Popular Content

Showing content with the highest reputation since 05/01/20 in all areas

  1. 2 points
    That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key. Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries. Suggest you run the decrypter NOW.
  2. 2 points
    We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.
  3. 2 points
    Password protected archives work, as long as the password isn't posted with the link. Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there. We've started an analysis on it as well, however I don't think our malware analysts have had a chance to finish yet. I'll pass your links on in case they come in handy.
  4. 2 points
    I have provided links to the analyzes above. Specialists Emsisoft will receive these files.
  5. 2 points
    The Emsisoft Browser Security extension is now available on the Microsoft Addons store for Chromium Edge: https://microsoftedge.microsoft.com/addons/detail/jlpdpddffjddlfdbllimedpemaodbjgn Hopefully we'll be able to update EAM soon to check whether or not it's installed when you launch Chromium Edge.
  6. 2 points
    OK. I am very glad that you were able to decrypt the files. Now you need to better protect your computer in order to prevent a new attack.
  7. 2 points
    Hello. This link can help! https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bitdefender Labs has made a decryption tool.
  8. 1 point
    Hi the option i'm asking about is this in Advanced section: and what happens if we check or uncheck it, this was checked by default i think i've unchecked it to see if there be any difference or not and i did not see any difference 🤔
  9. 1 point
    Unfortunately this ransomware is still under analysis, and we're not certain if it's decryptable yet.
  10. 1 point
    We've already done testing with EAM on the 2020 May Update (2004) for Windows 10, and it should work normally on that new feature update.
  11. 1 point
    You're welcome. If you need anything else, then let us know.
  12. 1 point
    I am posting this from my Win 2004 machine with EAM installed. I even installed 2004 with EAM running. It was done from an iso as a upgrade. No problems at all for me.
  13. 1 point
    The statement on MalwareTips couldn't be further away from the facts. Our update system was actually one of the first in our industry which implemented advanced manipulation protection, 13-14 years ago, long before SSL became common and at a time when most AVs just had a plain and easy to manipulate file listings to get their updates. This is how we protect the update trust chain: 1. Update files are encrypted when published, but that's mainly to protect our intellectual property, not to defend hackers. 2. All files are hashed and named by their checksum on our servers. 3. Updates are generally delivered as differential/fragment files that only match with non-manipulated older file versions already on your computer. 4. The update API on our servers provide a list of hashes of all files of the product. The API output is digitally signed, so if it was manipulated, the software would stop the update right away. 5. The software downloads all files that have different hashes than the locally existing files. At that point, any locally made manipulations would be overwritten. 6. Downloads are through HTTPS, e.g. (https://dl.emsisoft.com/updates/CCB6E1DBF0D8220FEF38A77189CC7BB1.dat) 7. After downloading, the software verifies if the hash in the earlier provided download listing matches the actual hash of the files. If there were any manipulations in the download process, e.g. through SSL interception, the files would be rejected at that point. 8. Binary files are also digitally signed, which means if anything gets manipulated on client side, the software won't run anymore and Windows would immediately alert that it's down. Only if a file can be guaranteed to be and original from Emsisoft, is is being installed. Note that the described security model doesn't even need SSL to be bullet-proof. We just added SSL because it's freely available with our hosting provider. Btw. the download protocol can be viewed with tools like FiddlerTool (JSON/RAW view), so you can easily verify the above information by yourself. We do, however have a Bug Bounty program. If anyone can get me a working proof that they were able to manipulate our updates, a big cash reward is waiting for them!
  14. 1 point
    You can keep an eye on BleepingComputer's news, as they will usually report when a new ransomware decrypter is released: https://www.bleepingcomputer.com/ We also have a blog where we usually announce new decrypters we've made: https://blog.emsisoft.com/
  15. 1 point
    We're still analyzing it. If it's possible to make a decrypter then we'll do so, however analysis takes time.
  16. 1 point
    We don't yet have the private key for this variant of STOP/Djvu's offline ID. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. 1 point
    I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. 1 point
    But they sayd me say ID, i think our id different ,maybe you will need other one. Dont know, need to ask specialis
  19. 1 point
  20. 1 point
    I had exactly the same problem on my working computer..all my files got corona-lock I could not decrypt it with free decryptors. i paid to get decryptor to my id. But decryptor autodeleted. after decrypting my files. If i will find it i will post it here , maybe if it can help to you
  21. 1 point
    yes i have Look up rep set and yes i tested files with suspicious behavior that BB blocked them, i did not see any difference in the alret or anything from EAM when i've unchecked that auto allow programs with good rep well this is the easy part, i'd like to know what happens if i did not have that auto allow checked 🤔 like it won't allow the program to run? or something? i think it might be something that works when we set the BB to "Alert" not auto resolve actually, then it will also ask for programs that have good rep also? not sure tho and i also did not notice any difference between when BB set on "auto resolve with lookup notification" and "auto resolve and notification for threats only" like i have ran some samples that i had and checked both options there were no difference like at all.
  22. 1 point
    Did you read: https://help.emsisoft.com/en/2270/advanced-settings/ ? I think it only matters for programs that appear to be doing something odd. When EAM might at first think that they are malware, it will look online (if you have also chosen "Look up reputation of programs". Then, if the online system thinks the program is ok, it will allow it if you have also set "Automatically allow...". So, when you tested to see if there's a difference, were you running a program that tried to do something suspicious? Was that program one that EAM (or you) hadn't already created a rule for? Do you have "Look up reputation..." set?
