All Activity

This stream auto-updates     

  1. Today
  2. @broniusr I've fixed that now. Please try re-downloading for v1.0.0.1.
  3. also, some files were written to french in microsoft
  4. I received ransomware requiring me to write [email protected] with in 24 hours using he code 720AF1D2-2289 after 24 hours i was to email to [email protected] i was to send 5 files for free decryption, which i did not do. i was advised on how to buy bitcoins at https://localbitcoins.com/buy_bitcoins and for beginners the provided me with this webside http://www.coindesk.com/information/how-can-i-buy-bitcoins/ which i did not do the virus infected my back-up and my server. the files were converted to banjo. files written in javascript i believe my computer was taken off the network and a new ip address was given, at the moment it is off the network so iam unable to use it, to send any files to you. i have the computer in safe mode now. can you please help me
  5. Hello This variant .nacro has not yet been added to the STOP Decrypter. Attach your file _readme.txt to message to see how the type of ID is.
  6. A few minutes ago I received the following email pretending to be from Emsisoft: Title: Invoice(s) due Email address used to send from in my case is: Emsisoft <[email protected]>; (Emsisoft via thealtar.info) Header info: Received: from CY4PR10MB1989.namprd10.prod.outlook.com (2a01:111:e400:7a4d::51) by BN6PR10MB1986.namprd10.prod.outlook.com with HTTPS via BN3PR03CA0091.NAMPRD03.PROD.OUTLOOK.COM; Mon, 19 Aug 2019 09:39:22 +0000 Received: from MWHPR10CA0050.namprd10.prod.outlook.com (2603:10b6:300:2c::12) by CY4PR10MB1989.namprd10.prod.outlook.com (2603:10b6:903:11a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.18; Mon, 19 Aug 2019 09:39:21 +0000 Received: from SN1NAM01FT044.eop-nam01.prod.protection.outlook.com (2a01:111:f400:7e40::200) by MWHPR10CA0050.outlook.office365.com (2603:10b6:300:2c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:39:21 +0000 Authentication-Results: spf=none (sender IP is 173.201.192.186) smtp.mailfrom=thealtar.info; rslcomputers.com; dkim=none (message not signed) header.d=none;rslcomputers.com; dmarc=fail action=quarantine header.from=emsisoft.com;compauth=fail reason=000 Received-SPF: None (protection.outlook.com: thealtar.info does not designate permitted sender hosts) Received: from p3plwbeout14-03.prod.phx3.secureserver.net (173.201.192.186) by SN1NAM01FT044.mail.protection.outlook.com (10.152.65.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:39:20 +0000 Received: from p3plgemwbe14-06.prod.phx3.secureserver.net ([173.201.192.155]) by :WBEOUT: with SMTP id ze7lhNK5aCOgBze7lhwknU; Mon, 19 Aug 2019 02:38:49 -0700 X-SID: ze7lhNK5aCOgB Received: (qmail 27063 invoked by uid 99); 19 Aug 2019 09:38:49 -0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8" X-Originating-IP: 185.232.22.204 User-Agent: Workspace Webmail 6.9.59 Message-Id: <[email protected]mail14.godaddy.com> From: "Emsisoft" <[email protected]> X-Sender: [email protected] Reply-To: "Emsisoft" <[email protected]> To: Subject: Invoice(s) Due Date: Mon, 19 Aug 2019 02:38:45 -0700 Mime-Version: 1.0 X-CMAE-Envelope: MS4wfNBVZhrgbzXKdfKr1g3R1v01SOMJCYE71uYLEPOCW6VDE41cWKCv7iHHNTdC6CSMpKrRBN9gzyc6R+x1ZE9gEE58qyHEvRbUeO3sWK/Ri6lGI+ly5Vu5 2vf/q1wNG30vIoGlPuQpfq/tBA6juYsp/5fyBnkXgt9EfEXcSAhUtSyb2dhk8XxuyKhq0EaMYn1kljHRTU14NKeJP5MjPspAqxw= Return-Path: [email protected] X-MS-Exchange-Organization-ExpirationStartTime: 19 Aug 2019 09:39:20.6845 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: dff0cfe4-0774-41ed-a299-d72b333064a1:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Matching-Connectors: 132106811607365733;();(30aae98b-e46d-47eb-c8af-08d3b25b0f82,ff47d72d-0fa9-4508-46b6-08d429cf5cf9,4aa9d499-1c82-4814-693f-08d51fe40331) X-Forefront-Antispam-Report: CIP:173.201.192.186;IPV:NLI;CTRY:US;EFV:NLI;SFV:SPM;SFS:(10001);DIR:INB;SFP:;SCL:5;SRVR:CY4PR10MB1989;H:p3plwbeout14-03.prod.phx3.secureserver.net;FPR:;SPF:None;LANG:en;CAT:SPM; X-MS-Exchange-Organization-AuthSource: SN1NAM01FT044.eop-nam01.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(5600148)(711020)(4605104)(4710121)(4712094)(1403117)(71702078)(7193020);SRVR:CY4PR10MB1989; X-MS-TrafficTypeDiagnostic: CY4PR10MB1989: X-MS-Exchange-PUrlCount: 1 X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-Organization-SCL: 5 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2019 09:39:20.5254 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 76c22b4c-30f7-46be-477e-08d724891cb3 X-MS-Exchange-CrossTenant-Id: dff0cfe4-0774-41ed-a299-d72b333064a1 X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR10MB1989 X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.8374783 X-MS-Exchange-Processed-By-BccFoldering: 15.20.2178.000 X-Microsoft-Antispam-Mailbox-Delivery: dwl:1;ucf:0;jmr:0;ex:0;auth:0;dest:I;ENG:(20160513016)(750119)(520011016)(520008050)(702028)(944506383)(944626516); X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?zxTIkmxboA8V3HWwi2SWFCPnZs4f45S1m/nHTLKnr4HKWtXjcqLKzGpHYrQ1?