Jump to content

Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      142

    • Content Count

      14249


  2. Amigo-A

    Amigo-A

    Member


    • Points

      63

    • Content Count

      1567


  3. stapp

    stapp

    Global Moderator


    • Points

      14

    • Content Count

      3618


  4. Frank H

    Frank H

    Emsisoft Employee


    • Points

      13

    • Content Count

      1769


Popular Content

Showing content with the highest reputation since 06/15/20 in Posts

  1. Note: It is recommended to make a backup of all important files before using the decrypter. Link to decrypter download page. <- The decrypter will tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is online or offline. Link to instructions for using the decrypter (PDF). Link to "file pair" submission form. Link to more information about the decrypter. <- Article at BleepingComputer.com Link to more detailed information about STOP ransomware (covers more than just STOP/Djvu). <
    5 points
  2. Everything is clear, except the parts that are in Russian. I'm going to send you a private message with some instructions.
    3 points
  3. Do you mean this Minimalist? https://support.emsisoft.com/topic/33516-why/?
    2 points
  4. Because the decrypter already supports it. The reason it can't decrypt files encrypted by this newer variant is due to the fact that we don't have the private key for it's offline ID. We have to wait for a victim with an offline ID who paid the ransom to donate their private key to us.
    2 points
  5. Hello, The posts you found are more than 5 years old. In terms of security software that means the information there is severely outdated. In the past years considerable changes have been made to our products and currently Emsisoft Anti-Malware protects against fileless malware. Fileless malware detection has nothing to do with the reputation settings you asked about; our behavior blocker routines were adapted to adequately detect and block fileless malware a few years ago.
    2 points
  6. The issue appears to be due to non-Latin characters in workspace names. We're implemented a workaround for this, so hopefully that resolves the update issues.
    2 points
  7. We've found a minor difference in the ransomware from what we've seen previously that effected brute forcing the key, however we were able to do it manually. Use this key file along with the decrypter (put them in the same folder and run the decrypter): https://gt500.org/emsisoft/forum_files/2020-09-18/radansya/decryption.key
    2 points
  8. The guy in the video is basically just saying that if you pay the ransom you'll get your files back. The video, and any information in it, are utterly useless.
    2 points
  9. EAM's debug logging (which is completely different from the Forensic log) creates a lot of extra log data. It's a continual trace of what EAM is doing internally. It has to be on before the problem happens so that those logs show the logic of what EAM was doing when it hit the problem, and what it did next. Some people (me, for example) almost always have debug logging on... but I stop and start it every three or four days and throw away the accumulated log files. However whenever I have a problem I already have the logs to send to Emsisoft. Debug logging will slow your machine down
    2 points
  10. I can't make any guarantees that we'll leave a message here if someone does make a decrypter. It's probably best to follow BleepingComputer's ransomware news, as they are a reasonably reliable source for such news.
    2 points
  11. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There is no way to know for certain, however it is theoretically possible that someone may be a
    2 points
  12. In theory it's possible. If private keys are released that be can use to decrypt files, or if someone finds a vulnerability in the way the ransomware encrypts files.
    2 points
  13. This information may help specialists. I have added even more samples on my article. We will try to analyze all incoming samples in the hope that something will change. You need to collect all encrypted files. If decryption becomes possible, information will be published and you will receive a message from support specialists. A rare specialist works on weekends. I work daily, but unfortunately my strength and desire to help you is not enough to decrypt.
    2 points
  14. In the sample, that encrypts files with the .avdn extension, there is no code from the real MedusaLocker Ransomware. There is a small piece of code in the another sample that adds a 'random' extension to encrypted files, but this piece is not base. He is well defined by antivirus engines as Avaddon Ransomware.
    2 points
  15. DrWeb support usually do not use international names of ransomware.
    2 points
  16. Results of checking your files: https://id-ransomware.malwarehunterteam.com/identify.php?case=9da99e33569fe0af64a43b520f35bababd09ad3c https://id-ransomware.malwarehunterteam.com/identify.php?case=2e2e29f85fe2918c33683e2faeade22e51cf81ec https://id-ransomware.malwarehunterteam.com/identify.php?case=2f1a3356c8705f995285ab41e9456bc61f11d20e
    2 points
  17. Hello. Information was sent to virus monitoring team, please, wait for reply. I received such a message from Dr.Web specialists. They are working on decryption.
    2 points
  18. This is the general all decryptors page from Emsisoft. There is no decryptor for files encrypted by this ransomware yet. https://www.emsisoft.com/ransomware-decryption-tools/free-download
    2 points
  19. I must say more precisely -> You trust Emsisoft Personally, I only help a little to unmask the ransomware.
    2 points
  20. The ransomware doesn't need to put important information on the same hard drive/partition as the files it encrypted. This is why I recommend waiting to reinstall Windows.
    2 points
  21. Don't reinstall Windows until we know for certain what is needed to decrypt files. If there is something other than what's contained in the encrypted files and the ransom notes that's necessary for decryption, then you could wipe that out by reinstalling Windows, thus making it impossible to decrypt your files. For now just rely on Anti-Virus software to clean up the system. If you're not certain if it's clean, then let us know, and we can assist you.
    2 points
  22. Specialists of several companies (Emsisoft, DrWeb) are working on decryption of files that are encrypted by Avaddon. There are currently no decryptors and successful decryption methods without paying a pay for ransom.
