Jump to content


Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Posts posted by GT500

  1. 11 hours ago, hamedn53 said:

    What if I send you the pair files to analyze-lab? (We're ready paying for analyzing and decrypting)

    Would that make any differences on decrypting the ransomware-encrypted-online-id?

    That won't help. Newer variants use RSA encryption, which isn't vulnerable to most forms of attacks. It would take even a supercomputer thousands of years to brute force the private key for decryption.

    • Sad 1
  2. 20 hours ago, Haresh said:

    Can we expect decryption for STOP/Djvu online key, the new variant from EMSISOFT?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

  3. On 1/2/2021 at 5:49 AM, Harshit said:

    Yes .weui present end of file name

    OK, the fact that your ID is an offline ID is good, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:

  4. On 1/2/2021 at 5:03 PM, nir uzan said:

    How can i know when u update the software descryptor ?

    We recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:

  5. 14 hours ago, tuanton said:

    Does the extension come with the product download

    If you use Google Chrome, Mozilla Firefox, or Microsoft Edge then you will be asked if you want to install the extension when you launch your web browser. Selecting to install it should open the extension page in your web browser where you can read the description, see screenshots, and click the button to add it to your web browser.

    There is more information about how the extension works, and links to where to obtain it for each browser, at the following link:

  6. 6 hours ago, ITCARE said:


    That looks like the sort of path BitDefender's scan engine uses when extracting the contents of archives during a scan. I recommend checking to see if Emsisoft Anti-Malware was running a scan at the time, and if you can try to verify what archive it was extracting at the time. You may need to run the scan manually on a machine where you are seeing these detections in order to identify which file is being scanned when these detections occur.

    Note that if Emsisoft Anti-Malware is configured to scan inside mail archives, the BitDefender engine will extract those to the TEMP folder as well.

    An alternative is to disable whatever other protection is on the workstations where this is happening to see if Emsisoft Anti-Malware detects the files rather than the other software. If it does detect them, then that will make it easier for you to identify which archive contains the files being detected. If it doesn't detect them, then that could indicate a false positive on the part of the other software that's detection them.

  7. 11 hours ago, mferrap said:

    No key for New Variant online ID: guSO4GjsgB9Ga62QXbBtIRIsV4CjSMOcjs90mR6u
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:

  • Create New...