GT500

Emsisoft Employee
  • Content Count

    13290
  • Joined

  • Days Won

    412

Everything posted by GT500

  1. I'm not seeing any information about this one. Would it be possible to attach an encrypted file and a copy of the ransom note to a reply for us to review?
  2. Thanks! I've forwarded this to QA, and they're able to reproduce the issue, so hopefully we won't need any more info from anyone.
  3. That's a fairly slow processor from 2016, so you're going to see higher CPU usage on it than you would an Intel Core i3 or an Intel Core i5. That being said, 11% does seem a bit high for idle usage. Do you have any other security software (Anti-Virus, Firewall, Anti-Spyware, Anti-Malware, etc) on the computer? As for the CPU usage during a scan, that's completely normal. Our scanner attempts to use all available CPU cores in order to scan as many files at the same time as possible. This helps reduce scan times.
  4. I ran a couple of dozen context menu scans, and while every now and then the green text "No suspicious files were found in this scan!" would occasionally fail to appear, the buttons "View report" and "Close" were always there. Also, when I would move the mouse into the EAM window, the missing text would suddenly appear. I'll let QA know, but they'll probably want debug logs from someone having the issue with the buttons disappearing. @marko do you remember how to get debug logs?
  5. The missing text happened to me when the buttons were missing. I'll do some testing to see how easy this is to reproduce.
  6. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. Do all of your files' names end in the following? [email protected] If not, then please attach an encrypted file and a copy of the ransom note (if there is one) to a reply.
  12. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. No, there are no updates. Online ID's for newer variants of STOP/Djvu use RSA keys, which are impervious to most attacks. Without obtaining the private keys from the criminals, there is no way to decrypt files with online ID's.
  15. I have various versions of Windows installed in Virtual Machines (VM's) so that I can test in different Operating Systems with only one computer, and when we release a new beta of EAM at the end of the month I do some basic tests to make sure that the update to the new version and scans at the very least all work as expected on each version of Windows I have installed. Since the VM's run in a window on my Desktop, I can move my mouse out of the VM and then back in when I need to interact with something running in it. When I saw this issue, my mouse was outside of the VM window, and since I corrected itself as soon as I moved the mouse back into the VM window I just assumed it was related to my mouse pointer being outside of the VM window.
  16. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu. If you have an online ID then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. During testing I noticed this happen when my mouse was outside of the virtual machine window where the scan was running, and when I moved my mouse back into the window and it hovered over the EAM UI the buttons suddenly appeared. Does attempting to interact with the EAM UI when this happens cause the buttons to appear for you as well?
  20. On Windows the term "app" is usually used for Microsoft Store apps, which are different from traditional applications that you download and install. You can remove these by right-clicking on the Start button and selecting Apps and Features. If you notice any more of these notifications then I recommend running a scan with FRST and posting the logs here for me to review. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. That's an older variant. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. The STOP/Djvu ransomware is actually really easy to remove (the decrypter actually disables it so it can't encrypt any new files), however it's possible the computer was infected by other things as well. Of course reinstalling Windows would have gotten rid of any active infections.
  24. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  25. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/