Jump to content

GT500

Emsisoft Employee
  • Content Count

    14149
  • Joined

  • Days Won

    447

Everything posted by GT500

  1. It would be OK if you weren't hijacking someone else's topic. I'll move your post and mine into a new topic once I've finished typing it. You will have to find the new topic yourself though, as apparently it's a violation of GDPR for me to use the "Log in as" feature on the forums to log in as you and follow the new topic for you. We remove any duplicate signatures from our own database. There's no good reason to keep a signature for something in our database if BitDefender's engine also detects it, and doing so bloats the database with redundant signatures, so every now and the
  2. This is more than likely a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. Its driver can't be loaded without administrator rights, however if you're using the standalone version (as opposed to the version bundled with Emsisoft Emergency Kit) then it should be possible to install the service with the /s parameter from an elevated Command Prompt, and then run it from a Command Prompt without admin rights as the service would handle everything in the background. Please note however that I haven't tested this recently, and functionality with regards to admin rights may have changed.
  4. The ID is a code that identifies your computer so that the criminals know what private key they should send you if you pay the ransom. I can't remember exactly what that code is, however I do know it won't help you decrypt your files. If anything on your computer could help you decrypt your files, then our decrypter would be able to do it for you. No, it's just a list of ID's that have been assigned to files on your computer. It's important for the ransomware to document this so that the criminals know if you need to be sent more than one private key when you pay
  5. Correct. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ The STOP/Djvu ransomware is only known to come from pirated downloads. In general
  6. Please see the information posted at the following link by Fabian Wosar: https://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-22#entry3593039
  7. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, t
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ One of our moderators let me know that I posted the wrong reply. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more in
  10. I don't know what variant of STOP/Djvu you have, however you can just run the decrypter. If it can decrypt your files then we have the private key for your ID, and if it can't then we don't have the private key.
  11. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  14. Unfortunately text files won't be possible to decrypt without a private key, and even with one I'm not sure if our decrypter will do it. They don't have a file header, so there's no way for the decrypter to tell what they are in order to verify that they decrypted successfully.
  15. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. We certainly recommend a backup. As for reformatting, that's not normally necessary with the STOP/Djvu ransomware as it is relatively easy to remove, however if there is the possibility of other infections on the computer then feel free to go ahead and reformat and reinstall Windows if you'd prefer to do that. Traducción proporcionada por Google: Sin duda recomendamos una copia de seguridad. En cuanto al reformateo, normalmente no es necesario con el ransomware STOP / Djvu, ya que es relativamente fácil de eliminar, sin embargo, si existe la posibilidad de otras infecciones en la
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. There is some information on repairing video files and some audio/music files available at the more information link I posted earlier. I'll paste it below:
  19. Private keys are requires to decrypt files that have been encrypted by newer variants of STOP/Djvu, and only the criminals who made the ransomware have the private keys. Until that changes, decryption will be impossible.
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu, y su identificación es una identificación en línea, por lo que actualmente no hay forma de descifrar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcion
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. Those are just encrypted files. Without the ransomware itself we can't figure out how the encryption process works.
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
×
×
  • Create New...