All Activity

This stream auto-updates     

  1. Yesterday
  2. If/when your decryption key is figured out, you'll be contacted privately to let you know.
  3. Not yet, but we're still working on it.
  4. Let's take a look using a different tool. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
  5. What errors (if any) are you encountering when installing? Is the issue the same on every computer? Which installer are you using? EmsisoftAntiMalwareWebSetup.exe? EmsisoftAntiMalwareSetup.exe? EmsisoftAntiMalwareSetup32.msi? EmsisoftAntiMalwareSetup64.msi? Was the installer downloaded from your my.emsisoft.com account, or from one of our static links? After a quick second look at your logs, I can see that the first and third appear to have EAM installed, however it isn't running and the last time it was it looks like it had installed a program update. Whenever you see instances of Emsisoft Anti-Malware's executables in the diag log with .old on the end of their file names, this usually means that a program update requiring a computer restart has been installed, and EAM is still waiting for the computer to be restarted. Registered Anti-Virus Products: displayName instanceGuid pathToSignedProductExe pathToSignedReportingExe productState Emsisoft Business Security {67773CDD-EA83-AD98-A2ED-386463EB3B0D} C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe.old 262144 Registered Anti-Spyware Products: displayName instanceGuid pathToSignedProductExe pathToSignedReportingExe productState Emsisoft Business Security {DC16DD39-CCB9-A216-985D-0316186C71B0} C:\Program Files\Emsisoft Anti-Malware\a2start.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe.old 262144 Windows Defender {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} %ProgramFiles%\Windows Defender\MSASCui.exe %SystemRoot%\System32\svchost.exe 397584 As for the second computer, it doesn't appear to have EAM installed at all, which would suggest that different computers are having different issues.
  6. I don't know because something weird is going on with my PC. When I try to go to Windows Defender, the image I attached appears.
  7. Other than a single Alternate Data Stream everything else looks fine. How are things running?
  8. Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offer https://sharewareonsale.com/ - daily discounts, excluding 100% https://www.freeoffice.com/ - modern office suite fully compatible with MS Office Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs.
  9. Hello, Salam @Tahir Moeen' As soon as an acceptable set of keys is dialed, Michael will release an updated version of the STOP-Decrypter. We can only pray that he will succeed. Unfortunately, the percentage of offline keys is small, most files are encrypted online using an online keys.
  10. @romario roges This request of specialists from DrWeb. It may be useful to decryption specialists. Put the "crack" file in the archive with the password "infected" and upload it to www.sendspace.com. Later give me a link for download the "crack" file and the exported from registry file to the PM.
  11. if you want, i cant send you screens of how i got this. do you want? I can show you the "Crack" I was trying to use to register the office i had downloaded by torrent.
  12. Problem von Seiten Emsisoft gelöst. Vielen Dank nochmals!
  13. thank you so much. okay, man. I understand that in the moment, this .adame doesn't have a decryption yet. I have to wait.
  14. yes, the update has been applied and still not loading Emsisoft
  15. Hello

    Pl help and reply

  16. Hello Mr Amigo-A and GT500. Can you check with STOPDecrypter about any progress.
  17. Yes. This is new variant of Scarab Ransomware There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file. https://support.drweb.com/process/?ticket=NPPH-TU22 Even if there is a sample, it is very difficult to calculate the decryption key now.
  18. Support for .zatrov extension was added to the STOP-Decrypter on August 6, 2019. OFFLINE ID: ivLdLLWxlGwaYapVamTFrmgK1ZxvQk2JUWsWzit1 Extension: .zatrov About STOP-Djvu Ransomware The versions numbers and extensions of STOP-Djvu Ransomware
  19. That is more than likely a variant of the STOP/Djvu ransomware. You may verify that using ID Ransomware if you'd like to: https://id-ransomware.malwarehunterteam.com/ While STOPDecrypter probably won't be able to recover your files yet, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter Important: STOP/Djvu now installs the Azorult trojan as well, which allows it to steal passwords. It is imperative that you change all passwords (for your computer and for online services you use) once your computer is clean. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  20. I would believe that the post by "quietman7" at the following link details the only currently known options for this ransomware: https://www.bleepingcomputer.com/forums/t/651855/scarab-mich78-ransomware-scarab-scorpio-mich78usacom-support-topic/page-42#entry4854076
  21. That should be fine as long as Malwarebytes is just running in freeware mode without protection.
  22. There are a number of ransomwares that have flaws in regards to handling either very small files or very large files. The criminals who make these ransomwares care about only one thing; getting paid. If the decrypter they send you doesn't work, then they don't care. BTW: If you look at our decrypter page, in the information below "Step 2", it says the following: You paid the ransom but the decryptor doesn’t work as expected? If you decide to pay the ransom, you should receive a decryptor from the ransomware authors. Unfortunately, these decryptors are often unable to correctly decrypt all of your files. In some cases, the decryptors are horribly slow and may take days or even weeks to decrypt your files, especially if you have large amounts of data. If you need a high-quality decryptor, we can help. Our developers work with the experts at Coveware to provide super-fast solutions for your decryption problems. Please note that Coveware offers a third-party service and is not covered by the Emsisoft Privacy Policy. Contact Coveware Incident Response Now
  23. Did you make sure KB4474419 was installed on the effected computers?
  24. Uploaded both files. Addition.txt FRST.txt
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up