GT500

Emsisoft Employee
  • Content Count

    13290
  • Joined

  • Days Won

    412

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. We rarely update our decrypter. It's not necessary since it draws keys from a database. That being said, we won't be able to obtain private keys for online ID's unless law enforcement is able to arrest the criminals or otherwise gain access to their servers and release their database of keys for use in decrypters. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. No, we already have a decrypter. You'll need to have original copies of at least a few encrypted files available in order for our servers to generate a keystream for the decrypter to use. Check anywhere you may have saved or sent files in the past. Check your phone, memory cards, USB flash drives or hard drives. Also check websites you may have uploaded files to such as social media, file sharing networks, e-mail or other messaging services, etc. You can also ask friends and family who you may have shared files with to see if they have original copies of any of your encrypted files.
  7. Technically these aren't fall positives. They're common modifications made by malware that hamper troubleshooting, and are usually considered undesirable outside of a corporate environment where the administrator has determined that these system tools should not be available to regular users on the system. In the scan results, simply right-click on the entry you want to exclude and select Add to exclusions. This should prevent it from being detected in future scans.
  8. I have that update for Windows 10 1909 installed as well, so I suspect that the issue happening on that particular startup was just a coincidence. Can everyone who's still seeing the WSC issues go ahead and post fresh FRST logs for me to review? I want to see if there are any similarities between your systems that might account for why you're all still having this issue. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. No, we don't have the private key for .oonn's offline ID yet.
  11. This is an older variant of the STOP/Djvu ransomware. There is more information (and a decrypter download) at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ You'll need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files.
  12. This is an older variant of the STOP/Djvu ransomware. There is more information (and a decrypter download) at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ If your files have online ID's, then you'll need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files.
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Once a key is created, it doesn't change. If your key starts off as online, then it will always be online.
  14. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  15. Try the instructions at the following link to reset your HOSTS file back to default: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default
  16. There shouldn't be a limit to the number of devices allowed in a policy, assuming you mean policies in your workspace in MyEmsisoft.
  17. It's possible that something may have prevented an update from installing properly, requiring an extra restart to finish the process. Unfortunately for us to know for certain, Emsisoft Anti-Malware would have needed to be saving debug logs at the time the issue happened, and it doesn't do this by default. If the issue happens again, then let us know. If it keeps reoccurring then we should be able to get debug logs.
  18. Our malware analysts are still working on this one. There are some minor issues with the ransomware that they are trying to work out right now, however once they have that done hopefully they can let us know if it's decryptable or not.
  19. @eliastz to clarify why I'm asking you to perform steps you've already tried, in the current version of Emsisoft Anti-Malware the WSC integration issue may be fixable by reinstalling Emsisoft Anti-Malware as long as all Emsisoft Anti-Malware files and services are properly removed during the uninstall.
  20. The key that was sent was a public key, which is useless for decryption. Private keys are not sent to your computer unless you pay the ransom, and since online ID's are unique for each computer your private key won't work for anyone else.
  21. The key that was sent was a public key, which is useless for decryption. Private keys are not sent to your computer unless you pay the ransom, and since online ID's are unique for each computer your private key won't work for anyone else.
  22. I'll ask our malware analysts if there's any new information.
  23. Let me know if the following helps: Uninstall Emsisoft Anti-Malware. Restart your computer twice. Download and reinstall Emsisoft Anti-Malware from this link.