All Activity

This stream auto-updates     

  1. Today
  2. Your support topic in Help, my files have been encrypted has been replied to. This support topic is closed. Reason duplicate.
  3. Yesterday
  4. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  5. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  6. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  7. FYI: While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  8. Yes, that was expected. First we need your ID and MAC addresses from the infected computer, and they there's a possibility that the creator of STOPDecrypter may be able to figure out your decryption key. Or you could get lucky and have an offline ID, so that when support for the variant of STOP/Djvu that encrypted your files is added to STOPDecrypter it will be able to decrypt them on its own. Attach a copy of the ransom note to a reply and I'll let you know if it looks like an offline ID. You can also follow the instructions at the link below for getting your ID and MAC addresses with STOPDecrypter, which may help in figuring out your decryption key if you don't have an offline ID: https://kb.gt500.org/stopdecrypter
  9. This is a variant of the STOP ransomware. STOPDecrypter more than likely won't be able to recover your files, however it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter: https://kb.gt500.org/stopdecrypter
  10. @Surya dinata when you look at your logs in EEK, there's an Export button in the lower-left that will allow you to save a copy of the log. Could you please save it somewhere easy to find, and then attach it to a reply for me?
  11. Let's get some logs from FRST and see if they show any signs of the ransomware (Demonslay335 still needs a copy of this variant of STOP/Djvu). You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  12. That looks like an offline ID. If that's the case, then once the creator of STOPDecrypter gets his hands on a copy of this variant of STOP/Djvu, he'll be able to key the decryption key for it.
  13. You appear to also have Check Point SandBlast Agent installed, however the uninstall entry is hidden. Was this software supposed to have been removed at some point? At first glance I can't see anything else that might suggest a cause for this issue. It's possible that with the April Windows Update there's a problem between Check Point SandBlast Agent and Emsisoft Anti-Malware, however the only way to establish that is to uninstall Check Point's software and try the Windows Update again.
  14. i have same problem my files encrypted with fordan how can i know is key offline or online?
  15. I have the same problem, i tryed to use STOPDecrypter but he not decrypt everything, my virus it's .Ferosas, someone can help me?
  16. no object in quarantine (quarantine tap is empty)
  17. Hello there, GT500, thanks for replying. Ok FRST program has finished running. Here are the 2 files attached. Addition.txt FRST.txt
  18. Surya dinata You have shown the "Logs" tab. Are there objects in the "Quarantine" tab? In this case, your need export the TrojanGenericKD.31967470 file for expert analysis.
  19. Only candidate in this list - TrojanGenericKD.31967470 in CupVAUuPRKt.dll In my list him is not. But my list is also not complete, it is only what I was able to collect.
  20. Hallo Olynt, ich bitte um Verzeihung für die späte Rückmeldung. Eine private Nachricht mit einem Link habe ich gerade versendet. Ich wünsche noch einen schönen Tag!
  21. Thanks for your feedback stapp.
  22. Just for info, released build of Win 10 1903 upgraded with EAM installed and running without any issues at all.
  23. Dear Anky In principle, this can be done if you save all the files and notes on the redemption where they are. Sometimes files can be encrypted in several steps. Some are encrypted with one key, others with another, it depends on how your PC worked at the time of encryption - was turned on, then off, connected to the Internet or not. For Demonslay335 may need to search for files, if there are no other samples of the malicious file, that was active on your system. Wait for Demonslay335 answer and make the final decision.
  24. Dear sunny parmar Above, GT500 wrote you what need to do according to his instructions. This can help to developer of STOPDecrypter, and you, of course.
  25. Dear sunny parmar The solution is possible, but not immediately. You can view other topics to familiarize yourself with the process. First, the Ransomware is created, then it is distributed through the sites, then the user downloads something, starts it.., then malware infects the PC and encrypts the files. After that, the user discovers that the files are encrypted. Then he turns for help ... How to help him if the files are his PC and encryption occur on his side? Specialists are ready to help, but they need to examine the encrypted files and get the keys for decrypt in order to make decryption possible and more simple. This is a more complicated process than to smear an injured finger with antiseptic, iodine and cure it.
  26. if i move my encrypted data to new hard drive and formate my whole laptop and instal new window in it then also i can decrrypt my data
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up