GT500

Emsisoft Employee
  • Content Count

    13320
  • Joined

  • Days Won

    413

Posts posted by GT500


  1. 20 hours ago, Ludy said:

    Intel(R) Celeron(R) CPU N3450 @ 1.10GHz

    That's a fairly slow processor from 2016, so you're going to see higher CPU usage on it than you would an Intel Core i3 or an Intel Core i5. That being said, 11% does seem a bit high for idle usage. Do you have any other security software (Anti-Virus, Firewall, Anti-Spyware, Anti-Malware, etc) on the computer?

    As for the CPU usage during a scan, that's completely normal. Our scanner attempts to use all available CPU cores in order to scan as many files at the same time as possible. This helps reduce scan times.


  2. I ran a couple of dozen context menu scans, and while every now and then the green text "No suspicious files were found in this scan!" would occasionally fail to appear, the buttons "View report" and "Close" were always there. Also, when I would move the mouse into the EAM window, the missing text would suddenly appear.

    I'll let QA know, but they'll probably want debug logs from someone having the issue with the buttons disappearing. @marko do you remember how to get debug logs?


  3. On 10/1/2020 at 2:19 PM, David Peñaloza said:

    Hi, when there is an Online ID and decryption is imposible, is there any chance in the future to decrypt the files?

    If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back.


  4. 3 hours ago, yuan said:

    No key for New Variant online ID: SWBlLCp1QLipPjTKkMpl8aUyWg0SJtqxIrXI2OfP
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  5. On 10/4/2020 at 4:27 AM, JoeSato said:

    No key for New Variant offline ID: deac7Sn2GuDNdN1CbhZnvk664iBmYwX1uD4u0Xt1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  6. On 10/4/2020 at 5:16 AM, JUNO said:

    is there any way to stop .repp ransomware now ?

    lots of my personal file is encrypted . please help? 

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  7. On 10/4/2020 at 4:04 AM, DaC said:

    My computer is attacked by .kasp virus, please help to me to recover my files

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  8. On 10/4/2020 at 3:35 AM, Anis Shah said:

    Any update regarding my issue sir? I was searching for solution on the website which you have shared with me, but i havent found any solution regarding .bora virus. Can you please update me regarding this thing?

    No, there are no updates. Online ID's for newer variants of STOP/Djvu use RSA keys, which are impervious to most attacks. Without obtaining the private keys from the criminals, there is no way to decrypt files with online ID's.


  9. 1 minute ago, stapp said:

    Not quite following what you are doing (I think mentioning the VM has confused me --not difficult!)

    For me it is just the text on scan end that is missing until I place cursor/mouse in the window. The buttons are always there. (dark mode used for GUI)

    I have various versions of Windows installed in Virtual Machines (VM's) so that I can test in different Operating Systems with only one computer, and when we release a new beta of EAM at the end of the month I do some basic tests to make sure that the update to the new version and scans at the very least all work as expected on each version of Windows I have installed. Since the VM's run in a window on my Desktop, I can move my mouse out of the VM and then back in when I need to interact with something running in it. When I saw this issue, my mouse was outside of the VM window, and since I corrected itself as soon as I moved the mouse back into the VM window I just assumed it was related to my mouse pointer being outside of the VM window.


  10. On 10/3/2020 at 4:55 AM, paktee said:

    No key for New Variant offline ID: hZcC4PEfaqDNIXxy0ProMPOAk3JS3K1JoUqoq0t1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  11. On 10/4/2020 at 10:42 AM, Cranfield said:

    Yes, I appreciate what you say, but as the Defender notice referred to an "app", I assumed it meant something I had installed/downloaded knowingly.

    On Windows the term "app" is usually used for Microsoft Store apps, which are different from traditional applications that you download and install. You can remove these by right-clicking on the Start button and selecting Apps and Features.

    If you notice any more of these notifications then I recommend running a scan with FRST and posting the logs here for me to review. You can find instructions for downloading and running FRST at the following link:
    https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

    Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.