Jump to content

ShadowPuterDude

Emsisoft Employee
  • Posts

    19296
  • Joined

  • Last visited

  • Days Won

    195

Everything posted by ShadowPuterDude

  1. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2102723078-641696285-197280854-1001\...\Policies\Explorer: [HideSCAMeetNow] 1 HKU\S-1-5-21-2102723078-641696285-197280854-1001\...\MountPoints2: E - "E:\setup.exe" Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION HKU\S-1-5-21-2102723078-641696285-197280854-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION S2 AppServicea; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceb; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicec; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiced; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicee; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicef; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceg; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceh; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicei; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicej; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicek; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicel; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicem; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicen; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceo; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicep; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceq; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicer; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServices; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicet; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServiceu; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicev; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicew; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicex; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 AppServicey; C:\Windows\system32\1WVV0R7I3W.tmp [X] <==== ATTENTION S2 MaskVPNService; "C:\Program Files (x86)\MaskVPN\mask_svc.exe" [X] S2 rsEngineSvc; "C:\Program Files\RAVAntivirus\rsEngineSvc.exe" [X] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208176 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [197176 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2020-12-10] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S3 eb96aeb9; C:\Windows\System32\Drivers\eb96aeb9.sys [89392 2021-09-23] (AO Kaspersky Lab -> AO Kaspersky Lab) 2021-09-23 21:40 - 2021-09-23 21:40 - 000127792 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\a21d9ecf.sys 2021-09-23 21:28 - 2021-09-23 21:28 - 000089392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\eb96aeb9.sys 2021-09-23 06:17 - 2021-09-23 06:51 - 006826592 ____N C:\Windows\system32\Drivers\21nQ8y3kf0E.sys 2021-10-15 19:33 - 2021-06-20 13:49 - 000000000 ____D C:\Windows\pss 2021-10-21 14:02 C:\Windows\system32\config\SYSTEM 2021-09-23 06:51 C:\Windows\system32\Drivers\21nQ8y3kf0E.sys FirewallRules: [{5EE0CA93-E7D5-4205-873C-DDA92DEE9630}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [{347BDE28-553B-4E9C-BDBD-2F56ED22347B}] => (Allow) C:\Users\Admin\AppData\Roaming\uTorrent\uTorrent.exe => No File FirewallRules: [{3DA2269B-39CB-4E24-983D-8B4C940C50AA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{5EC3A33E-07D2-4DC8-A92D-62F8BD6F76AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [TCP Query User{68CA74A4-554F-4674-B9EC-325D0DB105DE}C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe] => (Allow) C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe => No File FirewallRules: [UDP Query User{8C73FB13-8E71-48A5-A62B-F2D480AD6173}C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe] => (Allow) C:\users\admin\documents\image-line fl studio 20.7 (portable)\fl studio 20\stub\fl64.exe => No File FirewallRules: [{1FD8BC57-DCD4-4D65-9791-AB6C395E146F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe => No File FirewallRules: [{8AE9296F-1FB0-46B6-81CD-AF52A66AD819}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe => No File FirewallRules: [{2693E935-47E2-4C45-9D3E-191C1B6D2480}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe => No File FirewallRules: [{8B9C6003-34D2-48BB-BAB9-9691A04D9613}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe => No File FirewallRules: [{9024F6F4-9717-4B10-BF01-64E85576507D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe => No File FirewallRules: [{554F8085-FA2D-4B12-A08F-FFF9C2D195ED}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe => No File FirewallRules: [{2A4FEA5F-424C-4E3C-862F-46FE5CF3C831}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File FirewallRules: [{12984648-D4E7-489E-888A-73C805051E75}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe => No File FirewallRules: [{E94D6471-CF56-4B97-9905-9213CA4DD739}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe => No File FirewallRules: [TCP Query