Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      246

    • Content Count

      12258


  2. Amigo-A

    Amigo-A

    Visiting Expert


    • Points

      83

    • Content Count

      1237


  3. Kevin Zoll

    Kevin Zoll

    Emsisoft Employee


    • Points

      32

    • Content Count

      18810


  4. Elise

    Elise

    Emsisoft Employee


    • Points

      30

    • Content Count

      8297



Popular Content

Showing content with the highest reputation since 10/31/18 in all areas

  1. 4 points
    Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <- Forum post at BleepingComputer.com How do I remove the ransomware? The STOP/Djvu decrypter will stop the ransomware from running so that it can't continue encrypting your files, however it doesn't completely remove the ransomware. Most Anti-Virus software will detect STOP/Djvu if you run a scan for it, however if you don't have Anti-Virus software installed then you can run a Malware Scan with Emsisoft Emergency Kit (free for home/non-commercial use). Note that formatting the hard drive and reinstalling Windows will also remove the infection, however this ransomware is particularly easy to remove, so if a computer is only infected with STOP/Djvu then formatting the drive would be unnecessary. Will removing the infection unlock my files? No. Your files are encrypted. This encryption needs to be reversed (via a process called "decryption") before your files will be usable again. This encryption cannot be removed or undone simply by removing the STOP/Djvu ransomware infection. The decrypter can't decrypt my files? In most cases this means you have an online ID. It could also mean your files were encrypted by a newer variant of STOP/Djvu. See below for explanations. Why won't the decrypter run? The decrypter requires version 4.5.2 or newer of the Microsoft .NET Framework, so this could mean your version of the .NET Framework is out of date. We recommend installing the latest version of the .NET Framework (4.8 at the time of writing this), and then trying the decrypter again. Why is the decrypter stuck on "Starting"? When you run the decrypter, it looks for encrypted files. It will say "Starting" until it is able to find some. If the decrypter remains stuck on "Starting" for a long period of time, then this means it is unable to find any encrypted files. Offline ID. When the ransomware can't connect to its command and control servers while encrypting your files, it uses a built-in encryption key and a built-in ID. Offline ID's generally end in t1 and are usually easy to identify. Since the offline key and ID only change with each variant/extension, everyone who has had their files encrypted by the same variant will have the same ID and the files will be decryptable by the same key (or "private key" in the case of RSA encryption). Online ID. In most cases the ransomware is able to connect to its command and control servers when it encrypts files, and when this happens the servers respond by generating random keys for each infected computer. Since each computer has its own key, you can't use a key from another computer to decrypt your files. The decrypter is capable of working around this with older variants as long as it has some help, however for newer variants there is nothing that can be done to recover files. Old Variants. Old variants were those in distribution until near the end of August, 2019. Our decrypter supports offline ID's for almost all older variants, and can decrypt files for those with offline ID's without needing any help. For online ID's, it's necessary to supply file pairs to our online submission form so that the decrypter can be "trained" how to decrypt your files. A list of extensions from older variants can be found at the bottom of this post. New Variants. These use a more secure form of RSA encryption. Support for some offline ID's has been added to the decrypter for newer variants, and support for new offline ID's will be added as we are able to figure out decryption keys for them. As for online ID's, due to the new form of encryption, there's currently nothing the decrypter can do to help recover files. Will it ever be possible to decrypt new variants with online ID's? That depends on whether or not law enforcement is able to catch the criminals who are behind this ransomware. If law enforcement is able to catch them and release their database of keys, then we can add those to our database for decryption. If you would like to report this ransomware incident to law enforcement, then please click here for more information. The more reports law enforcement agencies receive, the more motivation they have to track down the criminals. What is a file pair? This refers to a pair of files that are identical (as in they are the exact same file), except