= =?us-ascii?Q?Fp8H5p7fUFZBfDvqnygf5XZoWluTqwKJqHLQLR/+MQXILfUnAQdTrkoVUNuS?= =?us-ascii?Q?HEUsBMrSz8tS3yAGVGgje8/7AM140W24Tqlzc++N/6OGsfiYpjkuyrZgwDsr?= =?us-ascii?Q?splE9rOc88b1ccUQGqKieYy/udeq/Pmd6YpqRnXPW2sLYNJ2UeTYNCUtsYYi?= =?us-ascii?Q?Fc3dsbZUTr6oCRDZrMmPPyZEkZpNuxq0wua0XNRvDamdyOWjgbB8J0II2tY2?= =?us-ascii?Q?2y/WtZ8yoN/XwcqKDl33xjPDIGTBq8t2Y7RtwdcmxMVgvswB7AwQFrN+IIY/?= =?us-ascii?Q?TWiBmw5qJYb0vIxUfTFI+f9ON/8fRSiIrlvvURhLKkwiY12Izm2SC0b3EuSP?= =?us-ascii?Q?7dQDLhf78CyJO42XKDrtYpd40bLe+GC9Li4yuEeBy8bgru5W5YFxf+diJnpK?= =?us-ascii?Q?l/aRWFCpjfrmcldpUcQZW1/O1Py+5HeQ5YyQ1U3wTjY92br4PEgV2gra4EyB?= =?us-ascii?Q?5UTXbAf2vRwcweFkGuL89QwDG928QQeH94EO8GLOSjZW7mbPMzVHbLjLM8iV?= =?us-ascii?Q?ZOKIL/iyLUQnNGrXnFsBOvVmUFq+ZTSksEWBpaayeQrax/qOHljRBm5bQQuc?= =?us-ascii?Q?5dmgS5Z545wFUA95NEkiUN8TY9OeFdoeVQ28hhUghHCFeTnesL4mlhQw3HI8?= =?us-ascii?Q?axTIa7EblveXKYroxaeat/X+CTIw3jSneJhpyyko4pSDBiMiY9Q9kSqkA3We?= =?us-ascii?Q?e3ai+8n0PxjZEb2KPL9Knj6zyOjam+zns388wov0zWqkH5zhK0+h9gqVh6hA?= =?us-ascii?Q?t5UHRe0HZGwx/jowtsGey+/EKv5Ga+eesQjUCsffLtIsYtX2J4e76F3cOzy1?= =?us-ascii?Q?Z1R4vZwHqPqe5fL5r5UnIYu51RpOmcr0DvlKvgfQ8bIbUpRQKbJ9sgIsgwPc?= =?us-ascii?Q?HZMsJjj7NEfes5AgNd3Eu3unEsNZp7cJyK7Pl0Sg+cVqV7pW5d+9fcH0LHuL?= =?us-ascii?Q?ikxyu4Gkb9tWeydxi7u8nuLTsfCqjVpQ1yO+PuXpNxHF8YfvmRVbWBVVc849?= =?us-ascii?Q?dJp4b6/3/I+1xj319lehdBYAl2eN7a7Or5Anj3RWKVGwhy7YU4yeGL6rakBA?= =?us-ascii?Q?V++x0Ejjqwvm+2F1LTlP7whfLWkMySMQoLx2srdtT2fSsJzlrVTt4aHv9yvZ?= =?us-ascii?Q?aY/jfIdBmRBH+YtaTf/OslPVPQCQvtBgnnTou+u+jSTxXt3EcIDELEC1UZa7?= =?us-ascii?Q?bXSIz2JWe1frgmWUO0v5mYgX4vUYEC7IcEWh97ef6VUG6NsITAubTWyaVIDu?= =?us-ascii?Q?E4Q4Y++2D+mAmG3kfRwgJQKEdKJHeyd880RxkKfPgjq5exDs4dnnplvMAc9H?= =?us-ascii?Q?FtxVXPZfyU3AHn9v7UmLdvKpgh7Hqt3GSohCe1gEDDGPAS9BiQ4YVtnLI4dc?= =?us-ascii?Q?ROAZVYlsHGDCNT1LWmC7i87zWkVEqllLDwzwZwTQlIME8klgfrKUOWs26Bx1?= =?us-ascii?Q?xZ9tlkl0o713MvU=3D?= Here is the email message I received Hello Mr/Mrs, acknowledge this message is for our record purposes. Kindly re-confirm to us with the status of our Due invoices, as we currently have to give you a new updated Bank information. I will like to draw your attention to the fact that due to high taxes imposed by the government, we no longer receive payments in our local account. Hence the reason for our earliest mail to you. Subsequently to your acknowledgement of this mail, please let me know when you will be making payment to enable me send you our updated account information. We apologies for any inconvenience this may bring to you. Your immediate response will be highly appreciated, and if you do have any Question, do let us know. Regards, Mrs Joy Accounting Team
  7. please help me guys, my dad need his data soon.
  8. Hi guys, my files infected by ransomware with extension .nacro file named STOP DJVU. Pls. help me I can't access my files.it's been 4 days now I have been trying one decryptor tool to.another but all never worked. . Need help...
  9. Yesterday
  10. Last week
  11. Hello, please support [*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas ) [*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C Is there a solution to this problem? Even after a while!!!!!! Do I wait and leave the encrypted files as they are? _readme.txt Model(1).png.mtogas
  12. No, I didn't checked the Cloud Console. Having everything local is an important factor for my clients and myself. With the new pricing scheme, EMSI business licences are in the pricerange of Endsecurity solutions. So I would expect to see EMSI moving the Client into that direction too. The "competition" is coming from Windows 10 too. I see people asking to ditch third party antimaleware at all. I'm currently opposing that, but once Win7 is EOL it will become harder to convince customers to see the benefits of EMSI in comparison to EndSecurity solutions (bundled with SPAM filter etc) or the plain Win10 defender tools. But back to the main topic of Enterprise Console: Currently the Enterprise Console seems to not offer all settings of the EMSI client (e.g. Appearance: Dark / Bright is not found in the policy/settings)?
  13. One of our servers had a SAMBA share left open for reasons we are unclear of. Currently the VMs running on the machine are fine (seems to be in memory) but if they reboot the .vdi files are unusable. We do have backups but this would ofcourse result in alot of work reinstalling these servers. I have tried the decrypt tool on some offline .vdi files but it will not work. What happened to your files ? All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus. What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files. Your unique id: 6C95029F8EFD463899B724524B86F659 This is the ID on our files.
  14. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  15. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  16. While most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.
  17. I've confirmed the behavior you've reported, and forwarded the info to QA along with debug logs.
  18.  

