GT500

Emsisoft Employee
  • Content Count

    12258
  • Joined

  • Days Won

    363

Everything posted by GT500

  1. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  2. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. That depends on how much free hard drive space you have, and whether or not you don't mind deleting all of the encrypted files on your own. The reason to keep the encrypted files is just in case the decrypter fails to decrypt them. As long as you still have the encrypted files you can always try again.
  4. Microsoft likes to roll out feature updates slowly over the course of many months, so you may not see it show up in Windows Update right away.
  5. The screenshot I posted is the notification displayed when a file is safe. As for your video, it does contain the lookup notification. The following screenshot of the video was taken at 46 seconds. Your Internet connection is probably fast enough that the Anti-Malware Network lookup completes faster than you can really see the notification, and it's immediately replaced by a BB quarantine notification.
  6. It's necessary to turn off Tamper Protection in 1909 before disabling Windows Defender as well (I ran into that in February when I installed a new motherboard, CPU, and RAM and did a fresh install of 1909). Unfortunately installing feature updates re-enables a lot of the things that ShutUp10 disables, and I think every Feature Update I've installed has turned Windows Defender back on.
  7. I see Frank already let you and stapp know, but for anyone else reading this that should change soon. It's due to a new CPU monitor added for debugging purposes, and right now it isn't restricted to only being used when debug logging is enabled, which we have plans to change. I haven't received the logs, however there's another way to send them to me: Hold down the Windows logo key on your keyboard (usually between the Ctrl and Alt keys) and tap R to open the Run dialog. Copy and paste %ProgramData%\Emsisoft\Logs into the field, and click OK. Find the 4 logs you want to send (their names will start with "a2guard_", "a2service)", "a2start_", and "CommService_") and highlight them with the mouse. Right-click on the highlighted files, go to Send to, and select Compressed (zipped) folder. Move the new file that gets created to your Desktop (or somewhere else easy to find), and then attach it to a reply to this topic.
  8. There were a number of changes made to try to resolve the high CPU usage issue, as well as a number of changes to try to debug it, so that could account for the variance in CPU usage you are now seeing. Out of curiosity, does it do this with debug logging off as well?
  9. Debug logs would be fantastic if you could get some. Here's how: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click Advanced in the menu at the top. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day. After that, close the Emsisoft Anti-Malware window. Reproduce the issue you are having (wait for commservice CPU usage to rise to 7-8%). Once you have reproduced the issue, open Emsisoft Anti-Malware again. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles. Click on the button that says Send an email. Select the logs on the right that show today's dates (if you try to send too many logs, then we may not receive them). Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message). If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time). Click on Send now at the bottom once you are ready to send the logs. Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.
  10. Unfortunately this ransomware is still under analysis, and we're not certain if it's decryptable yet.
  11. That's an online ID, so unfortunately it's not decryptable.
  12. The only way to decrypt your files is with the private key for your ID, and only the criminals have that. Unfortunately there's nothing we can do.
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Before you do anything else, I recommend running a scan with Emsisoft Emergency Kit, and quarantining everything it finds. The FRST logs show your computer is infected. https://www.emsisoft.com/en/home/emergencykit/
  14. OK, so 6 cores and 12 threads (with Hyper-Threading on). 100 / 12 = 8.3 (roughly), so 7-8% CPU usage could be almost an entire logical core. How easy is it to reproduce this CPU usage issue with commservice?
  15. We've already done testing with EAM on the 2020 May Update (2004) for Windows 10, and it should work normally on that new feature update.
  16. Correct, those are Windows Defender processes. Windows is supposed to automatically turn off Windows Defender's protection when a third-party Anti-Virus is installed and its protection is active. Do you have the beta of Emsisoft Anti-Malware 2020.6 installed?
  17. There are usually stable releases at the beginning of each month, and new betas around the end of each month. We usually announce new stable updates at the following link: https://blog.emsisoft.com/en/category/emsisoft-news/product-updates/
  18. I don't think we were aware that there were still issues with commservice. What CPU do you have? Also, is anyone else still having issues with commservice?
  19. You're welcome. If you need anything else, then let us know.
  20. We've released a new beta that should include detection for the Emsisoft Browser Security extension in Chromium Edge, and should notify you if it isn't installed: https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/
  21. Does the new beta help with this issue? https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/ Here's how to install it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  22. Does the new beta help with this issue? https://blog.emsisoft.com/en/36318/emsisoft-anti-malware-2020-6-beta/ Here's how to install it: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Updates in the menu at the top. On the left, in the Updates section, look for Update feed. Click on the box to the right of where it says Update feed, and select Beta from the list. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Select Update now from the list.
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/