All Activity

This stream auto-updates     

  1. Past hour
  2. About a week ago, Emsisoft just appeared on some of our work computers. I did not install it. I have also uninstalled it on a few of the computers but it keeps re-installing itself. To me, that is a sign of malware. Prior to this, I had never heard of this software which claims to be an anti-malware application itself. My research says the application is a legitimate piece of software, but it is sure acting like malware to me. My research also states that Emsisoft fights with other anti-virus programs. I need to know where it came from and how to get rid of it completely. It has slowed down some but not all of the computers it has appeared on making them nearly useless.
  3. Today
  4. My PC is infected with Nelasod. I use Emsisoft Descryptor and appear this message... Error: Unable to decrypt file with ID You can see
  5. This program does not need forced administrator rights. You should check your PC for malware and reset Group Policy rights if they were installed without your knowledge.
  6. [The alerts themselves are the sort described in thread: I've sent debug logs to GT500.]
  7. I've just had lots of Firefox BB alerts just after Firefox updated to v70. The odd thing about this is that FF seemed to be working ok. I have a feeling that it was trying to download a fresh version, not of FF itself, but one of the supplied addons. I'm about to PM a link to debug logs, to @GT500
  8. Win 8.1 64bit, EAM 2019.9.0.9753 I've just updated Firefox to V70 and am getting BB alerts, don't know why yet. Wondering if the alert panel might tell me something useful I clicked on its View Details arrow, which was not helpful. I don't know whether there's no info to be shown (in which case, why was 'View Details' offered?), or what. See screenshots of (a) the pane offering 'View Details' - EAM BB - ViewDetails 1.jpg?dl=0 and (b) what clicking that then displayed EAM BB - ViewDetails 2.jpg?dl=0
  9. I'm not generally told when new keys are found and added to such a database, however I don't expect that our malware analysts would have had a chance to add many new keys. Some Anti-Virus software may terminate it, or cause it to fail to execute.
  10. Yesterday
  11. Confirmed. It was first seen on ID Ransomware on October 21st. Since it's new, it will be using a secure form of RSA encryption, so the decrypter will be useless.
  12. I think that's a new variant, which won't be possible to decrypt. I'll ask for confirmation.
  13. We may not have the offline key for the .bufas variant. In that case, you'll need to follow the instructions in the BleepingComputer article for submitting proper file pairs so that the decryption service can figure out how to decrypt your files.
  14. I've forwarded your download link to the analyst who made the decrypter, and I'll let you know once he's had a chance to take a look at them.
  15. Ok, but have there been keys added since May for the MegaLocker tool? *EDIT* Just tried to to run "decrypt_MegaLocker.exe" as admin but it wont start...? Im on Win 10 PRO 64Bit . Version 1809 OS-Version 17763.805 Any ideas ?
  16. I got all my files encrypted with ransomeware. Your system says its STOP Dyju, but its failing to decrypt. The files end in .WERD
  17. dear @GT500 the results still can't be encripted
  18. Last week
  19. The decryption tool needs a connection to the Internet in order to function. That being said, the only way the decrypter will work for the .leto variant is if the ransomware was not able to connect to its command and control server when it encrypted your files. If this is the case, then we can tell from the ID in the ransom notes (it will usually end with "t1" if it's an offline ID). Traducción proporcionada por Google: La herramienta de descifrado necesita una conexión a Internet para funcionar. Dicho esto, la única forma en que el descifrador funcionará para la variante .leto es si el ransomware no pudo conectarse a su servidor de comando y control cuando cifró sus archivos. Si este es el caso, entonces podemos deducir de la ID en las notas de rescate (generalmente terminará con "t1" si es una ID fuera de línea).
  20. Without being able to supply file pairs (an encrypted file, and an unencrypted original copy of the same file) it will more than likely be impossible to decrypt your files.
  21. The .bora variant of STOP/Djvu is one of the newer variants that uses RSA encryption. The decrypter only supports offline ID's for newer variants of STOP/Djvu (offline means it wasn't able to connect to its command and control servers), however your ID is an online ID (meaning the ransomware was able to connect to its command and control servers and generate a unique encryption key for your files) so the decrypter will not be able to decrypt your files.
  22. If you have a file pair that's too big, you can ZIP the files and share them with us via a file sharing service (Mega, MediaFire, Zippyshare, etc). Send the download link in a private message, and feel free to use a password when zipping the files, or if the file sharing service allows it then when uploading the file (Mega should allow encrypting files with a password, however I'm not certain if that feature is available for free). If you don't already have an archive manager, then you can use 7-Zip or WinRAR. Once installed, you can right-click on a file and there will be options to compress files with them. We can open any archive format that these tools can create (ZIP, 7z, RAR, etc).
  23. I've forwarded your message and your link for debug logs to QA.
  24. .werd - this is new variant of STOP Ransomware At the moment, the new decryptor does not support new variants for which keys and decryption methods are not found. Perhaps this will change soon.
  25. Hello It will be better if you be use the Google translator to translate into English.
  1. Load more activity
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up