GT500

Emsisoft Employee
  • Content Count

    10509
  • Joined

  • Days Won

    296

Everything posted by GT500

  1. The two-factor authentication code is sent via e-mail.
  2. Let's try getting a diagnostic log. The instructions and download are available at the following link: https://help.emsisoft.com/en/1735/how-do-i-use-the-emsisoft-diagnostic-tool/
  3. That means it's an ID we don't have in our database. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. If you have an online ID, then there's nothing we can do to help you. A company like Coveware may be able to help you negotiate with the criminals for a lower ransom, however Coveware usually works with businesses that have to pay extremely large ransoms so I don't know how much help they'll be.
  5. OK, then make sure that any security software (Anti-Virus, firewall, etc) you have installed isn't blocking the decrypter's Internet access.
  6. That's a variant of STOP/Djvu. You have an online ID, however it's one of the older variants so our decrypter should be able to help you. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. OK. Be sure to let me know if you encounter any further issues.
  8. Try the following: Open Emsisoft Anti-Malware. Click on Settings. Click on Advanced in the menu at the top. Disable the option that says "Start on Windows startup". Re-enable that option, and then restart the computer.
  9. There is no new decryption tool being worked on. For offline ID's we can add the decryption keys to our database if we find them, however for online ID's there's nothing that can be done without access to the criminals' database of private keys. That's probably a DNS error. Can you visit the following link in your web browser? https://decrypter.emsisoft.com/
  10. That doesn't work with most ransomware, since they delete the shadow copies. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ As for paying the ransom, while it is not recommended, I would believe that these particular criminals do deliver a working decrypter if you pay. You can also go through a third-party (such as Coveware) if you'd prefer someone negotiate a lower price for you, however note that such services are often intended for businesses and are often still expensive.
  11. It's possible the file is corrupt of damaged in some way that might prevent their free decryption from working.
  12. I would believe that there's still nothing that can be done about the Phobos ransomware, however Amigo-A may remember something that I don't (once he realizes that you're a victim of Phobos and not STOP/Djvu).
  13. We know the IP's the criminals have used for their command and control servers (they actually do keep them protected), and there is no need to track IP's as STOP/Djvu infections normally come from pirated software (or fake music and movie downloads) rather than from RDP compromise or something similar.
  14. You found public keys. Private keys are required for decryption, and there is nothing you can learn from the public keys that could aid in decryption.
  15. It should run fine on Windows 7 SP1. It does require a newer version of the .NET framework than ships with Windows 7, and it will require that you install Windows Updates. If the update that adds SHA-2 hash support for Windows 7 is not installed, then not only will our software fail to run on your computer, but any newer software from other companies who have had their SHA-1 code signing certificates expire will also fail to run on your computer. You can get the latest version of the .NET framework from the following link: https://dotnet.microsoft.com/download/dotnet-framework
  16. This is a newer variant of STOP/Djvu. If you have an online ID, then once we can find the decryption key for this variant and add it to our database you will be able to recover your files. however, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. These are both newer variants of STOP/Djvu. If you're extremely lucky, then you have offline ID's for both of them, and as soon as we can find the decryption keys for these variants we can add it to our database and you can recover your files. Unfortunately it's more likely that at least one of the variants was able to connect to its command and control servers, and therefore at least one will have an online ID, in which case it will be impossible to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we are able to find the decryption key for this variant we'll be able to add it to our database for you to decrypt your files, however if you have an online ID (which is more likely) then there will be no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. This is a newer variant of STOP/Djvu, and the decryption key for the offline ID has more than likely not been added to our decrypter yet. As for those with online ID's (which are probably most of you) note that there will be no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  22. I haven't been informed of STOP/Djvu doing this, however even if it does please note that once it's removed from your computer it's completely powerless to do anything to your files. If you want to make sure that it has been removed, then note that Emsisoft Emergency Kit is capable of detecting and removing it: https://www.emsisoft.com/en/home/emergencykit/
  23. Access denied means that the decrypter wasn't allowed to access the file. Either due to file permissions, or some other software on the computer preventing access (Anti-Virus software for instance). That being said, .coot is from a newer variant of STOP/Djvu, so unless you have an offline ID then the decrypter isn't going to be able to decrypt your files. There's more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  24. The log you attached doesn't include the scan results. You can find the scan log in the Reports folder, which is in the EEK folder (by default this will be in the root of your C:\ drive).
  25. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/