GT500

Emsisoft Employee
  • Content Count

    13551
  • Joined

  • Days Won

    424

Posts posted by GT500


  1. It's not WannaCryFake, however we're not entirely certain what it is just from the encrypted file. You wouldn't happen to have a copy of the malicious program that encrypted your files, would you? Perhaps in the quarantine of the Anti-Virus software you use? Or do you remember where the infection originally came from?

    If you do have a copy of the malicious file, then please upload it to VirusTotal for analysis, and post the link here for us to review:
    https://www.virustotal.com/gui/home/upload


  2. 22 hours ago, justfa said:

    what do you think? it is better if i wait for new software update? or just delete my file?

    i am very desperate because all of my on going thesis research was infected   

    Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

    We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters:
    https://www.bleepingcomputer.com/

    If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news:
    https://www.bleepingcomputer.com/feed/


  3. 16 hours ago, eliastz said:

    A  paid piece of software ought to simply work - the customer should not have to enagage with developers, provide debug logs, etc.

    I understand that this is frustrating, however every software has bugs, and the developers need information about those bugs in order to fix them. They can't just wave a magic wand and make all of the problems go away. If we're not able to reproduce the issue in our own testing, then someone who is having the issue needs to send us debug information so that our developers know what is causing it. Without this information, fixing the bug is usually impossible.

    During the course of this year, a number of people have provided us with debug information for performance issues, and as far as I know we were able to resolve those issues for everyone who sent us logs. Unfortunately I don't think anyone sent us feedback after the last fix was published, and since no one told us this was still a problem we could only conclude that the issues had been fixed. After all if no one is complaining about a problem, then it must not be a problem any longer.


  4. 12 hours ago, David86 said:

    they use new extention called Jdyi

    Latest Emsisoft Decryptor for STOP Djvu is not work, so for now there is no decryptor for this new extention of STOP Djvu ?

    It's just another Djvu variant of the STOP ransomware. They change very little about the ransomware from variant to variant, except the extension that gets appended to the files and the offline ID and keys used on computers when the ransomware can't connect to its command and control servers.

    Our decrypter works with all variants of this ransomware. For newer variants like this one, if you have an offline ID then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  5. On 11/1/2020 at 6:18 PM, quietman7 said:

    decryption of data requires an OFFLINE KEY with corresponding private key.

    You mean an Offline ID?

     

    On 11/1/2020 at 4:34 AM, khasalkhaas said:

    Your personal ID:
    0251riuyfgha1eQvcxBrzMBucLpedAgtrTADxpeKny4FdfzsNAa

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  6. On 11/1/2020 at 8:09 AM, yusuf ben said:

    is there any decrypt tool for this virus? I can't see anything. I has been waiting since february. I hope so you will find one day.I am so sad. What can i do ?

    Yes, but it requires private keys to decrypt newer variants, and only the criminals have access to those private keys. For files with online ID's decryption is impossible.


  7. 7 hours ago, eliastz said:

    This has been going on for months now - no attempt by emsisoft to fix it. 

    We thought this was fixed. With no one reporting that the issue was still happening, we had no way to know it was still a problem.

    We're going to need to know which process is using too much CPU time. If you're on Windows 10 then please be sure to switch to the Details tab in Task Manager so that you can give us a process name that ends in .exe rather than one of the "friendly" names that appear on the Processes tab.

    We will also need debug logs from anyone still having this issue. Here's how to enable debug logging:

    1. Open Emsisoft Anti-Malware.
    2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
    3. Click Advanced in the menu at the top.
    4. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled for 1 day.
    5. After that, close the Emsisoft Anti-Malware window.
    6. Restart your computer. If you're on Windows 8.1 or Windows 10 then restart by right-clicking on the Start button, going to Shut down or sign out, and selecting Restart from this list to bypass Fast Startup.
    7. Reproduce the issue you are having (wait until the CPU usage gets high).


    Here's how to send us the debug logs once you've been able to reproduce the issue:

    1. Open Emsisoft Anti-Malware.
    2. Click on the little icon in the lower-left (right above the question mark) that looks like little chat bubbles.
    3. Click on the button that says Send an email.
    4. Select the logs on the right that show today's dates (if you try to send too many logs, then we may not receive them).
    5. Fill in the e-mail contact form with your name, your e-mail address, and a description of what the logs are for (if possible please leave a link to the topic on the forums that the logs are related to in your message).
    6. If you have any screenshots or another file that you need to send with the logs, then you can click the Attach file button at the bottom (only one file can be attached at a time).
    7. Click on Send now at the bottom once you are ready to send the logs.

