Leaderboard


Popular Content

Showing content with the highest reputation since 05/26/19 in Posts

  1. 2 points
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  2. 2 points
    That's an offline ID. Support for it should be added to STOPDecrypter soon, and once that happens it should be possible for you to decrypt your files.
  3. 1 point
    The .pumax variant is 100% decryptable if you follow the instructions in the README.txt and provide it an encrypted file and its original. Don't bother with the ID and MAC, I don't need to archive those for that variant.
  4. 1 point
  5. 1 point
    There is no free way and no free file decryption tool. Alas.
  6. 1 point
    This is almost certainly GlobeImposter 2.0, however you can verify that using ID Ransomware: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  7. 1 point
    One more case here. Files encrypted over last weekend - .COPAN extension added and as far as I can see no single trace of ransomware software left except ransom notes. Attached ransom notes and two encrypted files. Best regards and thank you. TEHNIČKA PODRŠKA.xlsx.COPAN Tehnički zadatak.docx.COPAN HOW TO DECRYPT FILES.hta HOW TO DECRYPT FILES.txt
  8. 1 point
    Possibly in the future, just give us some time. 😉
  9. 1 point
    Here is the note: YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. DO NOT TRY TO DO SOMETHING WITH YOUR FILES BY YOURSELF YOU WILL BRAKE YOUR DATA !!! ONLY WE ARE CAN HELP YOU! CONTACT US: [email protected] ATTENTION !!! THIS IS YOUR PERSONAL ID WICH YOU HAVE TO SEND IN FIRST LETTER: QY 5P 3f /+ iC qr bq AU SA VT XU Q5 Xf SH 7F ac tv SM WB qk gm bU +K /2 0X o4 Zy S9 JW Zx 5s NH ZI Sj sZ sQ /B Cf J1 fd pU oi aZ j5 gb gf 3h oG 4P +a QU yn es Hd 8k F5 Xq zX Ew ZA r8 nV y0 4z B6 JA Hy NM l0 ZD hO v0 2h PK X7 vj 6g 5J yO be Fs b6 FW +R X/ Bp kd so 1Z jo nF ti EF ut 49 /o wV Ky dX YG PK cR n1 nd 39 Qr uj 7U JN gS MS HJ jI mx bn Sv b4 mS q6 CH 6H Vs d5 m/ Xg 4X al b8 X4 kx +4 he y5 mu dJ mc aT Mv rf GM 1Z Z9 Fp tx N8 2L ZA vt +l fe 38 a3 w1 3/ Ks Fm br L/ TC I9 8I ax rZ fD Wy jo Vm wT 4X Fy rd bo 34 qW PA CM zn c8 42 lb qj ML v/ WP Za pL Fe kJ VC 5P +A CJ bD 2q fp am +u N/ Xl xI 1N N3 Qs oz AR d5 kW n5 7u si n+ Oy DE ML mi SD M1 t5 c1 a7 As Wu g7 ME kd Qh /T X+ jW r9 h8 9f bX 6D G+ 2N 0v Bi Vd tY pP 1c w1 fu dE 5m Zr Sz Ak z5 FX IO BG 1F Ly zk Ri s5 5D nu nt fc 3Q 8B aA ez tM NV cx b7 5T Y+ ES Xi 7R /N zl rJ O8 xP +u mW kF Sj QJ UT /H o0 Vw 2q +/ Z5 w1 wo ry 3G I3 fL RZ wx cO S7 VJ Eh jg FA YB U5 ux 6H +c Zn dG D2 oS gh VR kG xW 4f xq 8K Ya EA Hx cf D/ iD 75 zs MF fo yz 94 69 fr FW MN Kd LK Th 0=
  10. 1 point
    I understand it can be frustrating, however figuring out your decryption key is going to take some time. Please try your best to be patient, and we'll do what we can to help you.
  11. 1 point
    The offline ID and Key for .muslat has been added to STOPDecrypter. Just download a fresh copy of STOPDecrypter, and it should be able to decrypt any files that were encrypted using the offline key for the .muslat variant of STOP/Djvu.
