Jump to content

David Biggar

Emsisoft Employee
  • Posts

    195
  • Joined

  • Days Won

    10

Everything posted by David Biggar

  1. As it says, new variants are not supported. .sglh is a new variant. Some extra information: That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  2. It's never completely safe running exploits/cracks/etc. on a computer. That's one of the most common methods of distributing malware. While products like Emsisoft Anti-Malware are extremely good at catching such things, even zero-day infectors, nothing is perfect, so I wouldn't take the chance.
  3. Huh, good to know. Didn't see anything about that in the patch notes, but won't look a gift horse in the mouth. :)
  4. Hello Stinger3629, That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this forum post for more information: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ To summarize, an online ID is impossible to decrypt with current technology. An offline ID is decryptable if any one victim with the same ID pays for the encryption key and reports it to us, so we can add it to our decrypter.
  5. You have two real choices: Wait until someone with the same offline ID pays the criminals for the encryption key and reports it to us so we can add it to our decrypter. Pay the criminals for the encryption key, and hopefully report it to us so we can add it. A third but unlikely choice is to attempt using deleted file recovery software such as Recuva (Thanks Amigo-A & Stapp!) from Piriform to see if you can get enough of your data back.
  6. Hello AndRAM, There are a few things that could cause that. Ad or script blocker browser extensions commonly block JavaScript used for the buttons on the pages. Most likely one of those is the issue.
  7. Hello, and thank you for the feedback. Unfortunately we have no development control over Emsisoft Mobile Security, being a fully licensed redistribution of Bitdefender Mobile Security. I would communicate with Bitdefender to see if they'll listen. If you use your Google account to create your MyEmsisoft account, that will allow you to use both for the same purpose, achieving your second goal.
  8. You can reset Emsisoft Anti-Malware's settings, including the password, in one of two ways: If you have a workspace and your machine is managed: Click on the machine in the workspace at MyEmsisoft, and you can remove the password directly. If you don't: Restart the computer in safe mode and delete this file: C:\Program Files\Emsisoft Anti-Malware\a2settings.ini, then restart normally. The password will be gone.
  9. Cybermetric is correct. My post says as much also, if it's read thoroughly.
  10. Hello Justin2002, The ID is your personal identification used by the criminals to match your encryption instance with a specific encryption key. If it is an online key, it is unique and decryption without the encryption key is functionally impossible at this time. If it is an offline ID and someone else pays for the encryption key and then submits it so we can add it to our decrypter, decryption will become possible. Unfortunately, yours is an online ID. More information can be found here:
  11. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  12. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  13. Online ID means it is unique and will not decrypt any other instance of the ransomware. We don't recommend paying unless there is no other choice, since there are no guarantees when dealing with criminals, nor do you know where the money will go. Proceed with caution.
  14. Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  15. Best guess, either the working machine already has the exclusion, or the non-working one may be out of date and doesn't have an updated whitelist entry for ACT.
  16. Hello Altla, Let's make sure of what we're dealing with. Please visit the following website and upload both an encrypted file (between 256KB and 2MB in size would be best) and a ransom note simultaneously for proper identification, and send me the information it provides: https://www.emsisoft.com/ransomware-decryption-tools/ Please be sure to read the information link on the results page, as whether we have a decrypter or not. Sometimes someone else's decrypter is listed, or other information is available that might be useful for recovery. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. If the identification process shows a ransomware that is not decryptable, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  17. That extension is used by STOP(Djvu). Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ Be sure to closely read the information presented by the decrypter when it is run. It will indicate online or offline ID, and new or older STOP(Djvu). Newer STOP(Djvu) is currently impossible to decrypt without the encryption keys held by the criminals. That applies to online or offline ID, but offline ID may be shared by many victims. If one pays and reports the encryption keys to us, we can add them to the decrypter so others with the same offline ID can decrypt their files. Online ID correspond to encryption keys that are unique. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/ Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  18. Hello packerman, Please create a folder exclusion for this program to avoid it being detected in the future: Open Emsisoft Anti-Malware, click "Settings" then the "Exclusions" tab. Click 'add folder' in the exclude from monitoring section, navigate to the target program or folder, and click OK: C:\Program Files (x86)\ACT\Act for Windows\ Note: Exclusions only apply to programs started after the exclusion is made. To be effective, you may need to restart the process or program, or restart the computer, depending on the program being excluded. In this case, a reboot is recommended.
  19. Hello, When scanning with a portable scanner like Emsisoft Emergency Kit, every time it touches a file to scan it, active antivirus will get 'first dibs' and may grab it. That's what it looks like has happened here.
  20. Hello nitaaaaa, Unfortunately, STOP(Djvu) was updated, and we no longer have any method to decrypt this ransomware unless the encryption occurred some time ago, before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ For STOP related support, please read our blog post about the tool. The section marked "Community collaboration" explains how to get support in this situation. Newer STOP(Djvu) like yours is currently impossible to decrypt without the encryption keys held by the criminals. Online ID correspond to encryption keys that are unique. That means that it is currently technologically impossible to decrypt without the encryption key used to encrypt your files. Make sure you remove the malware from your system first before using this decrypter. If you don't, the malware may lock your system or encrypt your files again. Use an antivirus such as Emsisoft Anti-Malware to effectively remove the malware. You can get a free trial version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/. Emsisoft Emergency Kit is also effective, here: https://dl.emsisoft.com/EmsisoftEmergencyKit.exe Quite a lot more information about STOP(Djvu) can be found here: https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/ While it is very rare that it helps, you might try undelete software, or if your files are very important it may be worth talking to a company that specializes in ransomware negotiation, and will communicate in your behalf with the criminals that created the ransomware. Exercise a bit of caution when looking for a company to help, though. Generally speaking, if a company claims to be able to decrypt files that were encrypted by a type of ransomware for which no decryption tool is publicly available, that company is probably just going to pay the ransom and charge you more than you would have paid if you had dealt with the criminals directly. Better is to search for companies who specialize in ransomware negotiation. Again, if the STOP(Djvu) decrypter does not decrypt any of the encrypted files, there is nothing else we can do. We do not recommend paying the ransom unless there is absolutely no other choice.
  21. The answer really depends on the value of the encrypted data. We never recommend negotiating with the criminals, as there is no way to know whether they will honor the payment, or where the money goes. You could try undelete software such as Recuva from Piriform to see if you can get some of your data back; hopefully enough that you won't need to worry about paying the ransom. To answer your question though, it is never entirely safe dealing with criminals. Whatever you choose, good luck, and I'm sorry there's nothing we can do.
  22. Please follow the instructions here, and email the requested logs back in reply to this email: https://help.emsisoft.com/en/1711/how-to-get-help-when-malware-can-not-be-removed-automatically/ Also provide detailed symptoms to help us pinpoint the problem areas.
  23. This might help to understand why decryption is impossible and unlikely in the near future: https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/#:~:text=It would take a classical,RSA-2048 bit encryption key.
  24. This might help explain why it is currently impossible and likely to stay that way: https://www.quintessencelabs.com/blog/breaking-rsa-encryption-update-state-art/#:~:text=It would take a classical,RSA-2048 bit encryption key.
  25. Packerman, Yes, of course. We've shifted employee duties a bit, and I personally haven't been keeping up on forum posts very well yet. My fault entirely.
×
×
  • Create New...