GT500

Emsisoft Employee
  • Content Count

    9085
  • Joined

  • Last visited

  • Days Won

    248

GT500 last won the day on January 4

GT500 had the most liked content!

Community Reputation

495 Excellent

3 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Indiana, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

45771 profile views
  1. GT500

    TFUDE Attack

    Michael Gillespie has updated his STOP ransoware decrypter to support this ransomware, however please note that it will only work if the ransomware was unable to contact its Command and Control servers when it encrypted your files. Please see the following links for more information, and please be sure to read the information carefully: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-21#entry4667165 https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-23#entry4668025
  2. GT500

    Ransomware attack - .hdhjkoqdu

    This appears to be a variant of GandCrab: https://id-ransomware.malwarehunterteam.com/identify.php?case=4f7c25939d03c77bb8e8910851058422bc0ce19b This particular extension looks new, so I will try to confirm that for you.
  3. GT500

    KEYPASS Decryptor

    It's possible that Dr.Web may be able to help decrypt your files, however please note that they require you to have a license for their business Anti-Virus software before they will do this. One of their resellers (Emmanuel from ADC-Soft) has offered on the BleepingComputer forums to assist people with contacting Dr.Web to determine if their files can be decrypted. His information can be found at the following link: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-2#entry4612610 Note that as a reseller Emmanuel does make money selling you the license that Dr.Web will require you to have in order to take advantage of their decryption service.
  4. GT500

    Ransomware attack - (.DJVUR)

    @washingtonbg If you don't know English, then feel free to run this through Google Translate or Bing Translator: https://translate.google.com/ https://www.bing.com/translator If the ransomware was unable to contact its Command and Control servers when your files were encrypted, then it is possible to recover the files with Michael Gillespie's STOP decrypter. There is more information at the following links: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-21#entry4667165 https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-23#entry4668025 Please be sure to read those carefully before trying the decryption tool.
  5. You're welcome. Hopefully SoundCloud can help you get the issue sorted out.
  6. GT500

    Unable to re-Install Emisoft

    Could you click on the option for a free trial or to sign in with your My.Emsisoft account?
  7. It's best not to keep old configuration information from older versions of EAM, which is why EAM behaves the way it does.
  8. GT500

    Is this legitimate ?

    The information you're looking for is in the following forum topic:
  9. GT500

    Ransomware attack - (.DJVUR)

    You can contact Michael privately on BleepingComputer, Twitter, or on our forums: https://www.bleepingcomputer.com/forums/u/726225/demonslay335/ https://twitter.com/demonslay335 https://support.emsisoft.com/profile/44427-demonslay335/
  10. GT500

    Cry128 (maybe) decrypt tool

    Actually, now that I take a closer look, I see the file you attached to your post had both the ransomware note and an encrypted file. The ransomware isn't Cry128. It's Cry36: https://id-ransomware.malwarehunterteam.com/identify.php?case=f9053f58e498cdeb514438293472248bf6e85819 There's no known way to decrypt files that have been encrypted by Cry36 without first obtaining the private key from the criminals who created/distributed the ransomware.
  11. GT500

    Cry128 (maybe) decrypt tool

    I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  12. As I understand it, it is supposed to select the folder that was used last. It doesn't auto fill folder names.
  13. GT500

    Ransomware attack - (.DJVUR)

    Michael Gillespie made a decrypter for this ransomware, however please note that it only works if the ransomware was unable to contact its Command and Control servers when it encrypted your files. A detailed explanation (including a download) is available at the following link: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-suspended-yourdatarestore-txt-support-topic/page-21#entry4667165
  14. Do you have any other extensions installed? You can try disabling them as well, and see if it makes any difference. If it does, then turn them back on one at a time to see which one causes it.
  15. Try changing the scaling settings for a2start in the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware). Right-click on a file, select Properties, switch to the Compatibility tab, and click the Change high DPI settings (you may need to click the Change settings for all users button below that before you can change the DPI settings). The "High DPI scaling override" setting should be what you're looking for. Note that changes to scaling settings will not take effect in EAM until you log out of Windows and log back in.