    2 points
  23. I am waiting for the verification results. I have provided samples of files and malware, it remains to wait and hope. It is worse when they immediately say that "decoding by our forces is impossible."
    2 points
  24. My WSC does not recognise EAM either. Recommending that we should "uninstall EAM, restart the PC twice, and then reinstall EAM", on top of having to constantly disable and re-enable EAM components to deal with the still unfixed issue of excessive CPU usage, is uncceptable for a piece of software that is not exactly cheap.
    2 points
  25. Ransomware infections are unique in many ways. Most importantly, a lot of the natural instincts which are usually correct when dealing with malware infections can make things worse when dealing with ransomware. Please see the following steps as a guideline when dealing with your ransomware infection. Do not delete the ransomware infection The natural instinct of most users is first to remove the infection as quickly as possible. This instinct is, unfortunately, wrong. In most cases, we will require the ransomware executable to figure out what exactly the ransomware did to your files. Fi
    2 points
  26. That upload form is only for older variants of the STOP/Djvu ransomware. It doesn't work with newer variants, since they use RSA keys.
    1 point
  27. No. Encrypted file - a file with OMFL extension. Original file - an unencrypted file that has not yet been encrypted. The ransom note _readme.txt is not needed here.
    1 point
  28. I use Emsisoft and Wise Vector together without any problems. Works well for me
    1 point
  29. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  30. We’ve just released Emsisoft Anti-Malware 2021.2.0.10670 beta. You will have to enable beta updates to get this version. Fixed: Rare Workspace disconnect issue.
    1 point
  31. That usually means the decrypter was able to decrypt the file. Was there any other output?
    1 point
  32. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  33. We found the issue, thanks to the logs @JeremyNicoll sent me last night. This happens when you have enabled notification "Application restarts". (Disabled by default) When an app restart is required, like yesterday, and you do not touch the notification and the counter goes down to 0, no app restart is performed We will fix this in the upcoming 2021.1 version;
    1 point
  34. I think it had to do with when our reporting service would attempt to report EAM's status to WSC.
    1 point
  35. You'd just make things worse. You can't remove the encryption without the private key, so all you'd do is double-encrypt the files, and risk corruption the original encryption that was applied by STOP/Djvu (thus potentially making files unrecoverable).
    1 point
  36. We thought this was fixed. With no one reporting that the issue was still happening, we had no way to know it was still a problem. We're going to need to know which process is using too much CPU time. If you're on Windows 10 then please be sure to switch to the Details tab in Task Manager so that you can give us a process name that ends in .exe rather than one of the "friendly" names that appear on the Processes tab. We will also need debug logs from anyone still having this issue. Here's how to enable debug logging: Open Emsisoft Anti-Malware. Click on the little gear icon o
    1 point
  37. Have you tried our decrypter yet? https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Does it say your files have an online ID or offline ID? For files with offline ID's it will probably start decrypting them without requiring you to do anything else, assuming we have the private key for that variant's offline ID. For files with an online ID, you'll have to supply file pairs to our online submission form. There's more information at the link above.
    1 point
  38. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    1 point
  39. Did you try another file pair?
    1 point
  40. Hello @KawkaGaming, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to an
    1 point
  41. There's only 1 offline ID for the .nile variant, so anyone with an offline ID has the same ID. The odds of getting your files back are good, but it will have to wait until another victim with an offline ID pays the ransom and donates their private key to us.
    1 point
  42. We have just released EAM 2020.7.2 to the Delayed update feed. We skip version 2020.6. 2020.7.2 is a stable version and it resolves the disconnect issue from Emsisoft Cloud Console.
    1 point
  43. @Raynor did you check the new column chooser yet ? Sortings are saved now.
    1 point
  44. Hallo, Ich weiss nicht, ob Chip.de was gemacht hat oder etwas reingeschmuggelt hat. Ich verwende GeekUninstaller selber, habe das aber direkt von https://geekuninstaller.com/ runtergeladen und installiert ohne Probleme. Bitte laden Sie es von da runter. Gruß Claude Bader
    1 point
  45. No. The files aren't locked or infected. They're encrypted. They need to be decrypted. The only way to do that is with the private key for your ID, however only the criminals have that. All you'll succeed in doing by reinstalling Windows is spending a bunch of time setting up your computer again.
    1 point
  46. Our analysts believe the ransomware is secure, and that we will not be able to make a decrypter for it.
    1 point
  47. I don't think you were incorrect, I just think you'd didn't know about how it works Taken from here, have a little read. https://www.online-tech-tips.com/windows-7/run-old-programs-in-64-bit-windows-7-with-compatibility-mode-options/
    1 point
  48. For you it may "little",but for us your and emsisoft's service always biggest. And sir please,can you react to my previous questions? Please sir I'm expecting your answer.
    1 point
  49. Hello Sir, I am from India, here most of the innocent peoples who don't know even about the basics of computers. its my parents laptop they know only copy and past. it got affected by .lokd on behalf of all the innocent peoples, i am putting my humble request to you to sort out this issue as soon. thank you. Your personal ID: 0212Asd4a7d6ZHwhSWv4UBPdta8bPx4MWySjbd1cTioHb6WL3Bt1
    1 point
  50. @SalasKafa Try running the decryptor again; we may have just received a key for that ID recently. 😉
    1 point
  • Who's Online   0 Members, 0 Anonymous, 158 Guests (See full list)

    There are no registered users currently online

  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...