GT500

Emsisoft Employee
  • Content Count

    12543
  • Joined

  • Days Won

    375

Posts posted by GT500


  1. 8 hours ago, Blkrt said:

    Sir, I sent a request to this page https://legal.drweb.com/encoder/?lng=en and attached my encrypted files which got infected by avaddon but they said that files got encrypted by 'Medusalocker' And can not decrypt them whereas my files have '.avdn' extension.

    What's the problem? I can not decrypt my files? 

    Thank you in advance

    It's possible your files were encrypted by one ransomware, and then encrypted by another as well. We wouldn't be able to tell for certain without seeing an encrypted file and a copy of the ransom note.


  2. 14 hours ago, Cameron said:

    No key for New Variant online ID: MUCsWoP9jLzT767KdseQoVzEckhuq435vVJacM8v
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  3. 17 hours ago, donisori said:

    mypc has infected virus .usam

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  4. OK, let's get some debug logs when you have a chance. Here's what to do:

    1. Open Emsisoft Anti-Malware.
    2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
    3. Click Advanced in the menu at the top.
    4. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day.
    5. After that, close the Emsisoft Anti-Malware window.
    6. Reproduce the issue you are having (start a download with your download manager, and confirm high CPU usage).
    7. Once you have reproduced the issue, open Emsisoft Anti-Malware again.
    8. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles.
    9. Click on the button that says Send an email.
    10. Select the logs on the right that show today's dates (if you try to send too many logs, then we may not receive them).
    11. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
    12. If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
    13. Click on Send now at the bottom once you are ready to send the logs.

    Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.


  5. 13 hours ago, Paul.R said:

    For example if a program try to modifies hosts files, Emsisoft will block this action ? It's Behavior Analysis try to block the program to execute that command of modifying hosts files?

    I don't think it does, however please note that it isn't possible for an application or script to modify the HOSTS file unless it has administrator rights, and you should never allow an application you do not trust to run with administrator rights.

    • Thanks 1

  6. 17 hours ago, Superman ABD said:

    Sir, is this purchase essential one?

    Because I already purchased another antivirus after the attack and it has long time to expire.

    Won't they release the decryptor only?

    Dr. Web does not release free decrypters. Their ransomware decryption service is strictly a paid service, however they will at least let you know if your files can be decrypted before they require you to pay anything.

     

    17 hours ago, Superman ABD said:

    Sir. I have no unencrypted original files.because whole of my files have been encrypted by AVADDON.

    What can I do sir?

    If they do require a file pair, then you'll need to find one. Try to remember if you ever sent any files to others (via e-mail, file sharing services, etc) or if you ever saved them to any kind of external media (CD's, DVD's, USB flash drives, etc).


  7. 11 hours ago, Peter Nowell said:

    I have windows 10 installed and up to date. After the free installation of EEK compatibility says 8.

    Our software is not compatible with Windows 8. We dropped all support for Windows 8 a couple of years ago.

    Could you take a screenshot of the message you're seeing, and post it here? You can paste it right into the reply field.


  8. 16 hours ago, andrewek said:
    I have MBAM in my system, but only as a scanner on demand.
    However - the system has a service and driver from this program. I have not configured any mutual exclusions.
    I hope this is not necessary?

    It's probably necessary, however you'd have to ask Malwarebytes support to be certain (I'm not familiar with their current software versions).

     

    10 hours ago, MJmusicguy said:

    @GT500 tagging you in this hi everyone, as i am consistently checking and see ere is a new Malwarebytes version 4.1.2.73 component update 1.0.972 this must be manually checked for and updated  in settings one once the inital update is complete malwarebytes will then request a full program update do so let see if this fixes our bsods?

    I'm fairly certain it's too soon for them to have fixed the BSoD, as the day before that update was released I was told they were still investigating the cause. Unless it was a really simple fix then that's just not enough time to implement a fix, test it internally, push it out to beta for volunteers to try, gather feedback, fix any remaining issues, release a new beta, and then push it out to stable once it's deemed satisfactory.


  9. 4 hours ago, JeremyNicoll said:

    Which current beta?   The one we've been running for days, or the one released 15 minutes ago?   (it's a bit soon to say for the latter.   For the former, yes it was still not perfect, as I reported on the Beta forum.)

    We just released 2020.7 stable, and the new beta (which was moved to stable a few minutes ago) should have had extra fixes for performance issues.

    https://blog.emsisoft.com/en/36400/new-in-2020-7-new-rdp-attack-alerts-new-notifications-system/


  10. 5 hours ago, Dimis said:

    Yes. I have a docx pair (about 4.8 mb) but with .verasto extension. I think is the biggest. All .hrosas docx files are less than 100 kb

    Send us the largest file pairs you have with .hrosas extensions, and we'll try too add keystreams for them. The decrypter won't be able to decrypt anything larger than your file pairs, but anything smaller should be fine.


  11. 3 hours ago, Kimiyomi said:

    Your personal ID:
    0217OIWojlj48yF7lwWtgoQNzGeF0qDBtk6Z57nEdsQOfuUCZPSn2

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    3 hours ago, Kimiyomi said:

    email me please if you can resolve this

    Our forums are monitored by criminals who make ransomware, so you shouldn't ask people to contact you privately to offer help. If anyone does contact you privately, the don't follow any advise they give you.


  12. 14 hours ago, Jayeh said:

    I tried to contact them and they sent me this mail

    The information they gave you is fairly typical. Most ransoms like this are expected to be paid in bitcoins.

    Obviously we don't recommend paying the ransom, however we also understand that you have to do what you feel is necessary. Just be sure to ask them to decrypt one file for you to demonstrate that they can do it, that way you know in advance that their decrypter works before you pay them anything. If they can't decrypt one file for you then it's best to assume it's a scam, and cease all contact with them.


  13. 17 hours ago, Ravinder said:

    My last question is should i keep hope of ever recovering my files in future to .npsk online ID DECRYPTION.

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  14. 18 hours ago, MOBA Victim said:

    Hi all,

             If you read this post I believe you are the victim of this .moba virus . I had been trying to find a solution to decrypt/recover my file but as of now there is no solution to this .moba virus. I want to invite each and ever individual to share any soulution if you found one i will do the same thank you

    Please be careful. Criminals who make ransomware do monitor our forums, and they will take any opportunity to contact you and try to get you to follow their advice, often offering "paid" help or fake "solutions" or "decrypters" that make things worse for you.

    For your safety we recommend only following the advise of experts, and we also recommend not communicating privately with other victims. If someone does leave advise publicly, please allow experts time to evaluate it and comment on it before trying it.