GT500

Emsisoft Employee
 View Profile  See their activity

  • Content Count

    13320

  • Joined

  • Days Won

    413

Posts posted by GT500

  4. Posted · Report reply

    On 10/29/2020 at 12:03 AM, NiThR0 said:

    Often this problem occurs when PC being offline some days, last time about 7 days. And after PC is on when EAM is loading it might hang with high chances.

    That's almost certainly due to the update running during startup, as it would have to update more of the database after 7 days offline than it would after only one night. You may be able to cancel the update when this is likely to happen, and then run it later after everything has finished loading.

  6. Posted · Report reply

    10 hours ago, Arik said:

    have ever any law enforcement got them?

    Some of the criminals who have made/distributed ransomware have been arrested. To my knowledge, no one associated with the STOP ransomware has ever been arrested though.

     

    10 hours ago, Arik said:

    this guy is from L.A

    No, he's not located in the United States. If he was and it was that easy to track him down, then he'd have been in jail over a year ago.

     

    10 hours ago, Arik said:

    he hacked my facebook too.

    Sometime in early 2019 the Azorult password stealer was added to the STOP ransomware, so when the ransomware runs on your computer it will attempt to steal any saved passwords on your computer and send them back to the criminals who made/distributed the ransomware. Be sure to change all of your passwords.

  7. Posted · Report reply

    16 hours ago, Andrej said:

    Is there any risk that virus can come back?

    Only if you run whatever pirated software the ransomware came from to begin with. It's also possible to reinfect the system by downloading/running new pirated software, so we recommend avoiding piracy for the safety of your computer and files.

  11. Posted · Report reply

    7 hours ago, Andrej said:

    I cleaned computer with malware software. It found as much as possible harmfull files and programs. Is it now safe to use computer and share files?

    It should be. Most Anti-Virus software can easily detect and remove the STOP ransomware. If you want a second opinion, then you can try using Emsisoft Emergency Kit to run a scan and quarantine anything it finds:
    https://www.emsisoft.com/en/home/emergencykit/

  12. Posted · Report reply

    7 hours ago, Andrej said:

    When will key be possible to decrypted?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

     

    7 hours ago, Andrej said:

    How will I be informed if there will be any solutions?

    We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/

    You can also follow the STOP ransomware support thread on the BleepingComputer forums:
    https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/

  14. Posted · Report reply

    23 hours ago, long said:

    ...  meaning that the quarantine area rescan function is used for the quarantine procedure for the traditional Anti-Virus engine to report viruses?

    Actually meaning that the re-scan feature isn't going to show any difference in detection for threats quarantined by the Behavior Blocker.

     

    23 hours ago, long said:

    The ones isolated by Behavior Blocker only need to be whitelisted by the analyst and then manually restored by the user?

    That's correct.

  16. Posted · Report reply

    53 minutes ago, long said:

    I am a Chinese user, yesterday at 0:17 (Beijing time), behavior monitoring misreported v2rayN.exe of v2rayN agent software, I made a false alarm submission via quarantine false alarm button, and at 0:20 replied me with an email: this file has been whitelisted and will be updated online in the next 15 minutes.
    But until now, after several updates, the quarantine false alarm file is still not detected by the update, and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

    Emsisoft Anti-Malware contains two separate guards that detect threats running on your computer. One is the File Guard which is a traditional Anti-Virus using two engines and databases (our own and the one from BitDefender), and the other is the Behavior Blocker which detects things based entirely on behavior (if something exhibits any sort of behavior that could potentially be malicious and it isn't a known safe application then it gets quarantined).

    Your screenshot shows that this was quarantined by the Behavior Blocker, and thus the quarantine re-scan will not show any change in its detection (the re-scan only uses the on-demand Anti-Virus scanner and changes to the Behavior Blocker's whitelist won't be reflected in the re-scan). Just restore it from quarantine, and if our malware analysts whitelisted it then it shouldn't be detected again.

     

    57 minutes ago, long said:

    There is another false alarm: Panda.exe from the Panda Proxy software. I also received a false alarm via the Quarantine False Alarm button and was sent a reply to the email, but after several updates, the quarantine false alarm file is still not detected by the update and my manual rescan of the quarantine file still says that the quarantine is not a false alarm.

    This was also detected by the Behavior Blocker.

  17. Posted · Report reply

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  18. Posted · Report reply

    11 hours ago, GOGAEU said:

    The public key used for encryption is this one: 6N5r9nDQfSRh5JQhBBCw1kMaQbcnOKtXUu6LD4Wk

    That's not a public key, it's an ID. It's used as a form of identification, so that when you pay the ransom the criminals know what private key to send you.

    As for the ransomware, it's a newer variant of STOP/Djvu and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  19. Posted · Report reply

    12 hours ago, Ujjwal Pratap singh said:

    Sir I am waiting for decrypt my files . Does you get the id if not then how much should I wait please email me  ***********

    Please don't post your e-mail address publicly, or ask other to contact you privately. Scammers and other criminals will take any opportunity they can to try to trick you into sending them money or personal information.

    As for you files, assuming they were encrypted by the STOP/Djvu ransomware, please see the information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  20. Posted · Report reply

    23 hours ago, Anku said:

    Those virus have online ID, and that means it's impossible to recovery my files.

    Correct. It means the public key your files were encrypted with was randomly generated, so the private key to decrypt your files will be unique, and since only the criminals who made/distributed the ransomware have the private keys there's no way we'll be able to decrypt your files.

  22. Posted · Report reply

    6 hours ago, victorh said:

    We have been infected with ransomware and would appreciate any help.
     
    Files are completely renamed, see below for example.
     
    [[email protected]].1Kjl9LDj-pBtpAC4a.SNTG
    [[email protected]].1jvX1Qaa-zeLcJ0dv.SNTG
    [[email protected]].1AdtWzPV-IivcBY9w.SNTG

    That fits the extension format for the Matrix ransomware, which isn't decryptable without paying the ransom.

  24. Posted · Report reply

    18 hours ago, ASHKAN said:

    Someone suggested this method to me.  what is your opinion?

    Don't trust random videos, instructions, or offers for help that you find online. Most of them aren't real, or will only help in very specific cases. If you're expected to pay for file recovery, then it's a scam (especially if they guarantee recovery), as no one except the criminals has access to the private keys needed to decrypt your files.