Jump to content

GT500

Emsisoft Employee
  • Content Count

    14249
  • Joined

  • Days Won

    450

Everything posted by GT500

  1. A change of programming language would more than likely invalidate any existing signatures. That just means we write new signatures for the newer variants that are not detected, and if someone happens to stumble upon any newer variants in the wild that Emsisoft Anti-Malware is not yet able to detect with signatures then the Behavior Blocker should quarantine any unknown programs or scripts that attempt to do anything potentially malicious.
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with: https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them.
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. We don't need any more samples. This particular ransomware has been around for some time now, and it's encryption is understood fairly well. The issue is that they switched to using RSA keys almost 2 years ago, and once they did that decryption without the private key became virtually impossible (it would take thousands of years even for a supercomputer to brute force).
  6. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This was an issue on Windows Vista. Now that we no longer need to support Vista, it shouldn't be a problem in the majority of cases.
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. First, please allow me to apologize for taking so long to reply. There can be issues if you have more than one profile in Firefox. Try installing the Emsisoft Browser Security extension from the Firefox browser add-ons page, and note that Emsisoft Anti-Malware may have trouble detecting that the extension is installed if you have more than one profile in Firefox. If you want more information about how the extension works, or links for other browsers, then you can find that here.
  11. Yes, they do provide the private keys needed to decrypt your files if you pay them, along with a decrypter to use with the private keys.
  12. In theory, as long as it hasn't been overwritten. You can try file undelete software to see if anything can be recovered off of an old drive that data was moved from before it was encrypted, however keep in mind that ransomware may attempt to make old deleted data unrecoverable in order to increase the likelihood that people will pay.
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Tradução fornecida pelo Google: Esta é uma variante mais recente do STOP / Djvu. Se você tiver um ID off-line, assim que pudermos encontrar a chave de descriptografi
  14. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. Actually our exclusions support wildcards, so a path like the following should work: %TEMP%\????????-????-????-????-????????????\pro*.exe The question marks are a form of wildcard and each takes the place of a single character, unlike the asterisk which will match with more than one character at the same time. Assuming that the number of characters is always the same then it should work just fine. To add that exclusion, if you're not using the management console via MyEmsisoft, then just add a monitoring exclusion for a program (it doesn't matter which one), then click on the new r
  16. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. It only works on newer variants if it has a private key for the encrypted files. Since there is a different private key for every ID, and it isn't possible to the private keys in most cases, it's usually impossible to decrypt files that have been encrypted by STOP/Djvu. Due to how the ransomware encrypts files, some types of files can be repaired as they are only partially encrypted, however only certain file formats are tolerant of missing data and thus those that aren't can't be recovered in this way. The article "About the STOP/Djvu Decrypter" I've linked to previously covers this alon
  18. It would be OK if you weren't hijacking someone else's topic. I'll move your post and mine into a new topic once I've finished typing it. You will have to find the new topic yourself though, as apparently it's a violation of GDPR for me to use the "Log in as" feature on the forums to log in as you and follow the new topic for you. We remove any duplicate signatures from our own database. There's no good reason to keep a signature for something in our database if BitDefender's engine also detects it, and doing so bloats the database with redundant signatures, so every now and the
  19. This is more than likely a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Its driver can't be loaded without administrator rights, however if you're using the standalone version (as opposed to the version bundled with Emsisoft Emergency Kit) then it should be possible to install the service with the /s parameter from an elevated Command Prompt, and then run it from a Command Prompt without admin rights as the service would handle everything in the background. Please note however that I haven't tested this recently, and functionality with regards to admin rights may have changed.
  21. The ID is a code that identifies your computer so that the criminals know what private key they should send you if you pay the ransom. I can't remember exactly what that code is, however I do know it won't help you decrypt your files. If anything on your computer could help you decrypt your files, then our decrypter would be able to do it for you. No, it's just a list of ID's that have been assigned to files on your computer. It's important for the ransomware to document this so that the criminals know if you need to be sent more than one private key when you pay
  22. Correct. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ The STOP/Djvu ransomware is only known to come from pirated downloads. In general
  23. Please see the information posted at the following link by Fabian Wosar: https://www.bleepingcomputer.com/forums/t/561970/new-pclock-cryptolocker-ransomware-discovered/page-22#entry3593039
×
×
  • Create New...