one copy is encrypted and the other is not. Our decryption service can analyze the differences between an encrypted file and an original unencrypted copy of the same file, allowing it to determine how to decrypt that type of file. For most victims with an older variant of STOP/Djvu, submitting file pairs will be the only way they will get their files back. File pairs only work for one type of file. Due to the way encryption works in STOP/Djvu, file pairs can only help the decryption service figure out how to decrypt one type of file. For instance, if you submit a file pair for an MP3 file, then the decrypter will be able to decrypt all of your other MP3 files, however it won't be able to decrypt any other type of file. There are some exceptions to this, such as certain newer Microsoft Office documents (such as DOCX and XLSX) since those files are technically ZIP archives. The decrypter can't decrypt all of my pictures even though I submitted file pairs for them? JPEG/JPG images have a format oddity that causes file pairs to be specific to each source of pictures, rather than the file format in general. As an example, if you have pictures from two different cameras, and submit a file pair from the group of pictures from one of the cameras, then the decrypter will only be able to decrypt files from the camera that the file pair came from. In order to decrypt all JPEG/JPG images, you will need to submit file pairs from every source you've obtained those pictures from. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default Is there anything I can do to help catch these criminals? The best thing you can do right now is file a report with your country's national law enforcement. There is more information available at the following link: https://www.nomoreransom.org/en/report-a-crime.html Extensions from older variants that the decrypter supports:
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Finding the right ransomware sample becomes infinitely more challenging when you deleted the infection and can't provide us with the ransomware. It is okay to disable the infection by disabling any autorun entries pointing to it or by quarantining the infection. However, it is important not to delete it from quarantine or to remove the malicious files right away without a backup. Disable any system optimisation and cleanup software immediately A lot of ransomware will store either itself or necessary files in your temporary files folder. If you do use system cleanup or optimisation tools like CCleaner, BleachBit, Glary Utilities, Clean Master, Advanced SystemCare, Wise Disk/Registry Cleaner, Wise Care, Auslogics BoostSpeed, System Mechanic, or anything comparable, disable those tools immediately and make sure there are no automatic runs scheduled. Otherwise, these applications may remove the infection or necessary ransomware files from your system, which may be required to recover your data. Create a backup of your encrypted files Some ransomware has hidden payloads that will delete and overwrite encrypted files after a certain amount of time. Decrypters may also not be one hundred percent accurate, as ransomware is often updated or simply buggy and may damage files in the recovery process. In those cases, an encrypted backup is better than having no backup at all. So we urge you to create a backup of your encrypted files first, before doing anything else. Server victims: Figure out the point of entry and close it Especially recently we have seen a lot of compromises of servers. The usual way in is by brute-forcing user passwords via RDP/Remote Desktop. We firmly suggest you check your event logs for a large number of login attempts. If you find such entries or if you find your event log to be empty, your server was hacked via RDP. It is crucial that you change all user account passwords immediately. We also suggest to disable RDP if at all possible or at least change the port. Also, it is important to check all the user accounts on the server, to make sure the attackers didn't create any backdoor accounts on their own that would allow them to access the system later. Figure out what ransomware infected you Last but not least it is important to determine what ransomware infected you. Services like VirusTotal, which allows you to scan malicious files, and ID Ransomware, which lets you upload your ransom note and encrypted files to identify the ransomware family, are incredibly useful and we will probably end up asking you for the results of either of these services. So by providing them right away, you can speed up the process of getting back your files. If you struggle with any of these points, please feel free to ask for help. Our ransomware first aid service comes with no-strings-attached and is free for both customers and non-customers.
