GT500

Emsisoft Employee
  • Content Count

    13320
  • Joined

  • Days Won

    413

Posts posted by GT500


  1. 21 hours ago, Paolo Bardi said:

    I too have been waiting 3 years for a decryption to the (.losers) ransomware and discovered this thread.

    The ransomware that encrypted your files is Cry36. There is no known way to decrypt your files without getting the private key from the criminals who made/distributed the ransomware.

     

    21 hours ago, Paolo Bardi said:

    Is there presently a realistic  chance  for recovery at this time?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can create a decrypter for this ransomware. Unfortunately it's already been several years, and this hasn't happened yet, so there's no way to know when or if it will.


  2. 13 hours ago, chrispol said:

    The new vesion of STOP djvu which put .Foke extension on the files with online id cannot decrypted with the decrypters are avaliable. Any Help? 

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  3. 19 hours ago, chrispol said:

    New  .Foqe  extension with online ID , cannot be decrypted by now

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  5. On 10/11/2020 at 2:10 AM, Shashank said:

    Hello sir my file is encrypted with .Copa ransomware virus. The id is offline id 5sHsKes2XYnEguRaSVYIA8rudOB16MVLvPgGIOt1.

    When will it come .Copa ransomware decrypter tool.

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  6. 21 hours ago, Ludy said:

    The problem is that it happens only when windows defender updates via windows updates?

    It's probably due to Windows Defender's state being changed. If Windows Defender's protection turns on even momentarily, then the Windows Security Center may attempt to turn off Emsisoft Anti-Malware's protection to keep both from monitoring at the same time.


  7. On 10/10/2020 at 3:25 AM, Advanced User said:

    EEK does not save the position and size of the window when resetting the preferences file.

    It's no longer supposed to. My instructions were not intended to change this, but merely reset the EEK behavior back to default since it appears to be loading the old position and size data from the config file even though it won't save new position and size data.


  8. 9 hours ago, Ken1943 said:

    Have it fixed

    For anyone else who reads this, if you create a workspace by mistake in MyEmsisoft then you can remove it as long as you haven't added any devices to it. To delete a workspace, simply click on the workspace in the list of workspaces, select Settings in the menu on the left, and there's a Delete workspace link at the bottom of the settings page.

    Workspaces are part of Emsisoft Cloud Console, which allows you to manage Emsisoft Anti-Malware installations on all connected computers (home computers, workstations, servers, etc) from our web interface at my.emsisoft.com. There's a user guide with information on how to use Emsisoft Cloud Console at the following link:
    https://help.emsisoft.com/en/2323/emsisoft-cloud-console-user-guide/


  9. On 10/10/2020 at 4:54 AM, ALARMus said:

    A have got notification message "Trojan.GenericKD.34381950 (B) from my emsisoft antimalware home

    But if i check this file in virustotal.com it's report that Emsisoft Undetected anything.

    It's possible that the VirusTotal scanner may not have had the latest database. As long as Emsisoft Anti-Malware is fully up-to-date, then trust what it says over what VirusTotal says.

    Note: The (B) on the end of the detection name means it was detected by the BitDefender scan engine, so BitDefender (and all other products that use BitDefender's scan engine) should detect the file with the same name. If they don't, then your installation of Emsisoft Anti-Malware may not have the latest database.


  10. On 10/11/2020 at 10:39 AM, cengiz said:

    İnternet güvenlik ürünleri (norton, comodo, zonealarm extreme scrty, vb.) Dns dolandırıcılığı önleme, arp dolandırıcılığı önleme gibi işlevlere sahip ve kullanıcıları mitm saldırılarına karşı korurlar.

    Online Armor (a firewall software we discontinued a few years ago) had similar features. We didn't bother implementing them in any of our other products because they aren't really that effective, and most security software that includes them only does so to make it look like they are giving you extra protection. There are better and more effective systems already in place to protect against these issues on most major websites (as I said above there are server-side protections that must be implemented to provide proper man-in-the-middle attack protection).

     

    Google tarafından sağlanan çeviri:
    Online Armor (birkaç yıl önce bıraktığımız bir güvenlik duvarı yazılımı) benzer özelliklere sahipti. Bunları diğer ürünlerimizin hiçbirinde uygulamaya zahmet etmedik çünkü gerçekten etkili değiller ve onları içeren çoğu güvenlik yazılımı bunu yalnızca size ekstra koruma sağlıyor gibi görünmek için yapar. Çoğu büyük web sitesinde bu sorunlara karşı koruma sağlamak için halihazırda daha iyi ve daha etkili sistemler mevcuttur (yukarıda söylediğim gibi, ortadaki adam saldırı koruması sağlamak için uygulanması gereken sunucu tarafı korumaları vardır).


  11. 13 hours ago, Jothan said:

    I really hope in a near future I can get my files back, I have really old important files that I have no backup of them nowhere else, and no opportunity of getting it again.

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  12. 18 hours ago, haydn said:

    PS on further searches it seems Microsoft creates files for certificates Hope i havent wasted your time Many thanks

    It's more than likely legitimate. Once a Microsoft Store app is installed, Windows doesn't allow third-party applications to edit it, so the app would have had to contained malicious code when it was installed. Since it's normal for apps to use cryptographic API's, seeing files with the word "crypto" in their name isn't entirely uncommon.