GT500

Emsisoft Employee
  • Content Count

    10509
  • Joined

  • Days Won

    296

Everything posted by GT500

  1. Doing this may break some applications that use the HOSTS file for blocking bad websites, however beyond this it shouldn't have any negative side effects, and it is safe to delete the HOSTS file if you aren't using it to block bad websites.
  2. I don't think the decrypter is checking to see if it's an online ID, it's just checking to see if we have a decryption key for the ID. If our database has no key for the ID, then that error is returned. It's possible that the decrypter doesn't check whether ID's are online or offline because we don't actually know 100% of the ID's, however I'd have to ask to confirm that.
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. You can attach log files to a reply here. When you click in the field to type your reply, you can drag and drop files into the reply field, or you can access the attachment controls at the bottom.
  6. I'll ask to see if ID Ransomware's detection was correct.
  7. File: C:\Users\GT500\Desktop\FIFA14-DIE.py.bora Error: Unable to decrypt file with ID: kL5msMZjKKEario4wMBSiaOyOHwUoC5omWEHNDHr That's an online ID. There's no way to decrypt it.
  8. Don't use SpyHunter to clean up ransomware. Our decrypter should be able to remove STOP/Djvu, as should Emsisoft Emergency Kit. If you're still having trouble with new files getting encrypted, then let's try getting a log from FRST, and see if it shows any signs of the infection. You can find instructions for downloading and running FRST at the following link: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/
  9. @Foo @olifer88 and @pingping2050 this is a newer variant of STOP/Djvu, and all of your ID's are online ID's, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. To my knowledge, this only applies to offline ID's/keys. The ID in the error message shows an online ID, and since we have no way of getting our hands on online private keys we're not going to be able to add support for them to our decrypter. The only two immediate options are either pay the criminals, or pay a third-party to negotiate with the criminals for you. Coveware can act as an intermediary for you and possibly negotiate a smaller ransom payment, however they usually provide this service for businesses.
  16. I'll need to know more about the encrypted files. If you could attach one of the ransom notes and an encrypted file to a reply, then I could let you know what your options are.
  17. You may need to reset your HOSTS file back to default. Microsoft has information about how to do that at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. That depends on the variant. If it's an older variant, then the decrypter can be "trained" how to decrypt your files by uploading file pairs to our submission form. If it's a newer variant, then there is currently nothing that can be done to recover the files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. When Microsoft releases new versions of their SHA-2 hashing algorithm support for Windows 7 they include them in the monthly cumulative updates, so just be sure that Windows Updates are getting installed monthly and you should be OK.
  23. It's too late. Your files are already encrypted.