Popular Content

Showing content with the highest reputation since 08/16/19 in Posts

  1. 1 point
    Perhaps this is the only chance to return some of their files. You can add this links to the sample on the VT website in the ticket. DrWeb experts will gain access to it through an affiliate program. https://www.virustotal.com/gui/file/5106d847e6fecd52295ab7e01ce2e7525e3107f6a2d4dd3fc2956a8db970e799/detection https://www.vmray.com/analyses/5106d847e6fe/report/overview.html
  2. 1 point
    DrWeb can decrypt some files that STOP-Decrypter cannot decrypt, only in another way. Only .pdf encrypted files and all the Office documents .doc, xls, docx, xlsx, ppt, pps, etc … Unfortunatly with this way can't will decrypt photo, video, audio and many files with other extensions. If free test decrypt these files will successful, the fees requested by Dr.Web experts 150 EUR for Rescue Pack (Personal decryptor + 2-year DrWeb Security Space protection). There is no alternative to receiving this service. If the test-decrypt will fails, no payment will be required. Tell me, if this way suits you, I will let you know what files you need to collect for this. I do not participate in this process and do not provide any help except this information. I not having any financial benefit and is not involved in this decryption service at all.
  3. 1 point
    In addition, the STOP-Djvu Ransomware does the following: 1) leaves behind a software module that steals personal information from browsers and other programs; 2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims. For these targets: 1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $). 2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you. The path to this file is: C:\Windows\System32\drivers\etc\
  4. 1 point
    Most ransomwares will automatically delete themselves after they finish encrypting files, but some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best practice to check and make sure that no such components have been left behind, so we recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (just attach the log files FRST saves to your message): https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  5. 1 point
    Hello @Mido This is the result of the STOP-Djvu Ransomware attack. I have been tracking the malicious work of this program since December 2017. Now on the forum a lot of victims from different variants of this Ransomware. In some cases, the files can be decrypted. Extension .kvag - this is new variant of STOP Ransomware. Until recently, it was possible to collect some information and add it to STOP-Decrypter. Now this does not help. We expect changes in the decryption method. But so far there is no such news and the victims remain with encrypted files. I repeat, there is no way to decrypt files yet. Any site that offers decryption for this variant may be a scam site. Be careful.
  6. 1 point
    Please upload a copy of the ransom note and an encrypted file here and post back with the result. https://id-ransomware.malwarehunterteam.com
  7. 1 point
    We have received new information! There is only an free experimental tool, but not for all file types. Try it, as the link says.
  8. 1 point
    It's not abnormal for games to have issues with Anti-Virus software. My recommendation is to add the game to the exclusions in Emsisoft Anti-Malware. You can either add the main Black Ops 4 executable itself to both the scanning or monitoring exclusions, or the folder Black Ops 4 is installed in. If Black Ops 4 is in your SteamApps folder, then you can add that folder to the exclusions as well. Just be sure you trust any games that are running out of that folder before you add it to the exclusions. Here's a link to information on adding exclusions in our products: https://help.emsisoft.com/en/1815/how-do-i-exclude-a-program-from-an-emsisoft-product/
  9. 1 point
    Most free security and free anti-viruses software will not protect against crypto-ransomware and hacker attacks. Using these programs only gives you a false sense of security against such infection and attacks in addition to wasting a lot of computer resources. If you do not have money to purchase comprehensive protection, I recommend to use 30-60-90 daily trial versions of paid products. In my opinion, changing protection every month and taking advantage of full security program functionality for 30-60-90 days is a good practice. There are legitimate sites that from time to time provide special offers and a legitimate license to use various products including anti-virus software. It is your right and choice to choose and use 30 days or more of comprehensive protection when such promotions are available. If you wish, I can advise you the names of such sites and provide links where to go in order to take advantage of these promotional offers. https://www.giveawayoftheday.com/ - daily software offer https://sharewareonsale.com/ - daily discounts, excluding 100% Free Office https://www.freeoffice.com/ - modern office suite fully compatible with MS Office https://www.freeoffice.com/ru/softmaker-office-hd-android - version for Android FreeOffice 2018 is a full-featured Office suite with word processing, spreadsheet and presentation software. It is seamlessly compatible with Microsoft Office and available for Windows, Mac and Linux. Becoming a licensed user in a legal way is now easy and simple! No need to download cracked and repackaged programs, no need to use illegal activation programs.
  10. 1 point
    Yes. This is new variant of Scarab Ransomware There are many variants and iterations, most of which have a common encrypter, but differ in the composition of the ransomware group. I have compiled a free decryption request for you. Most likely, decryption is hardly possible without a sample of a malicious file. https://support.drweb.com/process/?ticket=NPPH-TU22 Even if there is a sample, it is very difficult to calculate the decryption key now.
  11. 1 point
    As soon as you assign a license to a workspace, it will be moved from your personal licenses to the Workspace. All devices that use that license and are connected will stay connected. The connection with cloud is not optional in such cases anymore, as EAM uses its license This behavior is intended. When you want to remove a device from the Workspace, you can either choose another licence in EAM, after you logged in or switch to trial in About / License: change license In fact, when you remove the device from the WS, EAm should popup the change license dialog automatically, but that doesn't happen yet.
  12. 1 point
    the Ransomware need decryptor.... they removed shadow volume copy, so wont be able to restore and also encrypt the original file, so no point of using data recovery tool. Please suggest
  13. 1 point
    We have implemented this feature in Emsisoft Anti-Malware 2019.7 and current version of Cloud Console.
  • Who's Online   0 Members, 0 Anonymous, 858 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up