GT500

Emsisoft Employee
  • Content Count

    12226
  • Joined

  • Days Won

    362

Everything posted by GT500

  1. It's necessary to turn off Tamper Protection in 1909 before disabling Windows Defender as well (I ran into that in February when I installed a new motherboard, CPU, and RAM and did a fresh install of 1909). Unfortunately installing feature updates re-enables a lot of the things that ShutUp10 disables, and I think every Feature Update I've installed has turned Windows Defender back on.
  2. I see Frank already let you and stapp know, but for anyone else reading this that should change soon. It's due to a new CPU monitor added for debugging purposes, and right now it isn't restricted to only being used when debug logging is enabled, which we have plans to change. I haven't received the logs, however there's another way to send them to me: Hold down the Windows logo key on your keyboard (usually between the Ctrl and Alt keys) and tap R to open the Run dialog. Copy and paste %ProgramData%\Emsisoft\Logs into the field, and click OK. Find the 4 logs you want to send (their names will start with "a2guard_", "a2service)", "a2start_", and "CommService_") and highlight them with the mouse. Right-click on the highlighted files, go to Send to, and select Compressed (zipped) folder. Move the new file that gets created to your Desktop (or somewhere else easy to find), and then attach it to a reply to this topic.
  3. There were a number of changes made to try to resolve the high CPU usage issue, as well as a number of changes to try to debug it, so that could account for the variance in CPU usage you are now seeing. Out of curiosity, does it do this with debug logging off as well?
  4. Debug logs would be fantastic if you could get some. Here's how: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click Advanced in the menu at the top. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day. After that, close the Emsisoft Anti-Malware window. Reproduce the issue you are having (wait for commservice CPU usage to rise to 7-8%). Once you have reproduced the issue, open Emsisoft Anti-Malware again. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles. Click on the button that says Send an email. Select the logs on the right that show today's dates (if you try to send too many logs, then we may not receive them). Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message). If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time). Click on Send now at the bottom once you are ready to send the logs. Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.
  5. Unfortunately this ransomware is still under analysis, and we're not certain if it's decryptable yet.
  6. That's an online ID, so unfortunately it's not decryptable.
  7. The only way to decrypt your files is with the private key for your ID, and only the criminals have that. Unfortunately there's nothing we can do.
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Before you do anything else, I recommend running a scan with Emsisoft Emergency Kit, and quarantining everything it finds. The FRST logs show your computer is infected. https://www.emsisoft.com/en/home/emergencykit/
  9. OK, so 6 cores and 12 threads (with Hyper-Threading on). 100 / 12 = 8.3 (roughly), so 7-8% CPU usage could be almost an entire logical core. How easy is it to reproduce this CPU usage issue with commservice?
  10. We've already done testing with EAM on the 2020 May Update (2004) for Windows 10, and it should work normally on that new feature update.
  11. Correct, those are Windows Defender processes. Windows is supposed to automatically turn off Windows Defender's protection when a third-party Anti-Virus is installed and its protection is active. Do you have the beta of Emsisoft Anti-Malware 2020.6 installed?
  12. There are usually stable releases at the beginning of each month, and new betas around the end of each month. We usually announce new stable updates at the following link: https://blog.emsisoft.com/en/category/emsisoft-news/product-updates/
  13. I don't think we were aware that there were still issues with commservice. What CPU do you have? Also, is anyone else still having issues with commservice?
  14. We've released a new beta that should include detection for the Emsisoft Browser Security extension in Chromium Edge, and should notify you if it isn't installed: https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/
  15. Does the new beta help with this issue? https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/ Here's how to install it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  16. Does the new beta help with this issue? https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/ Here's how to install it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  21. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Você precisa fazer o upload de pares de arquivos por meio de nosso formulário de envio on-line para que o decodificador possa ser "treinado" para descriptografar seus arquivos. Há mais informações no seguinte link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. No, we'd need the private key for your ID, and they keep that to themselves unless you pay the ransom.
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. Criminals who create/distribute ransomware have been caught in the past, however I know of no instances where criminals connected to the STOP ransomware have been caught.