GT500

Emsisoft Employee
  • Content Count

    12209
  • Joined

  • Days Won

    360

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. It may still be possible to decrypt the files some day. Just keep in mind that it won't been soon. The STOP ransomware has been around for a few years, and the Djvu variant has been around for about a year and a half. Whoever is behind it doesn't show any signs of stopping, and law enforcement hasn't arrested them yet, so it may still be some time before we're able to do anything more than we can right now.
  3. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Traduction fournie par Google: Il s'agit d'une variante plus récente de STOP / Djvu. Si vous avez un ID hors ligne, une fois que nous pourrons trouver la clé de déchiffrement pour cette variante et l'ajouter à notre base de données, vous devriez pouvoir récupérer vos fichiers. Cependant, si vous avez un ID en ligne (ce qui est plus probable), il ne sera pas possible de récupérer vos fichiers. Il y a plus d'informations sur le lien suivant: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. You need to upload file pairs via our online submission form so that the decrypter can be "trained" how to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. This is a newer variant of STOP/Djvu, and since your ID is an online ID there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. Did @JeremyNicoll's explanation make sense, or do you need me to write instructions?
  11. Some of our support representatives will answer support requests via e-mail or live chat on the weekends just to make sure that there isn't a backlog of questions waiting to be answered, and there are times that I do that on the forums as well (although I don't do it every weekend). If you're sending the e-mail through the chat app available at my.emsisoft.com then it sends an e-mail to the same system we handle e-mail support from. That system is manned almost 24 hours a day, however if there is a higher volume of support requests coming in then that will slow down response times.
  12. That explanation is still correct, and is more than likely the reason why you didn't see the phishing host you reported blocked by the extension (assuming it had already cached a result for that domain). It's correct that we already know about the issues in Firefox. Unfortunately I haven't been given any explanation as to why it hasn't been fixed yet.
  13. From the product description on their website, it sort of sounds like it does what our Behavior Blocker does. That being said, I don't really know more about how it works, however I don't generally recommend extra "layers" of protection that include real-time protection as having more than one of those can potentially cause problems.
  14. @Tahir Moeen one of our moderators hid your post because it contained personal information. Everyone can view and download pictures you attach to your posts, and we wouldn't want anyone to use your information for nefarious purposes. What types of files have you managed to decrypt thus far, and what else do you still need to decrypt?
  15. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  16. Something malicious on your computer may have modified the decrypter's files while it was running. Try scanning your computer with Emsisoft Emergency Kit and quarantine everything it detects, then download the decrypter again and see if it works OK now.
  17. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  19. The decrypter hasn't been updated in the past nine months.
  20. What did the decrypter tell you when it failed to decrypt your files?
  21. As long as the files have an offline ID, then they should be decryptable once we have the private key. When in doubt, run a file though the decrypter, and it will tell you whether a file's ID is online or offline.
  22. The extension catches results so that it doesn't have to request them again. The VirusTotal results are also sometimes out of date.
  23. Properly configured HTTP servers is just as important, if not more so.
  24. I'm not as concerned about the FRST logs (they would only show me relevant info if the system had crashed recently enough). As for a memory dump, first you'll need to verify some Windows settings. Please follow the instructions below to ensure that your computer is set to save crash dumps: Hold down the Windows key (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and hold down the 'R' key to open the Run dialog. Type in "control system" and click 'OK'. On the left, click on "Advanced system settings". In the "Startup and Recovery" section, click on the 'Settings' button. Please ignore the "System Startup" and "System Failure" sections. In the "Write debugging information" section, please change the first option to "Complete memory dump" (it may say something like "Small memory dump", "Kernel memory dump", or "Automatic memory dump"). The "Dump file" field should say "%SystemRoot%\MEMORY.DMP" which means that it will save the dump as MEMORY.DMP in your Windows folder (usually "C:\Windows"). If it does not say "%SystemRoot%\MEMORY.DMP" then please change it so that it does. Make sure that "Overwrite any existing file" is selected. Click the 'OK' button, and restart your computer to save the changes. Once you've verified those settings, I recommend making sure your pagefile is set to be larger than the amount of RAM in your computer, otherwise the memory dump will fail to save. There are instructions for editing the pagefile/virtual memory settings at the following link: https://www.tenforums.com/tutorials/77692-manage-virtual-memory-pagefile-windows-10-a.html
  25. If we do update it, then it will probably be once Microsoft rolls out the new Chromium Edge to most Windows 10 PC's via Windows Update, and once our extension is on the Chromium Edge extensions site.