GT500
-
Content Count
11432 -
Joined
-
Days Won
330
Posts posted by GT500
-
-
4 hours ago, rjrage said:Hi! My files are encrypted with .opqz. Here is my personal ID: bWfZNVj3frlFlxu2UmbR0fIpuFnKhRIelpgqy5rp. Please help me. Thank you
This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/4 hours ago, No name said:Your personal ID:
0216OIWojlj482sfhvaHZRQBH60tTs45GjjQvqbUlsZsuQQBzdMkTThis is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
You're welcome.
-
23 hours ago, stapp said:I can confirm that EEK build 10065 folder on Win 10 will now delete via right-click
Awesome. 👍
-
3 hours ago, grayskull said:Are you using Magicspam filter?
For me, I receive the OTP within 5 minutes. Just need to refresh the inbox.
It's not his filters, it's his service provider. We have logs of the rejection errors.
-
9 hours ago, DDE_Server said:Does it have some sort of key-logger protection.
Yes, the Behavior Blocker will be triggered by any unknown applications that exhibit keylogger activity, and it will automatically quarantine them.
9 hours ago, DDE_Server said:unfortunately unlike other other vendors internet security suites it has not a dedicated banking protection browser or module such as secure input in kaspersky or safe pay in Bitdefender or protected hardened browser such as in ESET.
We used to make a firewall software called "Online Armor", and it had a "Banking Protection" feature. Such things are generally just marketing gimmicks relying on existing protection mechanisms, with one or two unnecessary extras thrown in to make the protection sound like it's better than it really is.
-
3 hours ago, grayskull said:Arthur, to prevent this from happening again, the installer should check what processor the device has.
The issue was already reported to QA before this topic was posted, and I'm sure that it will be resolved as soon possible.
Of course we also need to give those who have already run into this issue a way to repair their computers without needing to reinstall Windows or hire a tech to do it for them.
-
3 hours ago, grayskull said:What @Elise could do for this is to not add detection for the whole folder and only detect the known malicious files dropped by the PUP inside it
The problem is that those malicious executables can change (there are often multiple versions of the same PUP, just like there is with any software) and detection rules have to be updated for every version of the files. Since they tend to use the same folder, and no other legitimate software does, the folder name is traditionally considered the proper way to detect it (not only by us but by other companies as well).
-
Windows has a fairly decent firewall these days, but if you really want something else than you can look into pfSense. If you have an old computer with a 64-bit processor and at least two network ports, you can download their Community Edition and use it to turn that old computer into an enterprise class firewall.
-
2 hours ago, opqzhelpmeplease said:i need help to decrypt .opqz files too please!
This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
12 hours ago, Sameet Patil said:No key for New Variant online ID: 1d8aXwoL13uOjbQmTNgTp7FRccPEuiNb9WjBbvlE
Notice: this ID appears to be an online ID, decryption is impossibleThis is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
5 hours ago, newDady said:Your personal ID:
0216OIWojlj48w8 PwPzdcTrVbRVO8ppZ2dj1SNUftU59dD51o5RxAThis is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
5 hours ago, Audrish said:Should I wait for the decryptor to release?
No new decrypter will be released. If law enforcement is some day able to catch the criminals or at least gain access to their database server and release their private keys, they we will be able to add them to our database used by our decrypter.
4 hours ago, Audrish said:Thanks a lot, I'm re-installing windows asap
Normally I would say that's not necessary with this particular ransomware, however your computer was very infected (with a lot more than just ransomware) so I think that's probably a good idea here. Just be sure that you don't use pirated copies of Windows, and definitely don't use KMS/KMSPico since it is known to install the STOP/Djvu ransomware at least occasionally.
-
It looks like there's nothing we can do with the small files. They need to be at least 150 KB, otherwise you'll end up with corrupted files after decrypting.
-
4 hours ago, newDady said:the new decrypter tool is not working.
What version of Windows did you encounter this error one? What version of the .NET Framework is installed on the computer? Have you tried downloading the latest version of the .NET Framework from Microsoft and installing it, then running the decrypter again?
-
@Van it's definitely Megalocker. ID Ransomware can't identify it because the encrypted files have no file marker, so it requires a ransom note for identification.
The ID in your ransom note doesn't match any we have keys for, so we won't be able to decrypt your files. We were never able to obtain any more keys for Megalocker, so anything newer than our original decrypter release we can't decrypt.
Be sure to reset your NAS back to its default configuration (you may also want to flash the firmware to be on the safe side and then reset it again), and then reconfigure it. Make sure that no ports are forwarded to the NAS from your router, make sure that UPnP is disabled in your router (it is not safe), and make sure that there is no guest account configured on your NAS (if one exists then it should be possible to disable it).
-
10 hours ago, vBot00 said:0190Asd374y5iuhld8UeiJJ0GsRmAWegIINOKZwRBHi9ZI9FBSeiqqINM
This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
The only one I was able to add was the Word document, so you should be able to decrypt those now at least. Most of the rest of the files were too small for me to add, and the JPG image wasn't a valid file pair (the file sizes didn't match).
I'll ask the developer who made the decrypter if he can do anything with the files that are too small, but it would still be best if you could find other file pairs with a larger file size.
-
18 hours ago, Van said:I Emsisoft, attached file you will find a crypted an the uncrypted version of a picture, from my WD NAS which has been infected by MegaLocker.
I'm on a Mac computer, so I believe that it was done through Samba, the 13th of March 2019.
I don't know if it will help but, I really want to get my family pictures back, and maybe I should send the same content to Western Digital to see if they can help?
Maybe I should also share to BleepingComputer ? I don't care spending 250$ to get those pictures back, but as you recommend, I won't till I think there is kind of hope…
If it's Megalocker then our decrypter only works on older versions of this ransomware, as we only have keys for earlier variants of it. I've asked our malware analysts for confirmation that it's Megalocker, since ID Ransomware isn't able to identify it.
-
This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ -
23 hours ago, Blessing said:No key for New Variant offline ID: PUYef3QgyNaY7l8zzvWo4yIuFfw9blf3NZjYd3t1
Notice: this ID appears be an offline ID, decryption MAY be possible in the futureThis is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.
There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/21 hours ago, Audrish said:I removed the virus using spy hunter 5.Thank you. But is there any way i can get my files back?
Your ID is an online ID, so currently there is no way to decrypt your files.
-
22 hours ago, Blessing said:But i discovered that I can still open the encrypted files.
That will work with some files. The ransomware only encrypted a small portion of the beginning of each file, and some file formats are tolerant of corruption of parts of the file, and thus you can still open them with only a portion of the data being missing or corrupt.
It's important to note that a lot of common file formats will complete break when the beginning of the file is corrupted, damaged, or encrypted. This is why this only works with some types of files.
-
22 hours ago, Hisham said:anyone have decrypt for [[email protected]].Devos
That e-mail address and extension are known to be used by Phobos, and it's not decryptable.
New Variant offline ID
in Help, my files are encrypted!
Posted · Report reply
This is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.
There is more information at the following link:
https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/