  4. 2 points
    That means you have files encrypted by an offline key. They can be decrypted WHEN/IF Emsisoft recovers the offline/ private key. Suggest you run the decrypter on a test bed of some of these files every week or so to check. Emsisoft doesn't announce key recoveries. Suggest you run the decrypter NOW.
  5. 2 points
    We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.
  6. 2 points
    Password protected archives work, as long as the password isn't posted with the link. Personally I prefer malicious files to be uploaded to VirusTotal and the link to the analysis posted, as we can download from VirusTotal but the average person who comes across our forums can't. Just keep in mind that all it takes to be allowed to download from VirusTotal is a premium account there, so technically anyone can get access to download files and thus you don't want to upload anything confidential there. We've started an analysis on it as well, however I don't think our malware analysts have had a chance to finish yet. I'll pass your links on in case they come in handy.
  7. 2 points
    I have provided links to the analyzes above. Specialists Emsisoft will receive these files.
  8. 2 points
    The Emsisoft Browser Security extension is now available on the Microsoft Addons store for Chromium Edge: https://microsoftedge.microsoft.com/addons/detail/jlpdpddffjddlfdbllimedpemaodbjgn Hopefully we'll be able to update EAM soon to check whether or not it's installed when you launch Chromium Edge.
  9. 2 points
    OK. I am very glad that you were able to decrypt the files. Now you need to better protect your computer in order to prevent a new attack.
  10. 2 points
    Hello. This link can help! https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/ Bitdefender Labs has made a decryption tool.
  11. 2 points
    Such tests aren't reliable. They aren't actually malicious, and may not be blocked by our Behavior Blocker like real ransomware would.
  12. 2 points
    @adityagede99, @Chinnhoo Computer, and @Kotari koteswararao this is a newer variant of STOP/Djvu, and your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ @Surasri this is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ @Nouman this is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. The STOP/Djvu ransomware will encrypt files on any drive connected to your computer. Yes. It requires a connection to our servers to function. We don't "develop" private keys. Those are created by the servers operated by the criminals. With offline ID's, since everyone's files who have offline ID's for the same variant of STOP/Djvu have been encrypted with the same public key, their files can all be decrypted with the same private key. We get those private keys when someone who has an offline ID pays the ransom and donates the decrypter the criminals sent them to us so that we can extract the private key from it. This process takes time, as it relies on the generosity of victims who have enough money and don't mind paying the ransom in order to make a donation like that.
  13. 2 points
    This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. 2 points
    I am running decrypter in every 2 days. I hope...! I will have my files decrypted one day soon. I hope...! :) Thank you
  15. 2 points
    If you want to make sure the Behavior Blocker is working, there's a batch file in the ZIP archive at the following link that should trigger a detection when you run it: https://www.gt500.org/emsisoft/bb_test.zip Just extract it somewhere, double-click on the batch file, and let Emsisoft Anti-Malware quarantine it. If you don't allow it to be quarantined, then it won't work as an effective test anymore.
  16. 2 points
    @Kevin Zoll @GT500 Just tried using STOP djvu decryptor a while ago and my files were successfully decrypted. Thank you so much Emsisoft Team. 😭
  17. 2 points
    @m2413 and @Juroan24 private keys for offline ID's are added to our database once we are able to find them. Just run the decrypter once every week or two in order to see when we've added the private key for your variant.
  18. 2 points
    We just added the private key for .reha offline ID's on Thursday, which is why it suddenly was able to decrypt your files. Thanks for letting us know that it worked. 👍
  19. 2 points
    As the FAQ clearly states, you have an online ID, and it is not decryptable. Only the criminals have your key.
  20. 2 points
