GT500

Emsisoft Employee
  • Content Count

    12543
  • Joined

  • Days Won

    375

Everything posted by GT500

  1. That would only be possible if the database of private keys kept by the criminals gets released publicly.
  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. Some criminals will actually reduce the price if they really think a victim can't pay. It's important to understand that they don't actually care about their victims in any way, but when faced with the choice between some money or no money they will often at least make an attempt to get some money from their victims by reducing the ransom. Keep in mind that a lot of these criminals are indignant, thinking of their victims as evil rich people and thinking of themselves as some sort of Robbin Hood, so if you push them too hard they may get mad and refuse to give you a discount.
  4. Every software company goes through occasional periods where their software has bugs. We understand it's frustrating, but we had to make a lot of changes to Windows Security Center integration to meet Microsoft requirements going forward, and with changes like that it's not abnormal for there to be at least a few bugs. Keep in mind as well that problems with Anti-Virus registration with the Windows Security Center aren't uncommon regardless of whose Anti-Virus you're talking about. Microsoft API's aren't always bug-free either.
  5. Extended Support for Windows Server 2003 ended July 14th, 2003. That means this server has gone for 5 years without monthly security updates. You need to switch to a newer Operating System that still received regular security updates, or things like this are just going to keep happening (whoever did this knows you have vulnerable equipment now, and if they don't do this again then someone else will figure it out too eventually). I don't care if you go with Windows, Linux, BSD, or something else as long as it's still receiving security updates. As for the logs, there's nothing that looks like they left behind a copy of the ransomware. The server may still be infected, but I'm really not certain what would run on a 32-bit edition of Windows Server 2003 these days, and I'm not finding much info about some of the odd stuff I'm seeing in the logs.
  6. Try the following, and let me know if it has any effect on the CPU usage: Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Go to Protection status. Select Disable Web Protection. Note that from what I'm seeing in your screenshot, roughly 35% of your CPU usage is from System (a Microsoft Windows system process), and roughly 39% of it is from fdm.exe (your download manager). Between the two, that's about 75% of your CPU usage. As for Emsisoft Anti-Malware, I can only see three of its processes in the list, but a2service.exe and CommService.exe are shown to each be using around 6% (so roughly 12% CPU usage between the two of them), and a2start is only using 1.2%. I can't really say if that's abnormally high without knowing what CPU you have.
  7. We don't usually give status updates on debugging and bug fixing. I know "we're still working on it" sounds bad, but we have no intention of giving up on trying to fix it.
  8. Unfortunately that was the only fix that worked in testing. I'm sure our developers will look in to why it's happening so that it doesn't remain an issue, but for now the only way to fix it is a reinstall. I thought $30 for a 1-year 1-PC license was about $10 to $20 less than what more recognizable companies tend to sell their products for. Does anyone sell licenses for full Anti-Virus software for less than us (overlooking "free" Anti-Virus of course).
  9. @Burak and @Pratik this is a newer variant of STOP/Djvu, and we do not yet have the private key for its offline ID. Once we do, it should be possible for both of you to decrypt your files. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  11. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ Note: I would believe that BleepingComputer's news is only available in English. Traducción proporcionada por Google: Si las fuerzas del orden público pueden atrapar a los delincuentes u obtener acceso a sus servidores y liberar sus claves privadas para usarlas en descifradores, entonces podemos agregarlos a nuestra base de datos para que todos puedan recuperar sus archivos. Nuestra recomendación es guardar una copia de seguridad de sus archivos cifrados y guardarla en un lugar seguro en caso de que sea posible descifrarla en algún momento en el futuro. También recomendamos vigilar el suministro de noticias de BleepingComputer, ya que generalmente informarán sobre nuevos desarrollos con descifradores de ransomware: https://www.bleepingcomputer.com/ Si tiene un lector de fuentes RSS, también tienen una fuente RSS para que no tenga que buscar noticias manualmente: https://www.bleepingcomputer.com/feed/ Nota: Creo que las noticias de BleepingComputer solo están disponibles en inglés.
  12. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  13. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  14. As humorous as it sounds, some people actually do this. We've received private keys for the offline ID's of roughly 40 different newer variants of STOP/Djvu this way. It may take some time, however the odds are reasonably good that someone will do it eventually.
  15. Anyone can use ECC. It's available right from MyEmsisoft, and all you have to do is create a workspace and add license keys to it. Some of the features may only be useful to enterprise customers, but a lot of them can be useful to regular/home users as well. It could be a bug in this version of the forum software. You're not the only one to complain about it. I would believe that only moderators and admins can delete or hide posts. Decisions like this aren't necessarily made lightly. We always know there will be people who don't want us to make changes, but sometimes it's still necessary to ensure that our resources and development time are focused in the areas that serve our customers the best. Granted in this instance is was a minor feature that probably required no real maintenance to keep, but time spent on a feature isn't always the reason why it's discontinued. I can certainly understand and sympathize with this point of view. There are a lot of us on the Emsisoft team who also like the idea of more control as well. That being said, our product is marketed to those with limited computer knowledge who don't want a bunch of complicated options, and would rather have things be as simple as possible. Sadly, more complicated products that are marketed towards advanced users don't tend to do well. Just look at what happened to WinPatrol, Sandboxie, and countless firewall programs over the years. Software like that just isn't sustainable, and always ends up either getting discontinued, or bankrupting the company that's making it.
  16. All I've been told thus far is that the issue has been forwarded to their QA team. I don't know anything more than that for the moment. I can give your post a little trophy, and add a little extra time to your license key for helping us debug this.
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. We don't have the private key for the .leto variant of STOP/Djvu yet. You'll have to wait until another victim of the same variant who also has an offline ID pays the ransom and sends us the decrypter the criminals sent them.
  22. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  23. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/