GT500

Emsisoft Employee
  • Content Count

    12842
  • Joined

  • Days Won

    387

Everything posted by GT500

  1. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  2. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  3. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  5. This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  7. What did the decrypter say when you tried it?
  8. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  9. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. That's certainly a difficult one. I imagine that over time hearing about your good experiences with us could help convince some people, however it's important to try to avoid coming across as a "fanboy" as that may lead people to dismiss what you have to say.
  11. I'm glad to hear that fixed it. If you need anything else, then please let us know.
  12. Applications can ask Windows to reserve memory for them in case they need more as they load more data into memory, that way they don't have to worry about whether or not there is free memory when they need more. Windows doesn't list this reserved memory as in use by running processes, but rather lists it as free (memory that isn't in use). Because of this, most memory usage information isn't actually going to give you an accurate picture of when crashing will happen due to the system running out of unreserved RAM. Click the Back button in the left below the list of monitors to go back to the screen that shows all the graphs. Read the memory usage from that graph. Technically I think it's showing the commit charge.
  13. So it only happens on startup then, and not just after the system has been running for some time?
  14. chkdsk is intended to repair the filesystem. Corrupted files can't be validated or repaired unless there are backup copies of them. From what I've been told about similar issues you've reported in the past, my understanding is that this probably won't be the case, and you'll more than likely only see the issue when using your scripts.
  15. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. If law enforcement is able to catch the criminals or otherwise gain access to their servers and release their private keys for use in decrypters, then we can add them to our database so that everyone can get their files back. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  17. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. I've been told that our analysis has yet to be completed, so we don't yet know for certain if the ransomware is decryptable.
  19. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. If for any reason Windows isn't able to remove files scheduled for delete on reboot on the first restart, then it needs a second one to complete the process. Unfortunately it's not something we have control over. If it happens again and that process isn't running, then that would explain why the issue is happening. It's what handles reporting to the Security Center.
  21. In Process Hacker click on the System information button in the toolbar, and it will open some resource usage graphs. The Memory graph should show you combined physical and virtual memory usage, based on the amount of reserved memory and not the actual amount that's in use, so it will give you a better idea of whether or not your system is running low on unreserved memory (memory that's not only "free" but which also hasn't been reserved for use by running programs). I don't think it usually dumps more than the actual in-use amount of memory, however it may be dumping memory reserved by a2service as well. Sometimes WER fails to create dumps, and I'm not actually certain why. It may have something to do with our own crash reporting tool attempting to also capture crash related data, however I've seen it happen with a lot of unrelated processes as well (games, driver apps, etc). I guess it's also possible WER just isn't recognizing the application termination as a crash.
  22. Unfortunately we won't be able to make any progress on it for a little while. The current EPP is going to be updated in the (hopefully) near future, and we're currently focusing development and QA efforts on getting it ready ASAP. Now there's always the possibility that the update to EPP will help with your issue as well, however if it doesn't then we'll have to get new debug information once the new version of EPP is released.
  23. If it's a newer variant, then no, that's not possible.
  24. This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/