GT500

Emsisoft Employee
  • Content Count

    10955
  • Joined

  • Days Won

    312

Everything posted by GT500

  1. This is more than likely Dharma. You should be able to verify that using ID Ransomware: https://id-ransomware.malwarehunterteam.com/ Note that Dharma is not decryptable.
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. Assuming this is the .msop variant, then this is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. That's correct, it was one of the earlier variants of STOP/Djvu, and should be decryptable as long as file pairs are uploaded via our online submission form. The link Kevin posted has more information.
  5. You can attach your file pair to a reply if you'd like, and I can run them by our malware analysts to see if there's anything they can do.
  6. You should be able to contact Dr Web at the following link: http://legal.drweb.com/encoder/?lng=en
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. If you want a workaround, you can switch to the Delayed update feed and then check for updates to downgrade EAM to an older version from before this change, import your HOSTS file, and then switch back to the Stable update feed and check for updates again.
  9. If you have any other security software installed, then that might contribute to slower scan speeds. Anything reading/writing data to the hard drive can also slow down scan speeds, as can anything using a lot of CPU time. If the issue is something reproducible, then I can let you know how to get us debug logs.
  10. If you have the private key, then yes, however the only way to obtain the private key is to get it directly from the criminals. The private key will never be found on your computer unless you have already paid the ransom.
  11. The decryption service requires an unencrypted original file and an encrypted copy of the same file, otherwise you won't be able to decrypt your files. Do you have any files that you had downloaded which have been encrypted along with your own files? You could redownload those files, and use them as file pairs. The only caveat is that at the moment you have to do this for each file format (MP3, MP4, PNG, etc) and for JPG/JPEG images this needs to be done for each source your pictures came from.
  12. The memory usage of a2start.exe was consistently increasing during adding the HOSTS file contents, and I think that's what led to the crash the first time I tried it. The VM was only assigned 2 GB of RAM. We added sciter support to that dialog in the latest stable version, so that more than likely has something to do with it.
  13. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. The System Restore can break anything that uses drivers and/or services, as it reverts these back to older versions without reverting everything (so DLL's and such will be new versions and drivers and services will be old versions that may not be able to load the DLL's). If you have an account in MyEmsisoft you can register the license key with the account and manage it there. This will also allow you to log in to EAM and activate without needing to enter your license key.
  15. I know it's not quite the same thing, but there is an "Add file" button in the quarantine that you can use to delete pretty much any file (files that are in use may require a reboot). Anyway, I'll go ahead and pass on your suggestions.
  16. Unfortunately I'm not certain about that. It could be due to the criteria for inclusion (maybe they charge money to be on the list), or perhaps we never asked for inclusion.
  17. FYI: I just tried this again while trying to get more debug information, and there was no crash this time, so I was able to eventually import the HOSTS file (it's extremely slow):
  18. I'm sorry, I posted the wrong reply here. This is not a newer variant, and your files should be decryptable by supplying file pairs to our online submission form to help the decrypter "learn" how to decrypt your files. All of the information is at the same link I already posted.
  19. It's unfortunate that they won't provide support for their decrypter. It makes it seem too much like they did it only for the publicity.
  20. What's the ID for the file it isn't able to decrypt?
  21. No, we don't currently publish that information anywhere. The safest way to ensure the safety of your data from ransomware is to keep backups of anything important on some sort of external media (USB flash drives, external hard drives, tape drives, etc) that do not remain connected to the computer the majority of the time. We like to think our Anti-Virus software is pretty good at preventing ransomware, but in the unlikely event that it were to fail it's impossible for ransomware to encrypt files that it can't access.
  22. The ID in the ransom notes should be enough, although it's not 100% accurate (running the decrypter will show you the ID for each file it fails to decrypt and gives the best results). If the ID for a file ends in t1 then it is almost certainly an offline ID, otherwise it is almost certainly an online ID. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. You're right, I need to update my canned instructions. That address is not in our database. If you enabled notifications, then there should have been a notification. Are you sure that EAM is blocking it intentionally? It could simply be a bug causing the communication to error out when monitored by our Surf Protection. Would it be possible to attach your logs.db3 file to a reply, and let me know roughly what times/days this happened on? It's an SQLite database containing all log entries, and usually when log entries don't appear in the UI they will still be in logs.db3. If it is being blocked intentionally, then I should be able to see it in the logs.db3 file.