Jump to content


Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Posts posted by GT500

  1. 7 hours ago, jedsiem said:

    I sense a different kind of root cause here. When trying to switch the update branch or trying to deactivate the "autoupdate" option, the change is not accepted.
    The change was reverted instantly back. So it feels like EMSI isn't able to keep the change.

    Any idea beside deinstalling and reinstalling?

    Do you manage EAM via our Cloud Console (my.emsisoft.com)? If yes, then did you make the changes to settings in your workspace settings, or locally on the effected machine?

  2. 14 hours ago, Bahas said:

    I've applied the decryptor to my files and it's show that it's an online one. here's the ID appears.

    Error: No key for New Variant online ID: bzc2gX7XeZ7Y4znCCIJRVEkKtKXcviloNgnOH8Nn
    Notice: this ID appears to be an online ID, decryption is impossible

    Different files can have different ID's, and it's possible for the ransomware to switch from using an offline ID and public key to using an online ID and public key in the middle of encrypting files if it's suddenly able to communicate with its command and control servers and request an ID and keys be generated for your computer.


    14 hours ago, Bahas said:

    Any chance to get back my files or not???

    Files with online ID's can't be decrypted unless you can get the private key for your ID from the criminals, and they only give those to people who pay the ransom.

  3. 16 hours ago, halcetin said:

      Özür dilerim. Çevrim dişı kimlik varsa anlamadığımdan soruyorum. virusu yayan kişinin  PC bıraktıgı notun içinde beni oku   t1 ile biten Kişisel Kimlikten    bahsediyorsanız var. ilk  mesajımda size gönderdim         Sizin kimlik  ID     bu var    uzantı   .igal

    Yes, I was referring to the Personal ID in the "_readme.txt" file that you attached to your post. It's an offline ID, so if you just run the decrypter once every week or two then if someone sends us a private key for this variant the decrypter should start decrypting your files once we add the private key to our database.

    Google tarafından sağlanan çeviri:
    Evet, gönderinize eklediğiniz "_readme.txt" dosyasındaki Kişisel Kimliğe atıfta bulunuyordum. Bu çevrimdışı bir kimliktir, bu nedenle şifre çözücüyü haftada bir veya iki kez çalıştırırsanız, biri bize bu değişken için özel bir anahtar gönderirse şifre çözücü, özel anahtarı veritabanımıza ekledikten sonra dosyalarınızın şifresini çözmeye başlamalıdır.

  4. 8 hours ago, bbbb said:

    Out of curiosity, what is main cause that your scanning popular utilities like adwCleaner, GPUZ, Process Explorer from MS/Sysinternals etc.. making Defender crazy (because when defender scan/control by itself these utilities it does not have any problems with them)?

    Windows Defender is just scanning everything that EEK scans. If EEK extracts an archive to scan the contents, Windows Defender will scan the extracted files as well (usually before EEK has a chance to).


    8 hours ago, bbbb said:

    BTW Nirsoft utilities something wrong with them? Or just "nature" of them making Defender going crazy when eek scan them?

    There have been a number of instances of Nirsoft utilities being bundled with malicious software due to their capabilities, and due to this Anti-Virus software from quite a few companies will detect them as potentially dangerous or unwanted.

  5. 3 hours ago, Déco said:

    Hello, I would like to know if Emsisoft supports Opera browser, if I use Opera will I be protected against phishing and bank protection? Or does protection only apply to Chrome?

    Our extension only officially supports Google Chrome, Microsoft Edge (both new and old versions), and Mozilla Firefox. That being said, the extension does work in other Chromium based browsers (such as Vivaldi), and thus it should work fine in Opera as well.

    • Like 1
  6. 12 hours ago, halcetin said:

    Sayın Emisoft Desteği; 27 .12. 2020 tarihinde dizustu bilgisayarıma .igal uzantılı virüs girdi C ve D de bulunan 700GB tüm arşivim (pdf, rar, mp3, wav, exel, word, jpeg.pnp,) şifrelendi virüs taraması yaptırdım açılmıyor Bu. igal uzantılı virüs için çözüm nedir ne yapmalıyım. beni aydınlatırsanız memnun olurum.

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:


    Google tarafından sağlanan çeviri:
    Bu, STOP / Djvu'nun daha yeni bir çeşididir. Çevrimdışı bir kimliğiniz varsa, bu varyant için şifre çözme anahtarını bulup veritabanımıza ekledikten sonra dosyalarınızı kurtarabilmeniz gerekir. Ancak, çevrimiçi bir kimliğiniz varsa (ki bu daha olasıdır), dosyalarınızı kurtarmanız mümkün olmayacaktır. Aşağıdaki bağlantıda daha fazla bilgi var:

  7. 14 hours ago, sufiyan said:

    so sir what can i do?

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:

  8. 19 hours ago, dkds said:

    let me understand pls; for what reason then, it goes into this mode,  if  change nothing?

    Emsisoft Anti-Malware enters Silent Mode when a fullscreen application is open (games, videos, etc). By default Silent Mode will prevent updates, suppress notifications, and prevent scheduled scans from running in order to prevent these features from disrupting a user's activity on the computer. If you disable all of these, then Silent Mode will do nothing when it activates.

  9. 4 hours ago, jedsiem said:

    Is there a best practice? Hints for registry keys to check?

    Can you try running the following PowerShell command, and paste the output into a reply (you can send it in a private message if there's anything confidential in the output)?

    Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct

    The command doesn't require admin rights on Windows 10.

  10. 13 hours ago, AD Music said:

    I got my files encrypted with .coos extension :[ is there literally any way i can get back my only one mp3 file

    Im soo sad :,(

    It might be possible to use software intended for recovering MP3 files, as the ransomware only encrypts a small portion of the beginning of the files. Larger files that are in formats that are tolerant of missing data can actually be recovered, and some music and video formats fall into that category.

  11. 21 hours ago, arifromansa12 said:

    No key for New Variant online ID: kHPl9xz72WpsHv4iypkRLqWBRMDZZ62f5hZhTado
    Notice: this ID appears to be an online ID, decryption is impossible

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:

  • Create New...