Jump to content

GT500

Member
  • Posts

    14249
  • Joined

  • Days Won

    456

Everything posted by GT500

  1. Newer variants of the STOP/Djvu ransomware use RSA keys, which are not susceptible to most forms of attack. Brute forcing the private key would take even a supercomputer thousands of years. The only way you will be able to decrypt your files is with the private key, and only the criminals who made the ransomware have access to that.
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  3. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu. Si tiene una identificación fuera de línea, una vez que podamos encontrar la clave de descifrado para esta variante y agregarla a nuestra base de datos, debería poder recuperar sus archivos. Sin embargo, si tiene una identificación en línea (lo que es más probable), no será posible recuperar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por DeepL: Esta es una variante más reciente de STOP/Djvu. Si usted tiene un ID fuera de línea, entonces una vez que podamos encontrar la clave de descifrado para esta variante y añadirlo a nuestra base de datos que debe ser capaz de recuperar sus archivos. Sin embargo, si tiene un ID online (que es lo más probable) entonces no será posible recuperar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. At the moment we believe this is related to our WFP (Windows Filtering Platform) driver. Hopefully this issue will be resolved in a future update to that driver.
  11. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. Let's also get logs from FRST, in case they show anything relevant. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  15. The game in question is IL2-Sturmovik? OK, thanks, I'll forward them to QA.
  16. You're welcome. If you have any further trouble, then be sure to let me know.
  17. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. If you want to run Emsisoft Emergency Kit first to remove anything it finds, then feel free to do so: https://www.emsisoft.com/en/tools/emergencykit/ It's free for personal/home use, and that includes removal of anything malicious that it finds.
  19. That's correct. Online ID's mean that the ransomware was able to connect to its command and control server and request a randomly generated ID and keys, which will be unique. Since we need the private key to decrypt the files, and the private key only ever exists on the servers run by the criminals who made the ransomware, there's no way we could decrypt the files unless law enforcement were able to take possession of the server or otherwise gain access to it to liberate the database of private keys.
  20. It's OK Jeremy, I'll do what I can to help him. The update process normally only uses a lot of CPU time when it has to re-scan items in the Quarantine. Do you have anything in the Quarantine in Emsisoft Anti-Malware that you can delete? If you'd prefer to just turn off the automatic Quarantine Re-scan feature, then open Emsisoft Anti-Malware, go to the Settings, select Advanced from the list on the left, and change the setting for Quarantine re-scan after updates to Never. You can also set it to "Ask" if you'd prefer to be given a choice rather than completely disabling the feature.
  21. That's not normal if you restarted your computer twice after uninstalling. If you don't restart your computer twice after uninstalling, then it is technically possible for some things to not get completely removed. The error could mean that the EPP files were removed, but the EPP driver wasn't unregistered as a service and Windows was still trying to load it on startup. If you want to do a complete uninstall of Emsisoft Anti-Malware, then look in the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) for a file named EmsiClean and copy it to your desktop. After uninstalling and restarting the computer twice, you can run EmsiClean to remove any leftovers.
  22. I would recommend a much smaller list. Blacklists aren't intended to have hundreds of thousands of entries. A few thousand is fine, but much more than 10,000 is not only not necessary but would be more likely to cause problems than anything else. The vast majority of entries in those big lists aren't even online anymore, and aren't a threat to your security or privacy.
  23. I recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  24. Let's try getting a log from FRST, and see if it shows any sign of infection. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
×
×
  • Create New...