David B.

You're welcome Petr, if you have further issues, please let us know. Here, or via email to [email protected]

Thank you Amigo-A, helpful as always!

I'm glad you found them. Quite strange indeed. Perhaps you have a custom filter configured for [email protected]*?

Hello Petr, Several email were sent out, all arrived and were accepted by Google. I'd suggest searching your entire Gmail account for anything from [email protected]

Hello, "Error" is not quite the word that should be there. It should probably say "Info: No key for New Variant online ID" Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. You can try deleted file recovery software such as Revo from Piriform to see if you can recover older copies of some files, but this does not usually work well. With larger files such as movies or music, sometimes the files will still work if you just change the filenames back to original, since STOP(Djvu) only encrypts the first part of each file. There will of course still be part of the file that is encrypted and effectively corrupt. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Unfortunately there is still nothing we can do about this newer STOP(Djvu), and I'm told there won't be for the foreseeable future. My prewritten yet pertinent information about it: Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. You can try deleted file recovery software such as Revo from Piriform to see if you can recover older copies of some files, but this does not usually work well. With larger files such as movies or music, sometimes the files will still work if you just change the filenames back to original, since STOP(Djvu) only encrypts the first part of each file. There will of course still be part of the file that is encrypted and effectively corrupt. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

From our ransomware experts, you may find useful information here: https://fsrm.experiant.ca

Hello Ferchich, The file you submitted was encrypted with an online encryption key. Refer back to the link ShadowPuterDud gave you, please. To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. You can try deleted file recovery software such as Revo from Piriform to see if you can recover older copies of some files, but this does not usually work well. With larger files such as movies or music, sometimes the files will still work if you just change the filenames back to original, since STOP(Djvu) only encrypts the first part of each file. There will of course still be part of the file that is encrypted and effectively corrupt. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Hello abhinav, Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Hello amitkarmakar and Asif N Siddiqui, That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Hello mohamadtawalbeh, Please send one encrypted file about 1 MB in size, and one of the ransom notes left on the computer, for analysis. You can also email them to [email protected] and mention your forum thread URL.

Thanks Lynx. Very correct reply! I'll keep an eye open for L_1_N_G_U_S' reply.

That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Hello abteen6, Please attach one encrypted file about 1 MB in size, and one of the ransom notes left on the computer, for analysis.

Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

Hello TeaJay, If that happens, please begin by restarting the computer. Sleep mode is traditionally a bit flaky, so I'm not entirely surprised by your report. In case there is something interfering that I can spot, please gather two logs using FRST, a tool used worldwide by malware removal experts for free malware removal and tech support, and attach them to a reply to this email. Instructions can be found here: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Guesses and theories do nobody any good. I've already replied to you, Kevin. As far as the rest of the questions, there are several, but much more outright conjecture than questions. I'm happy to try to answer those though if asked again without all of the guesswork muddying up the thread.

'Never' is a strong word. Something must be common between the computers you mention, because the number of those for whom it does work is vast in comparison. A conflict is not necessarily a bug, and isn't necessarily able to be fixed by us.

Kokiem, You have it backward. Offline keys are potentially shared across many victims, so having one may help many people. Online keys are unique.

Hello maki, That is almost always due to conflict. Most likely, with your SATA or SCSI device drivers. I'd suggest making sure they're up to date and trying again. However, it's very rare to actually need to use the rootkit scan option. It's there in case a rootkit is suspected. Many rootkits can be caught by behavior rather than by scan anyway.

Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. For further questions please refer to bleepingcomputer.com forums: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-help-support-topic/ And thanks again for contacting Emsisoft.

It's asking again because Emsisoft Anti-Malware on that machine isn't properly communicating with the workspace that your subscription is associated with.

I apologize for the very late reply, but the July 2021 (2021.07) update of Emsisoft Anti-Malware included a patch for high CPU use. Are you still having this issue?

Please gather two logs using FRST, a tool used worldwide by malware removal experts for free malware removal and tech support, and attach them to a reply to this email. Instructions can be found here: https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Email the logs to [email protected] with either a link to this forum thread, or a description of the issue, and we'll try to help.

If you have the problem of Emsisoft Anti-Malware asking you to re-authenticate, there are a few things that can work. Easiest first, with the most 'drastic' last. Wait. Sometimes it will sort itself out in a day or so. Restart the computer. If you're using Windows 10, restart by right-clicking the Windows start button and using restart from the shutdown sub-menu. That performs a full restart instead of the cached rapid restart that is Windows 10's default. Sign into MyEmsisoft, click 'add device', and download the tagged installer. Don't rename it, and run it when it's done downloading. It might not appear to be doing anything, but it is. Give it 30 seconds, then open Emsisoft Anti-Malware and click update. Uninstall Emsisoft Anti-Malware, restart the computer (same method as above for Windows 10), then download and run your tagged installer per option 3. If everything fails, email us at [email protected], explain what you tried and what if anything didn't go right with each step you tried, and we'll help.