GT500

Emsisoft Employee
  • Content Count

    13300
  • Joined

  • Days Won

    412

Everything posted by GT500

  1. It looks like, if there's window position and size data in the config file, EEK is reading it and using it when displaying the window. If you want to reset it back to default, then either delete the a2settings file in the EEK folder, or download a fresh copy of EEK. Technically it is also possible to edit the data in the a2settings file to remove the old information in the [Position] section in order to reset it without deleting the entire file, however we don't recommend doing this. Without knowing exactly what you mean by this comment, it may be in violation of our forum guidelines (specifically the section titled "Posting and transmitting content"). I recommend familiarizing yourself with them.
  2. @FNP-45 this issue should be fixed in our 2020.10 update, which should be releasing soon.
  3. Awesome, we're glad to hear that your files were decrypted.
  4. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ You can post the ID here if you want me to let you know if it's online or offline.
  5. This is a newer variant of STOP/Djvu. Fortunately your ID is (presumably) an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. Emsisoft Emergency Kit is intended to be portable, meaning it can be moved from one computer to another. Settings for window size and position on one computer won't necessarily be optimal on another computer, and so the Emergency Kit Scanner window will launch with default window size and position values.
  8. Let's try getting a diagnostic log, and see what firewalls are registered with the Windows Security Center. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  9. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. I recommend excluding the decrypter in your Anti-Virus software to minimize any interference with it.
  11. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. As long as the e-mail address and payment sites used by the criminals are still online, then I would believe the odds are fairly good that the criminals will send you a working decrypter if you pay the ransom. Coveware reports that there's a 99% chance of successful decryption for those who pay the ransom.
  13. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. There are no new developments in regards to this ransomware.
  15. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  16. If that's the case, then why is it that when I look up your IP address on ID Ransomware, it shows a result for GlobeImposter 2.0? I'm fairly certain that none of the variants of Globe have been in distribution for years, however I know that GlobeImposter 2.0 is still in distribution. Could you attach a few encrypted files and a copy of the ransom note to a reply for me?
  17. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. That means it is still searching for encrypted files. It will stop saying "starting" once it has found them. Traducción proporcionada por Google: Eso significa que todavía está buscando archivos cifrados. Dejará de decir "iniciando" una vez que los haya encontrado.
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. We get these keys when victims who have an offline ID pay the ransom and donate their private key to us, so there's no way to know when that might happen. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traducción proporcionada por Google: Esta es una variante más nueva de STOP / Djvu. Si tiene una identificación fuera de línea, una vez que podamos encontrar la clave de descifrado para esta variante y agregarla a nuestra base de datos, debería poder recuperar sus archivos. Sin embargo, si tiene una identificación en línea (que es más probable), no será posible recuperar sus archivos. Hay más información en el siguiente enlace: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  24. Then it's probably GlobeImposter 2.0 or something like that. Did you check with ID Ransomware? If it's GlobeImposter 2.0 then it should identify it accurately.