  12. 1 point
    stapp is correct that EAM won't run on Windows XP. Also, please note that it is impossible to secure a Windows XP system. It has serious security vulnerabilities that Microsoft will never patch, and which will only grow more numerous over time. I highly recommend installing another Operating System on the computer in question which is still receiving security updates.
  13. 1 point
  14. 1 point
    THANK U VERY MUCH...ALL THE DATA HAS BACK NOW 😍
  15. 1 point
    @Yassine, @Luwie, @Rizkifebian, @Din please note that your ID's (PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1) is an offline ID, and support for it was added to STOPDecrypter this afternoon. Simply download STOPDecrypter again and run it, and then new version should be able to decrypt your files: https://download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  16. 1 point
    EAM doesn't work on XP or Vista now. System requirements are :- For Windows 7/8.1/10, 32 & 64 bit
  17. 1 point
    [+] Loaded 42 offline keys Please archive the following info in case of future decryption: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt --------------------------------------------------------------------------------------------------------------- Decrypted 0 files! Skipped 45 files. [!] No keys were found for the following IDs: [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gerosan ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.gif ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.zip ) [*] ID: PpzYa3nBba2MZq4MUGgxoZcZ7cbXBKtzNcipyRt1 (.rar ) Please archive these IDs and the following MAC addresses in case of future decryption: [*] MACs: 54:EE:75:D0:9E:A4, 00:FF:BF:00:80:E5, 7C:67:A2:4C:F6:BD, 7E:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:BC, 7C:67:A2:4C:F6:C0 This info has also been logged to STOPDecrypter-log.txt please help me STOPDecrypter-log.txt
  18. 1 point
    You're welcome. Just follow the instructions I posted at the following link: I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  19. 1 point
    OK, it looks like any infection had already been removed. Your computer should be OK for now.
  20. 1 point
    I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. As for your FRST logs, please download the following fixlist.txt file and save it to the Desktop: https://www.gt500.org/emsisoft/fixlist/arx/2019-06June-11/fixlist.txt NOTE: It's important that both files, the FRST download from earlier and the fixlist file, are in the same location or the fix will not work. If you need to, please copy the files from your Downloads folder to your desktop. Run the FRST download from earlier, and press the Fix button just once and wait. If for some reason the tool needs to restart your computer, please make sure you let the computer restart normally. After that let the tool complete anything it still needs to do. When finished FRST will generate a log on the Desktop (Fixlog). Please attach it to a reply.
  21. 1 point
  22. 1 point
    @kevinliangts I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future. All you have to do now is give us some time, and we'll do what we can for you.
  23. 1 point
    The problem with that, as JeremyNicoll mentioned, is that debug logging needed to be on when the issue happened otherwise it won't tell us anything about it. Since debug logging is turned off by default due to slight performance degradation and the amount of disk space it can waste, you would have had to turn it on manually before the issue occurred.
  24. 1 point
    > Perhaps I can send the debug logs ? Only if you had debug logging turned on before and during the problem. Most users do not ever have it on because it can slow EAM down. It also creates files which grow in size very fast... You can check - the place where you'd choose to turn it on is at Settings -> Advanced -> Debug Logging.
  25. 1 point
    QA isn't aware of any issues with languages reverting to English. Unfortunately, without debug logs, it wouldn't be possible for us to know for certain why it happened.
  26. 1 point
    You're welcome.
  27. 1 point
    OK, I'll ask QA if there are any known issues with languages changing.
  28. 1 point
    Yes, Emsisoft Anti-Malware includes protection from Potentially Unwanted Programs (PUPs).
  29. 1 point
    This is STOP Djvu Ransomware, and we need a sample of the malware. Can you check Task Scheduler for a suspicious task running very often (like every 5 minutes)? If you find it, please disable it, then go to Properties for it, Actions tab, and select the "Start a program" - click Edit, and note the location the executable is. Find that executable and upload it to VirusTotal, then send me a link to it. If you need further help with this, I will have a support team member reach out to you for more guided assistance. I do need that malware sample ASAP. In addition to securing the malware executable, please follow the directions in this article to provide me the Personal ID and MAC addresses of the infected machine. https://kb.gt500.org/stopdecrypter
  30. 1 point
    You're welcome. Thanks, and you're welcome - your English is very good too. Hopefully Frank will see the first few posts above and the relevant changes will happen in a future release.
