Jump to content

Leaderboard

  1. GT500

    GT500

    Emsisoft Employee


    • Points

      4

    • Content Count

      14232


  2. Amigo-A

    Amigo-A

    Member


    • Points

      3

    • Content Count

      1431


  3. stapp

    stapp

    Global Moderator


    • Points

      2

    • Content Count

      3608


  4. Elise

    Elise

    Emsisoft Employee


    • Points

      2

    • Content Count

      8439


Popular Content

Showing content with the highest reputation since 04/18/21 in Posts

  1. Do you mean this Minimalist? https://support.emsisoft.com/topic/33516-why/?
    2 points
  2. It is important that no new encryption occurs. To do this, you can install any antivirus product of the Internet Security class, which provides a trial period of up to 1 month, with a full set of protection. For example, Emsisoft Anti-Malware After a month, you can install another AV and also for 1 month for free. After a while, you can choose the best one, in your opinion.
    1 point
  3. Actually our exclusions support wildcards, so a path like the following should work: %TEMP%\????????-????-????-????-????????????\pro*.exe The question marks are a form of wildcard and each takes the place of a single character, unlike the asterisk which will match with more than one character at the same time. Assuming that the number of characters is always the same then it should work just fine. To add that exclusion, if you're not using the management console via MyEmsisoft, then just add a monitoring exclusion for a program (it doesn't matter which one), then click on the new r
    1 point
  4. I assume that when you run one of the .exe files shown in your first screenshot it unpacks another .exe, then runs that. The problem is that the second .exe - in a subfolder of \temp\ is the one that gets the BB detection. I expect that the subfolder has a different random name every time something is unpacked. There's probably not a satisfactory solution, since although you could set up an exception for files in \temp\, that's a really bad idea because malware is also quite likely to get unpacked and run there and if that happens you definitely want to know about it. Sometimes
    1 point
  5. Emsisoft Mobile Security should automatically use the language on your device. To change the language of the Bitdefender Mobile Security interface, go to your device’s Language & keyboard settings and set the device to the language you want to use. Let me know if you have trouble.
    1 point
  6. It would be OK if you weren't hijacking someone else's topic. I'll move your post and mine into a new topic once I've finished typing it. You will have to find the new topic yourself though, as apparently it's a violation of GDPR for me to use the "Log in as" feature on the forums to log in as you and follow the new topic for you. We remove any duplicate signatures from our own database. There's no good reason to keep a signature for something in our database if BitDefender's engine also detects it, and doing so bloats the database with redundant signatures, so every now and the
    1 point
  7. Thank you for your kind feedback! We're glad to hear all the files were properly detected. If there are any missed files you can always report them in the appropriate subforum by following the steps here:
    1 point
  8. There is also a good article on drive-by downloads here. https://blog.emsisoft.com/en/38301/drive-by-downloads-can-you-get-malware-just-from-visiting-a-website/
    1 point
  9. I can only add that 'Crackithub.com', 'kmspico10.com', 'crackhomes.com', 'piratepc.net' are some of the STOP Ransomware distribution sites. Any program downloaded from there can be infected with this ransomware. Moreover, if you run the same malicious file again, the malware may receive an update and the files will be encrypted with a newer version. Independent experiments show that these sites also distribute other ransomware, so files can be encrypted by several different encryptors, and the encryption can be looped. We have seen samples of encrypted files that were encrypted every ti
    1 point
  10. Everything you need to know about our decrypter is at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Some file repair software may be able to recover certain types of files which are more tolerant to missing data at the beginning of the file, such as videos and some music/audio files.
    1 point
  11. It's normal for KMS/KMSpico to install the STOP/Djvu ransomware. We already have as many samples of the ransomware as we'd like, but I have forwarded the URL to our malware analysts for blacklisting if they deem it dangerous.
    1 point
  12. The ID is a code that identifies your computer so that the criminals know what private key they should send you if you pay the ransom. I can't remember exactly what that code is, however I do know it won't help you decrypt your files. If anything on your computer could help you decrypt your files, then our decrypter would be able to do it for you. No, it's just a list of ID's that have been assigned to files on your computer. It's important for the ransomware to document this so that the criminals know if you need to be sent more than one private key when you pay
    0 points
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
    0 points
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...