  23. 1 point
    Due to the novelty, this malware is still being studied. So, you do not need to look for a decryptor, anywhere. Otherwise you can run into another viral attack. 'ID Ransomware' already defines it according to two well-known versions. I will prepare a description BigLock Ransomware in my Digest soon. I noticed some familiar elements that we know from previous ransomware. Most likely, this is a new version of one of them. But now it is considered new anyway. Encrypted files are recommended to be kept and to monitor updates.
  24. 1 point
    I don't know of any plans to add such features, however please keep in mind that we don't generally announce new features until we have a beta ready for everyone to try. Also, please note that the Behavior Blocker should already prevent malicious applications from sending data to remote servers, while the Web Protection will attempt to prevent connections to known malicious servers, so the threat from malicious applications accessing the microphone and camera should be minimal.
  25. 1 point
    No. It applies to all of the 'new djvu' variants which first appeared in the middle of August 2019, almost all of which have 4 letter extensions. That would include the latest, .koti
  26. 1 point
    His files were encrypted by an offline key. The Emsisoft decrypter cannot recover files encrypted by .mado with an online key.
  27. 1 point
    Dear Team. I have already decrypted with Mado files, many thanks for your help. Best regards Nam
  28. 1 point
    Thanks, My all files are now decrypted, Thanks a lot.
  29. 1 point
    This had nothing to do with you. Someone else replying to your topic diverted my attention from you, and I mistakenly sent the instructions to them instead of to you. That was my mistake, and I apologize for not making sure I was sending the information to the correct person. If you still need help with this computer, then contact me via private message, and I will see what I can do to assist.
  30. 1 point
    Need any option to decrypt files which are encrypted with .mzlq extension and while using emsisoft came to know that it is encrypted with online key. So need help to decrypt the files. Very urgent.
  31. 1 point
    Hi. so i just saw something strange, there is a phishing site that Emsisoft do detect it as phishing at VT but in my system the site is not blocked by Emsisoft my extension at least it says it's up-to-date software database is also up to date. it's been an hour that i'm keep checking the URL it is still not detected on my system .. i thought Emsisoft extension get it's database real-time from cloud or somewhat like that? so this kind of difference or delay is kinda strange? Regards,
  32. 1 point
    HP Sure Click may cause you some issues too if you have it. https://borncity.com/win/2018/11/25/issues-with-hp-sure-click-under-windows-10/
  33. 1 point
    According to their manual you can uninstall it from Apps & Features: http://h10032.www1.hp.com/ctg/Manual/c06379792
  34. 1 point
    the explaination that i've found in the other topics of the same forum answered the Q completely, i'll copy/paste it for those who might have the same question in the future: as for the extension problems in Firefox it seems that Emsisoft developers are already aware of that and it is not that much of a deal that they feel it is needed to be fixed yet ( after 3 years if i'm not wrong? )
  35. 1 point
    The extension catches results so that it doesn't have to request them again. The VirusTotal results are also sometimes out of date.
  36. 1 point
    You are welcome!
  37. 1 point
    hello, my files are decrypted with .mzlq extension. i am willing to wait for it to go offline to get it decrypted but i want to know how long does it usually lasts online
  38. 1 point
    Ok let me try other file pairs and i will post the files(if there are any) not decrypted
  39. 1 point
    The issue appears to be that your files weren't all encrypted by the same key. Based on what you've sent us thus far, it looks like your files were encrypted with at least three different keys. Fortunately different keys are used on different files, so you should be able to decrypt your files, it's just going to take a lot more time than normal. Go ahead and try a file pair, run the decrypter, and see what it decrypts. After than, find another file pair to try (something that wasn't decrypted), and use it with the decrypter and see what it decrypts, then try that over and over again until you've managed to decrypt everything.
  40. 1 point
    @GT500sent logs in a pm
  41. 1 point
    I've forwarded your file pair and log to our ransomware decrypter developer so that he can take a look at it.
  42. 1 point
    Protecting against man-in-the-middle (MITM) attacks is complicated, and requires a lot of technologies that have nothing to do with Anti-Virus software. Your DNS service, your web browser's security features, and the security configuration of web servers you connect to are instrumental in your protection against MITM attacks, and anything that an Anti-Virus software can do to try to prevent it wouldn't be as effective as you might think. After all, MITM attacks don't happen on your computer, they generally happen between your router and the server running the website you're connected to. As for VPN's, they'd be as useless to prevent MITM attacks as Anti-Virus software, as the connection between your web browser and servers it is exchanging data with still has to leave the VPN network at some point.
  43. 1 point
  44. 1 point
    That's not a download link. Are you able to attach a few files to a reply to this topic? Only authorized helpers can read them.
  45. 1 point
    Once you're done with Emsisoft Emergency Kit, let's try getting a log from FRST and see if it shows any further sign of infection. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  46. 1 point
    Run a scan with Emsisoft Emergency Kit and quarantine anything it finds: https://www.emsisoft.com/en/home/emergencykit/
  47. 1 point
    Ok, I get it, thanks for the help! I have to install EAM in a new system! If problems arise - I use a diagnostic tool!
  48. 1 point
    The EAM 'sales' page has a small link, just under the "free trial" button, to "alternative installation options". Some installers are small, but have to go to servers to download the real installer *which is fine, unless that server is unavailable). Other installers are much bigger but include the program code. You should perhaps try one of the big installer files, either Inno or MSI.
  49. 1 point
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  50. 1 point
    @Chen Song Open GUI.. settings.. scroll down to Advanced and look for where it says Factory Defaults. Opposite it says Revert, click on Revert and you are offered a small menu. Tick ''clear all logs and reset counters' Press okay
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up