  31. 1 point
  32. 1 point
    doesn't matter what gender it is, it would be Mon even if feminine because it starts with a vowel, and Mes wouldn't look right as the word Emsisoft isn't pluralised.
  33. 1 point
    There are still some bugs in the current implementation of Emsisoft Cloud Console (which is what you're seeing in MyEmsisoft when you manage your workspace). It's still a beta, and our developers are still adding features and making changes to existing functionality, so every now and then a new bug will be introduced. Zwergenmeister already reported this as a bug, and the response from QA was that it is a known issue and is being worked on.
  34. 1 point
    Did you restore settings to factory defaults (under Advanced Settings)?
  35. 1 point
    > I suppose you could argue that it should be called Mon Emsisoft ... Or "Ma"? What gender is an "Emsisoft"? Maybe it would be more, umm, sympathetic (or do I mean sympathique?) to say "Ma". Or "Mes" if they're a plural entity?
  36. 1 point
    haha, thanks, or should I say merci 😀 I suppose you could argue that it should be called Mon Emsisoft 😄 Also, where it says Mon, and then Les Appareils, and Licences below that, it probably should say Mes, and then Appareils and Licences
  37. 1 point
    It also says the last update was 'il y a il y a 1 min' - I think the 'il y a' shown in grey needs to be removed
  38. 1 point
    Does Settings -> Advanced -> User-interface language say English or French? (I don't know why it might have changed, but at least you should be able to get French back.)
  39. 1 point
    Only two seats on the license key associated with your workspace appear to have been used, and the third seat doesn't appear to have ever had a device associated with it.
  40. 1 point
    Hello, ECC its just in beta, it will be corrected soon, i have also report that.
  41. 1 point
    Hallo und danke für die Anfrage. Vielen Dank auch für die Unterstützung @eric cartman Eventuell noch als Nachtrag ein Verweis zur Übersicht der Produkt-Updates: https://blog.emsisoft.com/de/category/emsisoft-neuigkeiten/produkt-updates/
  42. 1 point
    As Amigo-A pointed out, it should technically be safe as long as you keep backups of both the encrypted files and the ransom notes. Just be sure not to miss anything, as the odds of recovering data from a drive you have reformatted and reinstalled Windows on are extremely slim.
  43. 1 point
    https://blog.emsisoft.com/de/33459/neu-in-2019-5-verbesserte-myemsisoft-uebersicht-beta/
  44. 1 point
    Hi Frank, first it looks really good, i will switch all stuff to Cloud now ..... Same things missing hope it will come back later: 1) OS Information , EAM Version , Reset to default rule if user have edited 2) License is not showing correct i have not used all 60, also it would be good to see where all the license are used like the old user account list 3) Security Question: All stuff from the Cloud are only options for configuration, there is now and really no way to get data from client or data to clients right ? Same german translation issues 1) Scan Days 2) Berechtigungen und Schutzrichtlinien Frank thank You my Friend i will be report all Stuff i see in the next few weeks in use Regards Christian
  45. 1 point
    Hi Zwergenmeister Thanks for your feedback. Please note that ECC is in beta stage and we're adding new stuff and fixing things on a regular base. 1. planned 2. known and being worked on 3. data: what would you like to get from and send to a device ? german translation will be updated. VG Frank
  46. 1 point
  47. 1 point
    Most ad blockers will block cryptominers as well, so specialized extensions for it aren't necessarily needed. I know uBlock Origin started blocking them almost immediately after CoinHive started to be exploited (although it appears to be one of the third-party filter lists that are enabled by default that are blocking it).
  48. 1 point
    Now i removed every tool and free virus protection software
  49. 1 point
    Cryptocurrency miners are fairly well detected. I would believe they mostly just use pre-existing mining software, and use a trojan to sneak it onto someone's computer without their knowledge, so detecting them is usually fairly easy. Unfortunately this does mean that EAM has to detect any legitimate mining software, since it could always be bundled with malware for the purposes of using your hardware to mine for someone else's profit.
  50. 1 point
    Then you should already know how to get them.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up