Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 12/25/20 in all areas

  1. Hello, The posts you found are more than 5 years old. In terms of security software that means the information there is severely outdated. In the past years considerable changes have been made to our products and currently Emsisoft Anti-Malware protects against fileless malware. Fileless malware detection has nothing to do with the reputation settings you asked about; our behavior blocker routines were adapted to adequately detect and block fileless malware a few years ago.
    2 points
  2. I don't think STOP/Djvu will usually double-encrypt files, however it's still technically possible because the ransomware is known to be buggy and sometimes it just does weird and unexplainable things. It's best to get it off of the system and then avoid any pirated software, movies, music, etc. after that to help prevent it from happening again.
    1 point
  3. There is no issue with decrypting the file. It's probably something preventing the decrypter from accessing the file, and since we removed all I/O errors from the output (people didn't understand what they meant) the decrypter just isn't displaying an error that it is unable to access the file. Try adding the decrypter to the exclusions in your Anti-Virus software.
    1 point
  4. I'll ask the developer who wrote the decrypter if he can find anything wrong with the file.
    1 point
  5. That usually means the decrypter was able to decrypt the file. Was there any other output?
    1 point
  6. fyi: we are processing this issue in a support ticket.
    1 point
  7. Well, your ID for STOP/Djvu (.coos) is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ As for files with .ROGER added to their names, those were encrypted by Dharma, and there's no way to decrypt them without paying the ransom.
    1 point
  8. Can you copy the output from the decrypter and paste it into a reply?
    1 point
  9. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  10. https://blog.emsisoft.com/en/32034/how-to-remove-fileless-malware/
    1 point
  11. I doubt anyone has looked into it for at least a couple of years at this point. We know the kind of encryption it uses, and we know it isn't normally breakable.
    1 point
  12. This may be FonixCrypter, however I still recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can be certain which ransomware it is: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
    1 point
  13. Hello, No, Emsisoft Anti-Malware should be enough. It will detect keylogging attempts through it's behavior blocker. To be safe, especially against phishing attempts online it is recommended to also install the free Emsisoft Browser Security extension.
    1 point
  14. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  15. Hello! I want to say that I have Windows Core Isolation enabled on two computers for over a year. At the same time, there are no problems with the work of EAM.
    1 point
  16. People have been saying that for decades, and they've always been wrong. It was almost certainly analyzed by someone on our team. I don't think we supplement with Netcraft's database on VirusTotal, or for our Surf Protection in EAM. As for the main issue, we've noticed that some Anti-Virus software companies do have a bad habit of making mistakes with reports. It's possible that the larger companies, since they handle a larger volume of reports, hire less experienced people to handle those reports rather than having the more experienced analysts handle them. We
    1 point
  17. I'd say turning it either on or off is optional, however Microsoft does seem to think that computers would be more secure with this option turned on.
    1 point
  18. It's been a long time, however I think there's a possibility of the core isolation feature causing crashes in Emsisoft Anti-Malware. I know it used to cause BSoD's, however from what I am seeing that appears to have been fixed at some point, and about a year ago QA confirmed EAM could run with the option enabled.
    1 point
  19. For your own safety and security, never ask for files from people you don't know. In this case, you would have merely reinfected your computers, and run the risk of making your problems even worse. Stick with solutions from the experts, and if someone promises a "solution" then give us a chance to verify it first. Our goal is to try to thwart these criminals and keep everyone safe, and if there's anything we believe has a reasonable chance of helping you then we'll let you know.
    1 point
  20. @SalasKafa Try running the decryptor again; we may have just received a key for that ID recently. 😉
    1 point
  21. Note: It is recommended to make a backup of all important files before using the decrypter. Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <
    1 point
  22. I'm a newbie on this forum (in fact, I joined today) and besides 3rd. party anti-malware with real time protection, I'm curious what members are using for additional protection. I'll list my current protection, please feel free to comment if you feel I should add something or feel that something is not necessary. Windows Defender (Windows 10 version) MVPS Host File NordVPN SpywareBlaster WinPatrol Free CyberSight RansomStopper Malwarebytes Anti-Malware Free (for periodic manual scans) SuperAntiSpyware Free (for periodic manual scans) Browser
    1 point
  23. Hi, My files got encrypted a couple minutes/hours ago and I cannot decrypt them with the decrypter. Based on my files and information the ransomware is "STOP (Djvu)". Is there anyway I can still decrypt these files? The files end with .coos Indy
    0 points
  24. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    0 points
  25. Here a random file and the readme.txt Is there a way decryption will become available? If not, is there a tool that can help me find all the files that have not been affected? _readme.txt icon.png.coos
    0 points
  26. That won't help. Newer variants use RSA encryption, which isn't vulnerable to most forms of attacks. It would take even a supercomputer thousands of years to brute force the private key for decryption.
    0 points
  27. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    0 points
  28. Over the past month, our developers kept working on detail improvements in reporting and logging to make them more powerful and time-efficient to use. The post New in 2021.1: Improved reports and device logs appeared first on Emsisoft | Security Blog. View the full article
    0 points
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...