GT500

Emsisoft Employee
  • Content Count

    12226
  • Joined

  • Days Won

    362

Everything posted by GT500

  1. We already have a "tool" for this ransomware: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future, however please note that may be a long time. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  3. This is the information about the ransomware and the decrypter we made for it: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for this variant of STOP/Djvu. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ I recommend downloading Emsisoft Emergency Kit so that you can run a scan and quarantine anything it finds: https://www.emsisoft.com/en/home/emergencykit/
  9. Did you revert your application rule back to factory defaults before testing? The option is in the advanced settings.
  10. We're still analyzing it. If it's possible to make a decrypter then we'll do so, however analysis takes time.
  11. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. We don't yet have the private key for this variant of STOP/Djvu's offline ID. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. Only moderators and administrators have the ability to delete posts. I can hide the post for you if you'd like, however keep in mind that everyone who has replied to this topic has probably already seen it.
  15. "Auto resolve, with lookup notifications" causes EAM to display a notification when it's checking the safety of a program with our Anti-Malware Network, whereas the default setting (Auto resolve, notifications for threats only) will only display a notification if the BB is taking action against an application.
  16. Once you've done that, you can use a file sharing service such as WeTransfer (they used to allow files up to 2 GB for free): https://wetransfer.com/ There's a button to the left of the "Transfer" button on WeTransfer that opens the advanced options, allowing you to select to generate a download link you can send in a private message along with the 7z archive's password.
  17. Use 7-Zip to compress it: https://www.7-zip.org/ You may need to copy the file to your Desktop so that 7-Zip can access it. Once you've done that, right-click on the file, go to the 7-Zip menu, and select "Add to archive" and be sure to use the following settings for compression (I recommend adding a password that you can send me privately):
  18. The log entry was for the notification, and I don't think EAM displays the notification anymore. I'll check with QA to see if that's the case.
  19. 20% CPU usage on a 3900X is the equivalent to having 5 of its logical cores maxed out (unless of course you have SMT turned off). Have you checked to see what's eating up all that CPU time? With 24 logical cores 4.1% CPU usage for a single thread is the equivalent of maxing out 1 core, or roughly 8.2% with SMT off (it's on by default). What's the CPU usage of a2start.exe (look in the Task Manager under the Details tab for process names)? If it's maxing out a full core, then right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock) and select Shut down protection. After that hold down the Ctrl and Shift keys on your keyboard and press Esc to open the Task Manager, click More details in the lower-left, switch to the Details tab, and wait until a2service.exe disappears from the list. Next you can re-open Emsisoft Anti-Malware from the Start Menu, and the CPU usage will be normal.
  20. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. The decrypter is working, and that's not an error message. Your files can't be decrypted.
  22. We can take a look at it if you find it again, however it's more than likely that each computer will require a different private key to decrypt files, and thus the decrypter will only work on a specific computer.
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. It hasn't happened for the STOP ransomware, however there have been cases of it happening with other ransomwares. There have also been cases where criminals have decided to quit making/distributing ransomware, and have released their private keys themselves (keep in mind that this is rare).