disabled (~40% CPU load coming from the browser process only) and only ~550 Mbits with Web Protection enabled (~90-100% CPU from browser, "System" and Emisoft Protection Service together). I noticed the same behavior from Adguard (but right now it is uninstalled because of that!), also when Emsisoft is not installed. So my conclusion so far is, that somehow it has to be related to the WFP driver. Whenever one of these (either only Emsisoft, only adguard, or both) is enabled, the "System" process in addition to the filtering application (EAM or Adguard) goes rampage on heavy data transfers, which causes a slowdown. Windows Defenders own network inspection service does not seem to be affected (I also tried that in comparison), this only gives me a few percent CPU load on the defender process. I am running Windows 10 2004 btw. Only other changes I made to the default configuration is that I have HVCI enabled. I.e. the feature which was introduced by MS to personal customers as "Memory integrity". Maybe it's related to that? Could the WFP driver cause some extensive overhead because it's not 100% compatible to HVCI, leading to this strange "System" CPU load? Also it depends a lot on the actual type of data transfer. I noticed a few speed tests which run in my browser without ANY CPU load from Emsisoft or System. While others, like the speedtest of my internet provider (Vodafone) and stuff thats not a browser (e.g., Steam, Origin, Battle net launcher) causes high CPU activity on Emsisoft and System. @pkolasa Do you have by chance HVCI or any other Hyper-V utilizing feature enabled?
  9. i know from where i got this ransome ware .................... i was trying to download something from apunkagamese.com ............ from here i downloaded 2 files, first file was ok it was install wizard which downloaded game the second link was of nearly 76 mb and had nearly same icon as early one ............ when i opened it , it just ruined my data and flooded my pc with all these viruses
  10. i know from where i got this ransome ware .................... i was trying to download something from apunkagamese.com ............ from here i downloaded 2 files, first file was ok it was install wizard which downloaded game the second link was of nearly 76 mb and had nearly same icon as early one ............ when i opened it , it just ruined my data and flooded my pc with all these viruses
  11. My files which contains very important data have been infected with Ransom virus , the extension of each file is turned into Maas extension for example original file name : text.txt turned into : text.txt.maas every folder contains an readme file showing below mentioned message ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-9fpnK9F5nP Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0239yjnkjddrtawNc1fftl99RJwOXA2zdwayeH4KXlnt1aMQpODoc _________________________________________________________ kindly check and send any solution for the recover of my files. Thanks & Regards
  12. For the 'Old Variant', you need to find and upload to this service the encrypted original copy of the file and its encrypted version. If you find an exact copy, the 'STOP Djvu Decryption' will be able to decrypt this file and all others of the same type (for example, .jpg) that are of this or smaller size. For files with a larger size, you need to find the largest file of this type, otherwise the file will not be decrypted completely. The same procedure must be performed for all other types of files - .png, .doc, .docx, .txt, .db and etc. Try it, it is not very difficult, but this is the only way to return the files to you. Here is a sample list where you can find the originals of the encrypted files (from my article): 1 ) on flash drives, external drives, CD / DVD, memory cards of the camera, phone; 2 ) in attachments of emails sent or received by you; 3 ) among the copies of shared photos of friends, relatives (in their PC) that you gave; 4 ) among the uploaded photos in the social. networks, including via smartphone and tablet; 5 ) among the uploaded photos to cloud services (Google Disk, OneDrive, Yandex Disk etc.); 6 ) among unencrypted files, copies, renamed files on your PC; 7 ) on an old PC or disk, from where you transferred photos and documents to a new PC; 8 ) you can re-upload from the Internet previously downloaded photos, pictures, etc .; 9 ) you can use sample images supplied with Windows; 10 ) use photos or pictures that you previously posted on the avatar or attached to messages on forums.
  13. Try use this page for info and decrypt https://decrypter.emsisoft.com/submit/stopdjvu/
  14. Starting... File: C:\Users\Mudasir hassan\Desktop\New folder\IMG_20161118_154704.jpg.kiratos Unable to decrypt Old Variant ID: sqYBYDAS8qnun86cKTUZ5VmJc7kHcVltSMxNhILt First 5 bytes: FFD8FFE12F Finished!
  15. please help all my data is encrypted with .maas encryption please help the DJVU decrypter is just at starting from a long time please help.....................
  16. @GT500 Sorry for a delay, but I have been abroad for a week. I have reproduced the issue and the logs have been sent as you've mentioned. Thanks for information!
  17. When another victim who also has this same offline ID pays the ransom and sends us the decrypter they receive from the criminals so that we can extract the private key from it.
  18. We already have a decrypter for the STOP/Djvu ransomware. What it needs to decrypt your files is the private key for your ID, which only the criminals have. Yes, we highly recommend making a backup of your encrypted files and keeping it in a safe place. We make an Anti-Virus called Emsisoft Anti-Malware that has good ransomware protection: https://www.emsisoft.com/en/software/antimalware/
  19. We can add private keys to our database. Newer variants of STOP/Djvu use RSA keys. Isn't that the offline ID for .zobm? We already have the private key for that offline ID. Is our decrypter not able to decrypt your files? If not, then what does it say when it fails to decrypt?
  20. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. Can you ZIP some of the encrypted files, and attach them to a reply or a private message for us to review? Also note that since this is a business request, if you need more in-depth support than I normally give on our forums or help with a ransomware we don't make a decrypter for, we do have a paid ransomware remediation service (decryption is not guaranteed, but you will get support from our best ransomware experts): https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/
  23. I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.
  24. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. Not with the STOP/Djvu ransomware. The ID is contained in the encrypted files (it gets appended to the end of each encrypted file) so there won't be any trouble figuring out which private key to use should they become available, so it's safe to reinstall Windows if you'd like to. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up