Jump to content

GT500

Emsisoft Employee
  • Content Count

    13991
  • Joined

  • Days Won

    442

Posts posted by GT500

  1. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  2. On 1/10/2021 at 11:42 AM, Kwstas Dimitriou said:

    DO not pay this **************@aol.com . We paid him and he only decrypted small files and not our database. The hacker was paid and he didn't decrypt our database. He didn't know how his tool works. So we lost our money with him: Screenshot: http://prntscr.com/wkcknf

    Did they give you a private key with their decrypter? Assuming the ransomware was a variant of STOP/Djvu we can add the private key to our database, and if it's the correct private key for your files and your files aren't corrupt then our decrypter might be able to decrypt them.

  3. On 1/9/2021 at 11:44 PM, edwart said:

    so I got the information that I was hit by qlkm which is offline ID
    can this be saved?ūüė≠

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    On 1/9/2021 at 11:44 PM, edwart said:

    oh yes one more question, when the internal and external SSDs at that time are installed on the laptop, and infected by ".qlkm" knowing that the decrypt is not there yet, I move all the infected files to external ssd in the hope that in the future it can be saved, and the laptop I reinstalled with windows with it

    It's OK to move the encrypted files to an external hard drive.

     

    On 1/9/2021 at 11:44 PM, edwart said:

    will my laptop be clean just by reinstalling?

    Reinstalling Windows will wipe out everything on the hard drive (assuming you reformat before installing) including any infections. Keep in mind that if STOP/Djvu was the only infection, it is extremely easy to remove, and most Anti-Virus software will detect it.

  4. On 1/9/2021 at 6:58 PM, JMG said:

    Mi equipo fue atacado por virus .nobu y no encuentro como recuperar mis archivos

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    Traducción proporcionada por Google:
    Esta es una variante más nueva de STOP / Djvu. Si tiene una identificación fuera de línea, una vez que podamos encontrar la clave de descifrado para esta variante y agregarla a nuestra base de datos, podrá recuperar sus archivos. Sin embargo, si tiene una identificación en línea (que es más probable), no será posible recuperar sus archivos. Hay más información en el siguiente enlace:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  5. On 1/9/2021 at 7:53 AM, george777 said:

    how can i decrypt qlkm wirus infected files? specially peg fyle format shows qlkm

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  6. 1 hour ago, Syed Anwaar Gilani said:

    No key for New Variant online ID: mHh5uqcMFFXeQPLmr4dc2RZBjwnfqTG8ZmVeR1eO
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    1 hour ago, Syed Anwaar Gilani said:

    If you have any Decryptor please send me

    Don't ask people to contact you, and don't contact people asking for help. Criminals who make ransomware monitor our forums, and they will try to scam you out of money if they get the chance.

  7. There's a physical limit to how long a path can be. A path is the name of a file, and all of the folders it is in. A path is generally represented like the following:

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

    What you need to do is either rename the folders the files are in so they have shorter names, or move the files to a folder with a shorter path.

  8. 11 hours ago, cparfam said:

    No key for New Variant online ID: wkDf0jCQ2vxYZOoog985rlgBJhhgvSmIRjbfSDST
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    11 hours ago, cparfam said:

    Does this mean that the files were encrypted using an online key...

    Yes, that's correct.

     

    11 hours ago, cparfam said:

    ... will it ever be possible to decrypt them?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

  9. 9 hours ago, Help Me,Please. said:

    because i tried the decryptor much times - weekly - it kept saying online id ! online id!

    Of course it did. ID's don't change. An online ID is always an online ID, and an offline ID is always an offline ID.

     

    9 hours ago, Help Me,Please. said:

    I Will Get Mailed with ''its impossibe'' again Right?

    Anything else would be untruthful.

  10. 9 hours ago, keebler94 said:

    I started reading the forums and I have read that Emsisoft has a remover named EmsiClean64.exe . I have not been able to find it.

    Normally it would be sitting in the Emsisoft Anti-Malware folder (C:\Program Files\Emsisoft Anti-Malware), however if you had already tried to uninstall Emsisoft Anti-Malware then it may have already been deleted. The link that Jeremy posted should help, however please keep in mind that the version of Emsisclean available at that link is a bit out of date. If it doesn't remove everything, then please let me know.

  11. 11 hours ago, hamedn53 said:

    What if I send you the pair files to analyze-lab? (We're ready paying for analyzing and decrypting)

    Would that make any differences on decrypting the ransomware-encrypted-online-id?

    That won't help. Newer variants use RSA encryption, which isn't vulnerable to most forms of attacks. It would take even a supercomputer thousands of years to brute force the private key for decryption.

    • Sad 1
  12. 20 hours ago, Haresh said:

    Can we expect decryption for STOP/Djvu online key, the new variant from EMSISOFT?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

×
×
  • Create New...