GT500

Emsisoft Employee
  • Content Count

    10944
  • Joined

  • Days Won

    311

GT500 last won the day on January 19

GT500 had the most liked content!

Community Reputation

610 Excellent

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

49429 profile views
  1. Offline public keys are embedded into the ransomware itself for use in encryption. Offline private keys can be found in decrypters sent by the criminals to those with offline ID's who have paid the ransom. The decrypters are only available to us when the victims with offline ID's who have paid the ransom send them to us. Once we have an offline private key, we add it to our database so that our decrypter can use it.
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. First and foremost, always make sure you have the latest security updates for everything (especially Windows and your web browsers). Also, if you have plugins/extension installed for your web browsers that you don't use or don't really need, then uninstall them. Especially Adobe Flash, Java, and Adobe Acrobat Reader as those are probably the three most exploited plugins in existence. Note that if you need to keep Java, but don't need the plugin for your web browser, you can configure Java settings to disable Java in your web browsers. Use a paid Anti-Virus software. Most of them have free trials, so feel free to find one you like. We offer a 30-day free trial of Emsisoft Anti-Malware if you'd like to try it. Don't download anything from sources you don't know you can trust. STOP/Djvu usually comes from pirated software and fake movie and music downloads, however there are other threats that come from many different sources (fake/malicious e-mails, ads in websites, shady download sites, compromised websites, etc). Always use an ad blocker in your web browser. We usually recommend uBlock Origin since it tends to be more efficient. Note that it only officially supports Firefox, Google Chrome, and Opera (although there is a third-party port for Microsoft Edge and the Google Chrome version works in Vivaldi). Make regular backups of all files, however keep in mind that if the computer has access to the backups then so does the ransomware. For that reason, I always recommend saving backups on some sort of removable media (USB flash drives, USB hard drives, tape drives, etc) so that you can leave the backups disconnected when not in use. Note that most companies that have a backup policy that involves using removable media also use multiple drives, that way they can use a different drive for their backups every day (at least for a few days until they start over again with the first drive). Also note that many consider cloud storage to be a good alternative as well, however there have been cases where criminals have compromised systems to manually infect them with ransomware, and have logged in to the cloud backup system and manually deleted all backups, so this method isn't necessarily the safest either. You can find more security tips at the following links: 7 steps you can take this weekend to protect your data and boost your privacy How to protect your company’s backups from ransomware Protection Guides
  4. That's a newer variant, so unfortunately we'd need to know your private key to be able to decrypt your files, and the criminals keep the private keys in a database that no one else has access to (so there's no way we could get it).
  5. That's a driver, so the most likely culprits would either be an infection or your Anti-Virus software. If you download the following ZIP archive, are you able to extract it? It's the exact same thing, just in a ZIP archive instead of a self-extracting RAR archive. https://dl.emsisoft.com/EmsisoftEmergencyKit.zip
  6. It's possible that the Windows Security Center doesn't delete those registry entries. I know there are some entries created by Windows that don't get deleted when you uninstall software, however I don't have a list of all of them, so someone from Microsoft might have to explain the functionality there.
  7. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. It's not necessary to reinstall Windows, as most Anti-Virus software will remove the STOP/Djvu ransomware, including our free (for home/non-commercial use) Emsisoft Emergency Kit. Granted you can reinstall if you'd like to. I recommend making a backup of your encrypted files first, so that you can keep them somewhere safe in case they can be decrypted at some point in the future.
  9. You don't need to reformat your computer's hard drive. Most Anti-Virus software will remove the STOP/Djvu ransomware, including our free (for home/non-commercial use) Emsisoft Emergency Kit. Of course, removing the ransomware doesn't decrypt your files. Assuming your encrypted files have an online ID, there's nothing we can do to help with decryption since .domn is one of the newer variants that uses RSA keys.
  10. There's more information available at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. @Sturm have you tried adding an exclusion for il-2.exe to see if that has any effect on the issue? I keep my entire Steam folder excluded, as there are some games that don't respond well to the hooks Emsisoft Anti-Malware opens (Garry's Mode for instance). If you'd like to try it, then here's how: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Exclusions in the menu at the top. The exclusions section contains two lists (Exclude from scanning and Exclude from monitoring). Look for the box right under where it says Exclude from scanning. Click on the Add File button right below the Exclude from scanning box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Scroll down to the box under Exclude from monitoring and click the Add File button right below that box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Close Emsisoft Anti-Malware. Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen.
  13. Full/complete memory dumps are always preferred when dealing with a BSoD. Sometimes minidumps are OK, however there are plenty of times where they don't contain enough information to be certain about what happened. Correct. When you do have a memory dump for us, I recommend encrypting it when you ZIP it (or RAR or 7z if you prefer), and send me the password in a private message. It will, after all, contain everything that was in memory when the computer crashed.
  14. Emsiclean doesn't look for this particular registry key. It's created by the Windows Security Center, and its presence probably means that there was some issue when the uninstaller tried to unregister Emsisoft Anti-Malware from Security Center monitoring. I would believe that FRST can remove registered Anti-Virus providers, however you can also try reinstalling Emsisoft Anti-Malware and uninstalling it (optionally you can disable the "Windows Security Center integration" in the advanced settings in EAM before uninstalling again). If you would rather try it with FRST, then you can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.