All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. try to do as it is written here
  4. This program does not need forced administrator rights. You should check your PC for malware and reset Group Policy rights if they were installed without your knowledge.
  5. [The alerts themselves are the sort described in thread: https://support.emsisoft.com/topic/31039-firefox-blocked-by-emsisoft-behavior-blocker/ I've sent debug logs to GT500.]
  6. I've just had lots of Firefox BB alerts just after Firefox updated to v70. The odd thing about this is that FF seemed to be working ok. I have a feeling that it was trying to download a fresh version, not of FF itself, but one of the supplied addons. I'm about to PM a link to debug logs, to @GT500
  7. Win 8.1 64bit, EAM 2019.9.0.9753 I've just updated Firefox to V70 and am getting BB alerts, don't know why yet. Wondering if the alert panel might tell me something useful I clicked on its View Details arrow, which was not helpful. I don't know whether there's no info to be shown (in which case, why was 'View Details' offered?), or what. See screenshots of (a) the pane offering 'View Details' - https://www.dropbox.com/s/p2uihzscpt3bfzr/20191023 EAM BB - ViewDetails 1.jpg?dl=0 and (b) what clicking that then displayed https://www.dropbox.com/s/r6cufh03hhuyup6/20191023 EAM BB - ViewDetails 2.jpg?dl=0
  8. I'm not generally told when new keys are found and added to such a database, however I don't expect that our malware analysts would have had a chance to add many new keys. Some Anti-Virus software may terminate it, or cause it to fail to execute.
  9. Yesterday
  10. Confirmed. It was first seen on ID Ransomware on October 21st. Since it's new, it will be using a secure form of RSA encryption, so the decrypter will be useless.
  11. I think that's a new variant, which won't be possible to decrypt. I'll ask for confirmation.
  12. We may not have the offline key for the .bufas variant. In that case, you'll need to follow the instructions in the BleepingComputer article for submitting proper file pairs so that the decryption service can figure out how to decrypt your files. https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
  13. I've forwarded your download link to the analyst who made the decrypter, and I'll let you know once he's had a chance to take a look at them.
  14. Ok, but have there been keys added since May for the MegaLocker tool? *EDIT* Just tried to to run "decrypt_MegaLocker.exe" as admin but it wont start...? Im on Win 10 PRO 64Bit . Version 1809 OS-Version 17763.805 Any ideas ?
  15. I got all my files encrypted with ransomeware. Your system says its STOP Dyju, but its failing to decrypt. The files end in .WERD
  16. dear @GT500 the results still can't be encripted
  17. Last week
  18. The decryption tool needs a connection to the Internet in order to function. That being said, the only way the decrypter will work for the .leto variant is if the ransomware was not able to connect to its command and control server when it encrypted your files. If this is the case, then we can tell from the ID in the ransom notes (it will usually end with "t1" if it's an offline ID). Traducción proporcionada por Google: La herramienta de descifrado necesita una conexión a Internet para funcionar. Dicho esto, la única forma en que el descifrador funcionará para la variante .leto es si el ransomware no pudo conectarse a su servidor de comando y control cuando cifró sus archivos. Si este es el caso, entonces podemos deducir de la ID en las notas de rescate (generalmente terminará con "t1" si es una ID fuera de línea).
  19. Without being able to supply file pairs (an encrypted file, and an unencrypted original copy of the same file) it will more than likely be impossible to decrypt your files.
  20. The .bora variant of STOP/Djvu is one of the newer variants that uses RSA encryption. The decrypter only supports offline ID's for newer variants of STOP/Djvu (offline means it wasn't able to connect to its command and control servers), however your ID is an online ID (meaning the ransomware was able to connect to its command and control servers and generate a unique encryption key for your files) so the decrypter will not be able to decrypt your files.
  21. If you have a file pair that's too big, you can ZIP the files and share them with us via a file sharing service (Mega, MediaFire, Zippyshare, etc). Send the download link in a private message, and feel free to use a password when zipping the files, or if the file sharing service allows it then when uploading the file (Mega should allow encrypting files with a password, however I'm not certain if that feature is available for free). If you don't already have an archive manager, then you can use 7-Zip or WinRAR. Once installed, you can right-click on a file and there will be options to compress files with them. We can open any archive format that these tools can create (ZIP, 7z, RAR, etc).
  22. I've forwarded your message and your link for debug logs to QA.
  23. .werd - this is new variant of STOP Ransomware At the moment, the new decryptor does not support new variants for which keys and decryption methods are not found. Perhaps this will change soon.
  24. Hello It will be better if you be use the Google translator to translate into English. https://translate.google.com/
  25. Sama ka minuga Minu failid on krüptitud laiendiga .werd. sorry, my mistake Same with me. My files are encrypted with the .werd extension. hiiu kaubamaja.jpg.werd _readme.txt
  26. Hola saludos escribo desde venezuela tengo todos mis archivos secuestrados con extension .leto he visto su pagina descargue su aplicación gratuita https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu aplique la herramienta desconectado y conectado de internet y no funciono necesito saber si puedo enviarle una muestra de mi error para evaluar si es posible recuperar mis archivos saludos quedo atento tulio varela File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\Installation Instruction\Waveguide\Hoisting Grips for Heliax Coaxial, Hybrid FiberFeed and Elliptical Waveguide.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\Installation Instruction\Waveguide\Securing Coaxial Cable in a Monopole.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\Installation Instruction\Waveguide\Wall-Roof Feed-through Plates for Waveguides and Cables.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\Multiviewer\Prismon-manual.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\NTP Server\ltos6-cli.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\NTP Server\ltos_6-20.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\NTP Server\M600_GPS_TECHREF-E-101014.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com' File: C:\IDD CABECERA\ANEXOS\ANEXO 2- Manuales de Equipos\NTP Server\quick-start_lanv6.pdf.leto Error: No se puede resolver el nombre remoto: 'decrypter.emsisoft.com'
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up