    Important: Please be sure to turn debug logging back off after sending us the logs. There are some negative effects to having debug logging turned on, such as reduced performance and wasting hard drive space, and it is not recommended to leave debug logging turned on for a long period of time unless it is necessary to collect debug logs.

    • Like 1

  8. This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  9. 12 hours ago, Xavier77 said:

    No hay clave para el ID en línea de la nueva variante: "8E0nT4idQNmYYtmidGN4idTdxLaGk0net8OPO1vP"

    This is a newer variant of STOP/Djvu, and your ID is an online ID, so there is currently no way to decrypt your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

     

    Traducción proporcionada por Google:
    Esta es una variante más nueva de STOP / Djvu, y su identificación es una identificación en línea, por lo que actualmente no hay forma de descifrar sus archivos. Hay más información en el siguiente enlace:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  10. 18 hours ago, voceket said:

    No key for New Variant online ID: 1zUtgOhPFChqExonXnBLhdAoUkXhiZkM2nXNcbdg

    This ID is an online ID, so there is currently no way to decrypt your files.

     

    19 hours ago, voceket said:

    No key for New Variant offline ID: l3dZiQAloIT4h5EjQ4fTo1iCvZy9j4rkznbVeUt1

    This ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information about the decrypter and this ransomware at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  11. 21 hours ago, Ish said:

    Same issue. LYLI EXTENSION shown in all files. EMSISOFT - shows decryption is impossible

    This is a newer variant of STOP/Djvu. If you have an offline ID, then once we can find the decryption key for this variant and add it to our database you should be able to recover your files. However, if you have an online ID (which is more likely) then it will not be possible to recover your files. There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  12. 20 hours ago, psamanta said:

    No key for New Variant offline ID: hZcC4PEfaqDNIXxy0ProMPOAk3JS3K1JoUqoq0t1
    Notice: this ID appears be an offline ID, decryption MAY be possible in the future

    This is a newer variant of STOP/Djvu. Fortunately your ID is an offline ID, however we don't yet have the private key for it. I recommend running the decrypter once every week or two so that you can see when we've been able to add the private key for your variant.

    There is more information at the following link:
    https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/


  13. Also, note that if you can get us debug logs from a system having this issue then it will help us better understand what's going on so that we can fix it. Here's some instructions on how to get debug logs for us:

    1. Open Emsisoft Anti-Malware.
    2. Click on the little gear icon on the left side of the Emsisoft Anti-Malware window (roughly in the middle).
    3. Click Advanced in the menu at the top.
    4. Scroll to the bottom of the Advanced section, and change the option for Debug logging to Enabled always.
    5. After that, close the Emsisoft Anti-Malware window.
    6. Reproduce the issue you are having (wait for EAM to start causing the system to hang on startup).
    7. Once you have reproduced the issue, work around the startup issue (either via the method I mentioned above or via the method you're already using) so that you can start Windows normally.
    8. ZIP the debug logs (located in %ProgramData%\Emsisoft\Logs which you can paste the the Run dialog to quickly navigate to) and send them to me in a private message.

    Note that if you need to send the logs via e-mail that you can send them to support@emsisoft.com and include a link to this forum topic.


  14. 11 hours ago, NiThR0 said:

    Unfortunately, system stops responding when EAM is loading after system booted. Only hard reset helps.

    How long have you waited to see if the system starts responding again?

    Without getting debug logs, the only thing I think may help is to put EAM in Silent Mode, as EAM won't download updates in Silent Mode. Please note that this won't work if you simply enable Silent Mode in EAM's settings, as it won't persist after a restart. You'll need to have EAM connected to a workspace in MyEmsisoft and you'll need to enable Silent Mode in the workstation's settings in MyEmsisoft. The nice thing about this is it can be done while the workstation is offline, as the setting is applied on startup when EAM connects to the Emsisoft Cloud Console to sync its settings with your workspace.

    FYI: I did test using Silent Mode this way to prevent updates from installing on startup, and the Silent Mode setting is applied before EAM attempts to check for updates, so it does successfully block the update that will run on startup if the database hasn't been updated within the past hour.