GT500

Emsisoft Employee
  • Content Count

    13290
  • Joined

  • Days Won

    412

Everything posted by GT500

  1. Game developers and publishers do not normally digitally sign their binaries, and since they tend to update them frequently these days it's difficult to keep them whitelisted so that they won't be detected. My recommendation in the case of crashes is to add the folder the game is launching from to the exclusions for scanning and monitoring in Emsisoft Anti-Malware, which will prevent Emsisoft Anti-Malware from opening hooks to the game while it's running. You can find Steam and Origin games in the following folders by default: C:\Program Files (x86)\Steam\steamapps\common\ C:\Program Files (x86)\Origin Games\ Here are instructions on excluding a folder from scanning and monitoring: Open Emsisoft Anti-Malware. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle). Click on Exclusions in the menu at the top. The exclusions section contains two lists (Exclude from scanning and Exclude from monitoring). Look for the box right under where it says Exclude from scanning. Click on the Add folder button right below the Exclude from scanning box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Scroll down to the box under Exclude from monitoring and click the Add folder button right below that box. Navigate to the folder you would like to exclude, click on it once to select it, and then click OK. Close Emsisoft Anti-Malware. Note: If a program is still running when you exclude its folder, then you will need to close it and reopen it for the exclusion to fully take effect. In some cases (such as for programs that run on startup) you will need to restart your computer before this will happen, however a restart is not normally needed for games.
  2. That's normal. Windows has extra protection on that folder to prevent access, and restoring the file should fail. The only easy way to restore a file from a Microsoft Store app that gets deleted is to uninstall the app and then reinstall it. According to VirusTotal the file that was flagged by the Behavior Blocker isn't digitally signed, however there are ways of signing a file that won't be reflected on VirusTotal (I would believe signatures can be contained in separate "catalogue" files). Regardless, if the file wasn't digitally signed or there was some reason why EAM could not read the signature then that would account for why the Behavior Blocker reacted to it.
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traduction fournie par Google: Il s'agit d'une nouvelle variante de STOP / Djvu. Si vous avez un identifiant hors ligne, une fois que nous pourrons trouver la clé de décryptage pour cette variante et l'ajouter à notre base de données, vous devriez pouvoir récupérer vos fichiers. Cependant, si vous avez un identifiant en ligne (ce qui est plus probable), il ne sera pas possible de récupérer vos fichiers. Il y a plus d'informations sur le lien suivant: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. It usually means that more than one variant of STOP/Djvu has infected the computer. The variant that used the extension .mado was first seen in March, and was probably replaced by another one in early April. The decrypter will tell you the ID for each file. The ransomware adds the ID used to the end of each encrypted file, so it's not necessary to get it from the ransom notes. https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
  6. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  7. We've released 2020.10, and we're wondering if that helps with this issue. Could you let us know if you're still unable to disable all guards from the System Tray icon?
  8. It won't tell us as much as the ransomware itself would, however it might be worth looking at. Feel free to ZIP the files and attach them to a reply here on the forums. And yes, it would be best to have at least one file pair (if not two or three) just in case we need them during analysis.
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Please do not ask other people to contact you, or respond to requests from others to contact them. It's highly likely that criminals will try to contact you and scam you out of money with false promises of decryption or file recovery.
  11. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. Do you have any special permissions configured in Emsisoft Business Security or in your Emsisoft Cloud Console workspace for the domain user account that's logged in to the workstation?
  14. OK, I'll ask QA to confirm whether there are any known instances where this might happen.
  15. It looks like, if there's window position and size data in the config file, EEK is reading it and using it when displaying the window. If you want to reset it back to default, then either delete the a2settings file in the EEK folder, or download a fresh copy of EEK. Technically it is also possible to edit the data in the a2settings file to remove the old information in the [Position] section in order to reset it without deleting the entire file, however we don't recommend doing this. Without knowing exactly what you mean by this comment, it may be in violation of our forum guidelines (specifically the section titled "Posting and transmitting content"). I recommend familiarizing yourself with them.
  16. @FNP-45 this issue should be fixed in our 2020.10 update, which should be releasing soon.
  17. Awesome, we're glad to hear that your files were decrypted.
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ You can post the ID here if you want me to let you know if it's online or offline.
  19. This is a newer variant of STOP/Djvu. Fortunately your ID is (presumably) an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. Emsisoft Emergency Kit is intended to be portable, meaning it can be moved from one computer to another. Settings for window size and position on one computer won't necessarily be optimal on another computer, and so the Emergency Kit Scanner window will launch with default window size and position values.
  22. Let's try getting a diagnostic log, and see what firewalls are registered with the Windows Security Center. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/