    Hello, please support

    [*] ID: s9KkuHGOgdCYV8Rim63CFMrxZFXlO0mp7S0wmKbd (.mtogas )

    [*] MACs: 64:80:99:7D:56:9D, 64:80:99:7D:56:9C, F0:1F:AF:66:3B:0C

    Is there a solution to this problem? Even after a while!!!!!!

    Do I wait and leave the encrypted files as they are?

    _readme.txt

    50793901_1454499264684933_1188840440657346560_n.jpg.mtogas

  19. I didn't have any trouble executing EmsisoftAntiMalwareSetup.exe on Win 10 1903 (x64) from the command prompt with the parameters you used. It installed without any trouble. The two most obvious possibilities right now are either the installer can't write to the TEMP folder, or it isn't executing with administrator rights.
  20. We digitally sign our software using SHA-256 certificates (it is no longer possible to obtain SHA-1 certificates), and Windows 7 didn't originally have support for the SHA-2 family of hashing algorithms (which includes SHA-256). You need to make sure that Windows is up to date. Please see the following link for more information about updates that include SHA-2 support: https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update
  21. Hi Tim, We've made the Syncro developers aware that their software is not fully compatible with our platform and are waiting for a fix on their end. Thanks
  22. Thank you, I've already reported to support. I've tested this on Windows 10 Pro 64 bits, version 1903. How to reproduce: - Run EEK (accept the licence, there's no need to update the definitions); - Close EEK; - Try to delete C:\EEK, even after a restart. In my computer, and also inside a VM running Windows 10, it was not possible to delete the epp.sys. Tried to disable Windows Defender and to disable fast start-up. The result was the same. What makes me think that this may be a more general problem, is the fact that I'm having the same results inside a VM running a clean and updated image of Windows 10 (version 1903). Hopefully it's only on my computer.
  23. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  24. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You have already attached the note _readme.txt to the message and you can proceed further by yourself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  25. This is the result of the STOP Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. You need to attach a ransom note _readme.txt to the message, or farther act by himself. @Demonslay335 (the developer of the STOPDecrypter) collects information from the victims, writes data and tries to update the STOP Decrypter. After that, victims can try to decrypt the files. A positive result and a lucky chance are not always possible. You can try to decrypt files with STOPDecrypter. Download STOP Decrypter now >>> I recommend to you start decrypt with a small group of files, but first you need to make copies of these files. If STOPDecrypter won't be able to recover your files, it can still be used to get information that may be able to help the creator of STOPDecrypter figure out your decryption key. Here's a link to instructions on how to get this information with STOPDecrypter and paste to a new message: https://kb.gt500.org/stopdecrypter
  1. Load more activity
  • Who's Online   0 Members, 1 Anonymous, 77 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up