    Hello @SalasKafa, Thank you for contacting Emsisoft Support. TOPI is a newer variant of the STOP/DJVU family of ransomware and is not supported by our decryption tool. Any ID ending in t1 is an Offline ID anything else is an Online ID. This is important as it tells us how the encryption key was generated. There may be multiple Ids, especially if communication between the target system and the command & control server is interrupted for any reason, or because the file encryption was done in stages to avoid detection. An Offline ID means that the encryption key pair was generated locally and the encryption key is encoded in a file. An Online ID means the encryption key pair was generated and stored on a remote command & control server under the control of the ransomware gang responsible for encrypting your files. Why is this important? The ID of the file(s) is how private encryption keys are identified. If we have a private encryption key matching the ID for a file(s) then that can be used to decrypt the file(s). However, this is all contingent on us having a matching private encryption key in our database. The downside of all this is that we are not currently in possession of private encryption keys for the TOPI variant of STOP/DJVU.
  21. 2 points
    @Amigo-A All variants of ChernoLocker do not leave a ransom note. It is a Python compiled script that just displays a message box when done, and opens a URL in the browser. url = f.decrypt('gAAAAABd5uHecSzXalJbhS48cQlhKynkcDotLAv8c3TD0jBkUvDQb-Z5snS7XgONHXqiNd5Czd94vCQix280kyHSjNnAwzgl66vYj_-YyTtPnNxTN3YjP-tZdQtd1bqe1WyRwrD-2m0xvruurd37CbHVSf2cTy-yCDCTN-MadttLITlVisEFMcKstpwHOUi-KV6YZ-7MmWcz2aaB1WmgSDNs_SN2buoKTg==') # url = 'https://platinumdatasolutionsltd.co.ke/wp-content/uploads/2018/11/landing-screenshot-img-9-768.jpg' webbrowser.open_new_tab(url) win32ui.MessageBox("All Your Files have now been encrypted with the strongest encryption\nYou need to purchase the encryption key otherwise\nyou won't recover your files\nRead the Browser tab on ways to recover your files\nMake Sure you dont loose this Email as you it will be loosing it will be fatal \nWrite it in a notepad and keep it safe \nEmail: [email protected]", 'YOUR FILES HAVE BEEN ENCRYPTED') @Raúl Try re-downloading the decryptor for v1.0.0.2 now. I've added support for your variant.
  22. 2 points
    @ferko85 Let’s deal with the active malware infection before attempting to recover your files. Download to your Desktop: Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download FRST from the infected system, FRST can be saved to and run from a USB flash drive. Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. NOTE: DO NOT change any of the default settings. If you do we will just close your logs and ask for new ones ran with FRST's default settings. Press the Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt
  23. 2 points
    Yes, that should be an offline ID. Make a backup of your files, and try running the decrypter once every week or two to see if we've been able to add the private key for this variant to our database. Once it's added to the database, the decrypter should be able to decrypt your files.
  24. 2 points
    Emsisoft Anti-Malware earns VB100 in December 2019 tests by certification body Virus Bulletin. The post Emsisoft earns VB100 in December 2019 tests appeared first on Emsisoft | Security Blog. View the full article
  25. 2 points
    In most cases, those features should work without the need to keep most of the software that computer manufacturers pre-install. If you're not certain about what software should be kept or removed, then there are third-party softwares that can help (Decrapifier for instance, and for a while there was a ridiculous batch file that techs were using that could do it).
  26. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  27. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  28. 2 points
    I've been told that the time window for being able to figure out keys for .kiratos has ended, however I will go ahead and pass this on to the developer of STOPDecrypter so that he can archive it just in case he's able to figure out the decryption key at some point in the future.
  29. 2 points
    Hi Marshall. Not sure, but I do know that I recognize the URL of "MVPS Hosts" and I recognize the list. I don't recognize the list attached to MVPS Hosts (Domains). To view the list, click the blue "Details", "View" & "Original" buttons - see image. Sorry I couldn't offer a better explanation.
  30. 2 points
    Hi Marshall. To add the MVPS Hosts list to uBlock Origin, perform the following steps (see images for more details): (1) Go to the following link: https://filterlists.com/ (2) Enter "130" in the page field. (3) Click the blue "Details" button on the "MVPS Hosts" line. (4) Click the blue "Subscribe" button. You're all done! The MVPS Hosts file should now be added to uBlock Origin in your browser. To check you can look at the uBlock Origin "Options" page by right-clicking the uBlock Origin icon in your browser, as per images. Hope this helps. Best Regards, Steen
  31. 2 points
