Jump to content

David B.

Member
  • Posts

    205
  • Joined

  • Days Won

    13

Everything posted by David B.

  1. If you have the problem of Emsisoft Anti-Malware asking you to re-authenticate, there are a few things that can work. Easiest first, with the most 'drastic' last. Wait. Sometimes it will sort itself out in a day or so. Restart the computer. If you're using Windows 10, restart by right-clicking the Windows start button and using restart from the shutdown sub-menu. That performs a full restart instead of the cached rapid restart that is Windows 10's default. Sign into MyEmsisoft, click 'add device', and download the tagged installer. Don't rename it, and run it when it's done downloading. It might not appear to be doing anything, but it is. Give it 30 seconds, then open Emsisoft Anti-Malware and click update. Uninstall Emsisoft Anti-Malware, restart the computer (same method as above for Windows 10), then download and run your tagged installer per option 3. If everything fails, email us at [email protected], explain what you tried and what if anything didn't go right with each step you tried, and we'll help.
  2. Hello, That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  3. Hello, That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  4. Olá, estou a utilizar DeepL Traduzir, e a minha língua materna é o inglês. Esta extensão é utilizada pela STOP(Djvu). Infelizmente, o STOP(Djvu) foi actualizado, e já não temos qualquer método para decifrar este resgate, a menos que a encriptação tenha ocorrido há algum tempo atrás, antes de 29 de Agosto de 2019. Para mais informações, consulte este post do fórum: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ Em resumo, uma identificação online é impossível de decifrar com a tecnologia actual. Um ID offline é decifrável se qualquer vítima com o mesmo ID pagar pela chave de encriptação e nos informar, para que a possamos adicionar ao nosso decifrador.
  5. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter. Your ID is an offline ID, so there is some hope that with time, an encryption key will be reported to us so we can add it to our decrypter.
  6. As it says, new variants are not supported. .sglh is a new variant. Some extra information: That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  7. It's never completely safe running exploits/cracks/etc. on a computer. That's one of the most common methods of distributing malware. While products like Emsisoft Anti-Malware are extremely good at catching such things, even zero-day infectors, nothing is perfect, so I wouldn't take the chance.
  8. Huh, good to know. Didn't see anything about that in the patch notes, but won't look a gift horse in the mouth. :)
  9. Hello Stinger3629, That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  10. You have two real choices: Wait until someone with the same offline ID pays the criminals for the encryption key and reports it to us so we can add it to our decrypter. Pay the criminals for the encryption key, and hopefully report it to us so we can add it. A third but unlikely choice is to attempt using deleted file recovery software such as Recuva (Thanks Amigo-A & Stapp!) from Piriform to see if you can get enough of your data back.
  11. Hello AndRAM, There are a few things that could cause that. Ad or script blocker browser extensions commonly block JavaScript used for the buttons on the pages. Most likely one of those is the issue.
  12. Hello, and thank you for the feedback. Unfortunately we have no development control over Emsisoft Mobile Security, being a fully licensed redistribution of Bitdefender Mobile Security. I would communicate with Bitdefender to see if they'll listen. If you use your Google account to create your MyEmsisoft account, that will allow you to use both for the same purpose, achieving your second goal.
  13. You can reset Emsisoft Anti-Malware's settings, including the password, in one of two ways: If you have a workspace and your machine is managed: Click on the machine in the workspace at MyEmsisoft, and you can remove the password directly. If you don't: Restart the computer in safe mode and delete this file: C:\Program Files\Emsisoft Anti-Malware\a2settings.ini, then restart normally. The password will be gone.
  14. Cybermetric is correct. My post says as much also, if it's read thoroughly.
  15. Hello Justin2002, The ID is your personal identification used by the criminals to match your encryption instance with a specific encryption key. If it is an online key, it is unique and decryption without the encryption key is functionally impossible at this time. If it is an offline ID and someone else pays for the encryption key and then submits it so we can add it to our decrypter, decryption will become possible. Unfortunately, yours is an online ID. More information can be found here:
  16. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  17. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  18. Online ID means it is unique and will not decrypt any other instance of the ransomware. We don't recommend paying unless there is no other choice, since there are no guarantees when dealing with criminals, nor do you know where the money will go. Proceed with caution.
  19. Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  20. Best guess, either the working machine already has the exclusion, or the non-working one may be out of date and doesn't have an updated whitelist entry for ACT.
  21. Hello Altla, Let's make sure of what we're dealing with. Please visit the following website and upload both an encrypted file (between 256KB and 2MB in size would be best) and a ransom note simultaneously for proper identification, and send me the information it provides: https://www.emsisoft.com/ransomware-decryption-tools/ Please be sure to read the information link on the results page, as whether we have a decrypter or not. Sometimes someone else's decrypter is listed, or other information is available that might be useful for recovery. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. If the identification process shows a ransomware that is not decryptable, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  22. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  23. Hello packerman, Please create a folder exclusion for this program to avoid it being detected in the future: Open Emsisoft Anti-Malware, click "Settings" then the "Exclusions" tab. Click 'add folder' in the exclude from monitoring section, navigate to the target program or folder, and click OK: C:\Program Files (x86)\ACT\Act for Windows\ Note: Exclusions only apply to programs started after the exclusion is made. To be effective, you may need to restart the process or program, or restart the computer, depending on the program being excluded. In this case, a reboot is recommended.
  24. Hello, When scanning with a portable scanner like Emsisoft Emergency Kit, every time it touches a file to scan it, active antivirus will get 'first dibs' and may grab it. That's what it looks like has happened here.
×
×
  • Create New...