GT500

Emsisoft Employee
  • Content Count

    12518
  • Joined

  • Days Won

    374

Everything posted by GT500

  1. Unfortunately there's no way around this. The files used for the file pair need to be a minimum of 150 KB, otherwise they can't be used to generate a proper keystream for decryption. If the files were too small, you'd end up with incomplete decryption.
  2. That's an application error, and Windows would have logged it. That's perfectly fine. C:\ProgramData\Emsisoft\Updates is where EAM saves update files it downloads before merging them into the main Emsisoft Anti-Malware folder. In most cases it isn't needed to exclude this folder, however it can prevent issues in the rare instance where another security software may falsely detect one of our updates or otherwise prevent an update file from being copied to the Emsisoft Anti-Malware folder. That being said, I'm fairly certain that there are no instances where anything will ever execute out of C:\ProgramData\Emsisoft or any of its subfolders.
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Please note that you shouldn't post your e-mail address or other contact information publicly. Not only does it encourage spam/junk mail, but criminals do monitor our forums and will try to contact ransomware victims with fake "fixes" or "decrypters" they'll try to get you to pay for, or they'll try to extort money from you via other means.
  4. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Unfortunately those methods don't usually work, as the criminals who make the ransomware account for them and try to prevent them.
  5. More than likely not. There are too many threads about this ransomware to keep track of, or to be able to reply to all of them. Our recommendation is to keep an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  6. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente do STOP / Djvu, e seu ID é um ID online, portanto, atualmente não há como descriptografar seus arquivos. Há mais informações no seguinte link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. That means it can't find any encrypted files. File pairs won't work with newer variants of STOP/Djvu as they use RSA keys, which are impervious to most attacks.
  8. When you add them to the exclusions in Emsisoft Anti-Malware, be sure to add them to both the scanning and monitoring exclusions. If you don't, then Emsisoft Anti-Malware will still open hooks to excluded processes, and those hooks can be the cause of compatibility issues (whether a process is "monitored" or not is actually irrelevant unless the Behavior Blocker is actively blocking a process, and a notification would be displayed if that were the case).
  9. At the very minimum: a2guard.exe a2service.exe a2start.exe eppwsc.exe If you have Emsisoft Anti-Malware connected to a workspace in MyEmsisoft, then you should also exclude CommService.exe as it handles this connection. Technically if MBAM allows excluding the entire Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) then that would be best. Self-protection won't allow other programs to save files in that folder, so it's safe to exclude.
  10. Your computer isn't supposed to be restarted automatically after a scan, however that does depend on scanner settings, so if they've been changed then you may need to change the "On scan completion" setting back to "Report only".
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. You have more than one ID. This can happen if the ransomware is unable to connect to its command and control servers when it starts encrypting your files, but then manages to connect later on and obtain a randomly generated ID and public key. The decrypter will tell you the ID for each encrypted file, so you'll be able to see which files are recoverable and which ones aren't.
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. That might work if their driver stops filtering traffic or stops running on Windows startup when web protection is turned off. You'll have to confirm that with their support though, as I don't know any technical details about their software. Only if you continue to have crashes.
  18. OK. I know we made a number of performance improvements in 2020.7, so I just want to see if they have any effect on the issue you're having before we get more debug info.
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. That's a screenshot from ID Ransomware. This is the decrypter: https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. Google tarafından sağlanan çeviri: Bu STOP / Djvu'nun daha yeni bir çeşididir. Çevrimdışı bir kimliğiniz varsa, bu varyantın şifre çözme anahtarını bulup veritabanımıza eklediğimizde, dosyalarınızı kurtarabilmeniz gerekir. Ancak, çevrimiçi kimliğiniz varsa (bu daha olasıdır), dosyalarınızı kurtarmak mümkün olmayacaktır. Aşağıdaki bağlantıda daha fazla bilgi var: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. There is currently a known BSoD caused by Malwarebytes' Web Protection driver when Emsisoft Anti-Malware (EAM) is installed. Their QA team has been made aware of it, however there is no ETA on a fix (at least not that I have been made aware of). For now, please try the following, and that should allow EAM and Malwarebytes to run on the same computer until this issue is resolved: Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Go to Protection status. Select Disable Web Protection. Note that after doing this you will need to restart the computer. On Windows 8.1 and Windows 10 you will need to restart by right-clicking on the Start button, going to Shut down or sign out, and selecting Restart from this menu to bypass Fast Startup.