    Personally I think following the tests is a waste of time. If you are really concerned then you will need to make the effort to do your own testing. that is what I did. Also the tests don't tell you a thing about the nature of the company. I will stick with Emsisoft because I think it's the best
  32. 2 points
    Hallo Moreau, vielen Dank für Ihre positive Rückmeldung. Immer wieder gerne und vielen Dank für die freundliche Kommunikation. Ich wünsche Ihnen einen guten Start in die (noch fast) neue Woche!
  33. 2 points
    > Thanks how do I turn off the notification please ? See: Settings - Notifications - Browser Security verifications
  34. 2 points
    Hello, This is legitimate. You can read more about it here: https://blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/
  35. 1 point
    I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  36. 1 point
    According to their manual you can uninstall it from Apps & Features: http://h10032.www1.hp.com/ctg/Manual/c06379792
  37. 1 point
  38. 1 point
    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  39. 1 point
    My system got infected with KODC ransomware. Pls help Addition.txt FRST.txt Ransomware Text.txt
  40. 1 point
    As an addendum to what I said above, the loadpoints for the ransomware were missing in the log, and were more than likely already removed by the decrypter (it doesn't delete the ransomware, but will prevent it from running again).
  41. 1 point
    0198nTsddv06YHbhNNHIA4FoWgk8Exu5sTjk6CwEDVSQZ35t1 that is my ID got kodc extension ransomware vrius is offline key ? in case yes i run the emisoft decryptor it did not works please is there any solution ?
  42. 1 point
    Thank You to EMSI Team I have retrieve all my data without any lost by using the EMSI STOP DJUV utility from id 0188yTllsd8TwbCMGuw5Ei5PlymKj0pldFtsUYeGxci3YGlbt1 Thank you for whole the team and thank you for your Head. Regards, Imran zafar
  43. 1 point
    @andrey Есть немало шифровальщиков, которые используют Windows PowerShell для атаки и успешно осуществляют её в массовом порядке. В том числе до сих пор живо целое их поколение, которое или так и называется PowerShell Locker Ransomware или приобретает новые имена (типа этого) и ЭТО до сих периодические распространяется, когда у криптонариков набрутенные баксы перестают им петь романсы. Если бы этой функции не было в составе Windows, то им пришлось бы внедрять что-то подобное, чтобы осуществить эту атаку, вот тут поведенческий анализ и дал бы им жару. Если вы сами никогда не пользуетесь Windows PowerShell то отключите эту горе-фичу от греха подальше.
  44. 1 point
    Hello @chmm2100387 Previously and at the moment there is no known way to decrypt files after an attack by Phobos Ransomware. This is checked regularly as the current version or a new version of the encryptor is released. None of those involved in decrypting files after an attack by ransomware has not yet published a decryptor or method that allows you to decrypt files or otherwise return information from files after a Phobos attack. If you will search for new information on the Internet, then take into consideration the following info: many sites that Google gives in search results make public disinformation and offer to download fake decryption tools. Sites that provide true information and free decryption tools: https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/ https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ if you want, add to them those that are in my signature. These sites (forums) help victims for free. No fee is required if they can help. Experts from different countries and different nationalities gather here. If decryption becomes possible, then they and we will report on successful decryption methods in the news and on forum publications.
  45. 1 point
    Hallo Emsisoft und hallo Thomas! Muss das Thema noch einmal aufgreifen: Hatte im letzten Jahr schon meinen Unmut zur Abo-Variante des Lizenzsystems kundgetan. Immerhin war da noch über die Mail von Cleverbridge eine umgehende Kündigung relativ einfach möglich. Vermutlich hat Emsisoft dies auch bemerkt und nun mit dem neuen Abrechnungsdienstleister "2Checkout" auch diese Möglichkeit entfernt. Beim heutigen Kauf der Verlängerung kamen insgesamt drei Mails (1. Bestätigung des Kaufs / 2. Bestätigung der Zahlung / 3. Produkt-/Abonnementinformationen). In keiner dieser Mails ist eine Möglichkeit beschrieben oder verlinkt, die Kündigung des Abos auszuführen. Dieses Geschäftsgebaren hat nichts mehr mit dem bisher üblichen vertrauensvollen Verhältnis und den angenehmen Kontakt bei Fragen zu tun! Kundenbindung wird nicht durch Abos sondern durch gute Produkte (welche Emsisoft nach wie vor fertigt) und vernünftigen Support erreicht. Also: Wie kann ich nun mit einfachen Mitteln das aufgezwungene Abo umgehend kündigen??? - Danke für kurzfristige Antwort und hoffentlich baldige Änderung des Lizenzsystems - Back to the roots! VG Holger
