Jump to content

GT500

Emsisoft Employee
  • Content Count

    13795
  • Joined

  • Days Won

    432

Posts posted by GT500

  1. Just now, Abdul Khaleel said:

    No key for New Variant online ID: 0tgHyiXCzCQA1xdUkwm1uMPH1yT2oZNIFlbuDOwG
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  2. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  3. It's possible that BitDefender's engine doesn't detect whatever Windows Defender was detecting. It could be a false positive on their part, but I can't know what without being able to forward the file in question to our analysts.

    If you don't mind, would it be possible to extract the archive that is being scanned when the Windows Defender detection happens, and then scan the extracted files with Windows Defender to see which one it detects?

  4. 23 hours ago, maki said:

    I've already said what's causing the problem, but you're not listening.

    No, you haven't. We need logs to determine what's going on. Beyond the scan engine log, you're refusing to get me the logs I need to debug this. Instead, you're being abusive and going off on tangents that are not helping with debugging or understanding the problem.

    If you want help, then supply the requested logs. Without them, I can't help you.

     

    23 hours ago, maki said:

    If the EEK considers the some file "can't open", which will make EEK stop! The EEK should skip the problematic file and continue running, but it doesn't.

    I already told you the log showed EEK wasn't stuck trying to scan a file. The issue is happening before the scan engine can even load. It's trying over and over to load the scan engine, and failing every time. I need more logs to determine what is causing this.

    I want to start with an FRST log, and move on to regular debug logs if FRST doesn't show me anything relevant. Instructions for FRST can be found at the following link:
    https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

     

    As for regular debug logs, here's how to enable them:

    1. Open the Emergency Kit Scanner.
    2. Click on Settings.
    3. Select Advanced to expand the advanced settings.
    4. Scroll down to Debug logging (should be at the bottom) and enable it for 1 day.
    5. Run your scan again.
    6. After the scan has hung, close the Emergency Kit Scanner.

    The logs will be saved in the following location:

    C:\ProgramData\Emsisoft\Logs\

    The debug logs should have a name that starts with a2emergencykit_ and ends in a long number.

    Note: Please be sure to turn debug logging back off after getting the logs, as they can use a lot of hard drive space.

  5. 14 hours ago, JeremyNicoll said:

    Since the GUI presentation is handled by a third-party company's code, is it possible that Window minimise is done by their code not yours?

    I think it's handled by the API for the language that EAM is mostly written in, rather than the UI framework.

     

    11 hours ago, JeremyNicoll said:

    Oh!  I had occasion to reboot, and the problem is now gone.

    OK. Let us know if it happens again.

  6. Just now, Vaibhav2912 said:

    how can they repair

    I already explained that.

    Certain files can be repaired. Many video and audio file formats for instance are repairable with special software. JPG files are technically repairable as well, however as I said it can't be automated, and must be done manually one JPG file at a time. Anyone who would do that for you would charge you a lot of money to do it, and considering the specialized knowledge it would require I doubt very many people could do it.

  7. 4 minutes ago, Vaibhav2912 said:

    How that site can repair that encrypted files can't we use that method?

    Because the entire file isn't encrypted. Only a small portion of the beginning of the file is encrypted, thus making it impossible for anything to open the file. JPEG/JPG files can technically be repaired, however it requires someone to manually repair each file by hand. There's no known automated method of repairing JPG files that will work for STOP/Djvu encrypted files.

  8. Our products use the BitDefender Anti-Virus scan engine to supplement our own, and when it scans archives (ZIP, RAR, 7z, etc) it extract them to the TEMP folder so that it can scan their contents as well. What Windows Defender is detecting appears to be a file that BitDefender's engine extracted from an archive of some sort.

    Note that if Windows Defender deletes a file before EEK gets a chance to scan it, then it won't appear in the list of detections in EEK.

  9. 5 hours ago, cyril said:

    bonjour je n'arrive plus a ouvrir mes fichier, tout c'est fichier ce termine par .booa que faire merci

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    Traduction fournie par Google:
    Il s'agit d'une nouvelle variante de STOP / Djvu. Si vous avez un identifiant hors ligne, une fois que nous pourrons trouver la clé de déchiffrement pour cette variante et l'ajouter à notre base de données, vous devriez pouvoir récupérer vos fichiers. Cependant, si vous avez un identifiant en ligne (ce qui est plus probable), il ne sera pas possible de récupérer vos fichiers. Il y a plus d'informations sur le lien suivant:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  10. 9 hours ago, Black Mamba said:

    a while ago my company fell victim to a ransomware. We had no choice but to pay the ransom. The hacker sent us the decoder but a large file, unfortunately the most important as it was a SQL base with a size of 10 gigabytes can not be decrypted. It sends a message that there is not enough RAM but we ran it on a computer with 16GB memory and nothing happened. The ending of the file is Globeimposter-Alpha865qqz but as far as I know it does not belong to the Globeimposter family but to maoloa. Does anyone have any idea how we can decrypt our file

    If this is for a company then it would be best to inquire about our ransomware remediation service. Here on the forums we mostly just provide support for our free decrypters, and I'm pretty sure no one ever made free decrypters for those ransomwares.

  11. 12 hours ago, Prathamesh Sarjerao Vaidya said:

    Will this help us in decrypting ? Please answer my questions

    If your files have an offline ID and we have the private key for whatever variant of STOP/Djvu encrypted your files, then yes. Otherwise, all it will tell you is that it can't decrypt your files, and it will tell you the ID each file has and whether it is online or offline.

  12. 18 hours ago, saifulamdad said:

    No key for New Variant online ID: lwME7vxLGbkm7m44pp3Z8hc4YpN0YcfG8QKv6NYf
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  13. Please don't post links to malicious content on our forums.

     

    16 hours ago, markjohan said:

    my website got infected with virus/malware. Can you check and inform me how can I solve this issue? Waiting for your answers. I am ready to pay for it.

    We don't offer that sort of service. You'll need to find a company that specializes in analyzing infected websites/servers and cleaning them up. We don't work with any of those companies beyond handling their requests to delist websites they've cleaned up, so we really don't know which ones to recommend.

  14. 16 hours ago, brian ribeiro said:

    last 12/13 I was infected with the .booa virus
    now, i have cleaned my pc but i need to recover a file.
    can you help me?

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

  15. 17 hours ago, Aliahmed said:

    Will offline key be available in the future?

    Private keys for offline ID's are donated by victims who pay the ransom. We have no way of knowing for certain if or when someone will do that.

    Note that us receiving the private key for the offline ID won't help you decrypt your files, since your files have an online ID.

×
×
  • Create New...