Leaderboard


Popular Content

Showing content with the highest reputation since 12/21/19 in all areas

  1. 1 point
    It's possible that the Windows Security Center doesn't delete those registry entries. I know there are some entries created by Windows that don't get deleted when you uninstall software, however I don't have a list of all of them, so someone from Microsoft might have to explain the functionality there.
  2. 1 point
    It's not necessary to reinstall Windows, as most Anti-Virus software will remove the STOP/Djvu ransomware, including our free (for home/non-commercial use) Emsisoft Emergency Kit. Granted you can reinstall if you'd like to. I recommend making a backup of your encrypted files first, so that you can keep them somewhere safe in case they can be decrypted at some point in the future.
  3. 1 point
    It's not possible to know for certain what caused it without a memory dump. It may be safe to assume that the issue more than likely originated in another driver, which caused a fault in tcpip.sys and thus a BSoD, however there's no way to say for certain. I would believe the assumption that Anti-Virus causes such BSoD's is based on the fact that most of them use some sort of network filter driver, however Anti-Virus is not the only software that loads drivers related to networking, and it could be an issue with any such software. Keep in mind that tcpip.sys is a vital part of the Windows Operating System, and has been for a long time. If a build of Emsisoft Anti-Malware had such a serious compatibility issue, it would never pass through QA.
  4. 1 point
    End of support for Windows 7 should have no effect on whether or not your files can be decrypted. You could make a backup of your encrypted files and upgrade to a Windows 10 computer, and if a method for decrypting your files were to be released then it should still work.
  5. 1 point
    These suggestions are also my opinion, please change it, perhaps with an animation like Kaspersky does (For Emsisoft an animated "Blue E")
  6. 1 point
    It depends completely on how this script is executed; in a "normal" malware scenario it will be dropped or downloaded, which will lead it to be blocked.
  7. 1 point
    @Jana519 We have published version 1.0.0.2 of the STOPdjvu decrypter that resolves the issue of it not running. You can download the new decrypter from https://www.emsisoft.com/ransomware-decryption-tools/download/stop-djvu
  8. 1 point
    Unfortunately I can't access that topic. I have checked the files and I suspect the issue is with the powershell script (mal.ps1). A script like that one is usually the result of being dropped by other malware or ending up on the system using exploit code, which will be blocked. To simulate that correctly in a test you would need to find out what malware dropped this script and run that instead.
  9. 1 point
    Probier doch mal noch mals zu deinstallieren, Neustart, und dann mit dem Tool "Emsiclean" alle Reste von EAM vollständig zu entfernen. Nach neustart EAM erneut installieren. Möglicherweise bringt das was. Das Emsiclean -Tool findest du auf der Emsi-Seite. Die Adresse habe ich im Moment nicht, schaue aber gern noch mal nach und poste sie hier.
  10. 1 point
    .access is an older variant, so you should be able to use our decrypter to recover your files. If you have an online ID (which is most likely) then you'll need to submit file pairs via our online form. All of the information you need should be in the topic that Amigo-A linked to.
  11. 1 point
    Botnets and exploits are detectable by the Behavior Blocker. Network protection, assuming you mean threats originating from outside the PC, are handled by Windows Firewall and EAM keeps unknown applications from modifying Windows Firewall settings.
  12. 1 point
    EAM, HMPA and Heimdal is overkill, plus I believe HMPA is still a bit buggy. If I were to use something alongside EAM it would be OSArmour or Malwarebytes Anti-exploit.
  13. 1 point
    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. 1 point
    OK. If anything changes, then let us know.
  15. 1 point
    Tesorion do not abandon the decryption they started. They move on. https://www.tesorion.nl/nemty-2-2-and-2-3-analysis-of-their-cryptography-and-a-decryptor-for-some-file-types/ I hope that they will process version 2.4 soon too.
  16. 1 point
    This month's update gets you a series of little changes that make Emsisoft products and services more convenient to use and more secure. The post New in 2020.1: Improved usability & Google Authenticator support appeared first on Emsisoft | Security Blog. View the full article
  17. 1 point
    Hallo, Gleichfalls, danke. Claude
  18. 1 point
    I know it's not quite the same thing, but there is an "Add file" button in the quarantine that you can use to delete pretty much any file (files that are in use may require a reboot). Anyway, I'll go ahead and pass on your suggestions.
  19. 1 point
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. 1 point
    These are both newer variants of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. 1 point
    Yeah, anyone who doesn't keep a low profile while doing stuff like that tends to draw unwanted attention to themselves. Sadly that does kind of make collaboration more difficult, and forces malware analysts to stick to private communication with others they already know in the industry, or into using anonymous means of communicating publicly.
  22. 1 point
    @Najeeb Ur Rehman, Thank you for contacting Emsisoft Support. If your files where encrypted using an online encryption key, then It is not possible to decrypt the files without paying the ransom. Which is not something we recommend you do.
  23. 1 point
    As far as I am aware, there is still no known way to decrypt files that have been encrypted by the Matrix ransomware without getting the private key from the criminals. Traducción proporcionada por Google. Hasta donde yo sé, todavía no hay una forma conocida de descifrar archivos que han sido encriptados por el ransomware Matrix sin obtener la clave privada de los delincuentes.
  24. 1 point
    Emsisoft Anti-Malware earns VB100 in December 2019 tests by certification body Virus Bulletin. The post Emsisoft earns VB100 in December 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  25. 0 points
    There aren't a lot of options right now for those with online ID's. You can make a backup of your encrypted files and hope that the private keys will be released and we can add them to our database, you can have a third-party (such as Coveware) try to negotiate a lower ransom price for you, or you can try to pay the ransom yourself. Regardless of what you choose to do, we recommend reporting ransomware infections to law enforcement so that they can properly prioritize them: https://www.nomoreransom.org/en/report-a-crime.html
  • Who's Online   0 Members, 0 Anonymous, 31 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up