  46. 1 point
    Unfortunately those MAC addresses aren't correct. The correct network adapter must have been offline when STOPDecrypter was run. To get the correct MAC address we can use a simple batch file. Download and open the ZIP archive at the following link: https://www.gt500.org/emsisoft/MAC_Address_Batch_File.zip When it opens, you'll see a folder containing a file named Get_MAC_Addresses. Double-click on that "Get_MAC_Addresses" file, a black window should appear and then shortly disappear. After that there should be a new file on your Desktop called MAC_Addresses. Please attach that "MAC_Addresses" file to a reply, or send it directly to Demonslay335 in a private message to expedite the process (be sure to also send him a link to this topic, or at least send him the information you posted here from STOPDecrypter).
  47. 1 point
    Hi @Marshall, Glad it worked for you, Take care, Steen
  48. 1 point
    OK. Let us know if you're able to recover anything, that way we know whether or not to continue recommending trying file recovery software.
  49. 1 point
    This wasn't about malware. This was about serious vulnerabilities in processors that could have exposed information from any running process. This information could include anything you had open at the time the vulnerabilities were exploited. Financial information, password databases, browser history, etc. And it is exploitable from within a web browser, so all you'd have to do is visit a malicious website. As I said, I highly recommend leaving the mitigations turned on. Microsoft's latest patch for the Spectre v2 mitigations (released March 1st) does help with performance issues.
  50. 1 point
    Hallo Wolfgang, vielen Dank dass Sie unseren Support kontaktiert haben. Eine Infektion durch die offizielle Version vom VLC Player bei der Installation oder beim Update sollte sich ausschließen lassen. Sie haben Chip erwähnt, Ihrem Beitrag entnehmen ich aber dass Sie den Chip Installer nicht verwendet haben als Sie VLC Player installiert haben? Wie Sie bereits festgestellt haben könnte man sagen es wird einem damit einfach gemacht auch andere Dinge als das Programm zu installieren welches man eigentlich herunterladen wollte. Daher sollten Programme immer direkt vom Hersteller bezogen werden, damit sollten sich dann auch Zwischenfälle ausschließen lassen, wird in einer offiziellen Software einmal eine Infektion gefunden sollten vertrauenswürdige Hersteller auch dafür sorgen dass alle Nutzer informiert werden. Wenn eine Plattform wie Chip.de verwendet werden soll um Software zu beziehen, würde ich persönlich empfehlen Ausschau nach einem Link "Manuelle Installation" zu halten; damit wird dann der Installer des Herstellers heruntergeladen, und nicht der Chip Installer über den dann wiederum z.B. VLC Player heruntergeladen und am System installiert werden soll. Ein einfaches Rezept zur Säuberung eines Systems welche für Jedermann und in alle Fälle gut funktioniert lässt sich vermutlich nicht finden. Etwa ist die Anleitung welche @onegasee59 freundlicherweise erwähnt hat schon in ein sehr brauchbares Format gebracht worden. Gerne sind wir Ihnen bei der manuellen Bereinigung behilflich, lassen Sie mich bitte wissen wenn Sie gerne eine Anleitung zum Erstellen der benötigten Log-Dateien haben würden die wir benötigen damit wir Sie damit unterstützen können. Wenn Software vom Hersteller des eigenen Vertrauens bezogen wurde sollte man davon ausgehen können dass Update-Aufforderungen legitim sind wenn diese eindeutig von diesem Programm stammen. Verhaltensverstöße bzw. Aktionen die auf einmal von einem Programm am System durchgeführt werden sollen können schon von Sicherheitssoftware aufgespürt werden - etwa mit einer Technologie wie unserer Verhaltensanalyse; vorausgesetzt es wurde keine Ausnahme-Regel für das Programm erstellt. Man sollte sich da System genauer ansehen, wir helfen Ihnen gerne dabei, mit eine Anleitung die dann für Jedermann funktionieren würde können wir aber leider nicht dienen. Darauf lässt sich leider keine Antwort finden wenn man nicht vorher einen genaueren Blick auf das System geworfen hat. Dazu werden wiederum diverse Tools verwendet die detaillierte Informationen über den Systemzustand und verschiedene wichtige Bereiche im System auflisten. Entweder muss dann wiederum mit anderen Werkzeugen nachgesehen werden bzw. werden die Informationen dazu genutzt um dann Malware die am System gefunden wird gezielt zu entfernen. Es tut mir Leid dass meine Antworten für Sie nicht genauer ausfallen können oder ich mit einer Anleitung dienen kann die dann vielen Nutzern sofort auf einfache Weise helfen könnte. Für Ihre Fragen und Anliegen stehe ich gerne weiter zur Verfügung.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up