User{33D7D730-A377-4442-9AE3-6A440DA3CBD3}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File FirewallRules: [UDP Query User{87C54FE9-B7ED-4A0B-9625-C9215442AC9A}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe => No File FirewallRules: [TCP Query User{9C9B0FBE-23FB-4D97-A3B3-E7919D10EF34}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [UDP Query User{D394EF54-D5B2-4B04-8025-28BB1B9B24C7}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe => No File FirewallRules: [TCP Query User{A3BBF00E-8DC8-4317-A300-8522DBE64C50}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [UDP Query User{79833400-9429-4DAB-9C01-BAB08DD6E132}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe => No File FirewallRules: [TCP Query User{16F9A524-1B01-4875-8643-12C97C4F783D}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File FirewallRules: [UDP Query User{5F267EB9-7EE1-401D-A629-6185E17EFECD}C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\davincipaneldaemon.exe => No File FirewallRules: [{D5E23D25-0639-43E7-82C8-0F3946B5839B}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File FirewallRules: [{28A0FB41-F599-48CB-B4BB-CC5179ECE8C1}] => (Allow) C:\Users\Admin\Downloads\4ddig-for-windows.exe => No File FirewallRules: [{E70631A8-34F3-4E59-9CDD-AF8C1B5F62BE}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File FirewallRules: [{29044F88-4DC1-45BD-ACFB-A606EEA33F3B}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File FirewallRules: [{78F406D9-3D26-4CD5-B5D7-B4A85AAAD5CC}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File FirewallRules: [{80CCFBBD-34F6-4259-B166-FAC3F6925F95}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File FirewallRules: [TCP Query User{15726DC8-B092-4676-886D-125F71CB8805}C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe] => (Allow) C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe => No File FirewallRules: [UDP Query User{20BE966C-AFF1-4562-81D5-00B8D9EB1596}C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe] => (Allow) C:\users\admin\downloads\sdio_1.11.2.737\sdio_x64_r737.exe => No File FirewallRules: [{DCD05A58-07B3-4C18-ACCE-C1B031C4AC4B}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe => No File FirewallRules: [{1BDDBCA9-4570-4A0E-B771-13E313372477}] => (Allow) C:\Games\FIFA 14\Game\fifa14.exe => No File Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  2. No AV solution monitors what is executed inside the browser. That is not only a massive violation of privacy, it presents security issues. JavaScript never executes outside of the browser. If the JavaScirpt performs a file operation such as initiating a download or examining files on the drive we would intercept that activity.
  3. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2021-10-21 20:05 - 2021-10-21 20:05 - 000069337 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\System\symsrv.dll C:\Program Files\Common Files\System\symsrv.dll Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  4. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-370668094-1905685230-1647023283-1001\...\MountPoints2: {060fdf0b-1c90-11ec-9b4e-305a3a46fdf9} - "K:\Lenovo_Suite.exe" HKU\S-1-5-21-370668094-1905685230-1647023283-1001\...\MountPoints2: {4a711feb-2a79-11eb-9b19-305a3a46fdf9} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-370668094-1905685230-1647023283-1001\...\MountPoints2: {7ad54834-7674-11eb-9b22-305a3a46fdf9} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-370668094-1905685230-1647023283-1001\...\MountPoints2: {800233c9-ae2f-11eb-9b29-305a3a46fdf9} - "K:\HiSuiteDownLoader.exe" HKU\S-1-5-21-370668094-1905685230-1647023283-1001\...\MountPoints2: {84cfe617-703a-11eb-9b22-305a3a46fdf9} - "K:\HiSuiteDownLoader.exe" AppInit_DLLs-x32: C:\PROGRA~1\COMMON~1\System\symsrv.dll => C:\Program Files\Common Files\System\symsrv.dll [69337 2021-10-20] (Microsoft Corporation) [File not signed] <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION 2021-10-14 20:19 - 2019-03-10 17:05 - 000000000 ___DC C:\Users\morteza\AppData\Local\56c836af4737331944af3bdaaffdbbe8 C:\Program Files\Common Files\System\symsrv.dll Close Notepad. NOTE: It's important that both files, FRST, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system IMPORTANT: Save all of your work, as the next step may reboot your computer. Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version. Also, let me know how the machine is running now, and what remaining issues you've noticed.
  5. Hello @Souvik Saha, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we cannot decrypt files with an Offline-ID that we do not have the Private Encryption Key in our Database. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  6. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. https://blog.emsisoft.com/en/category/protection-guides/ We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  7. There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using tool in few weeks in case something changed. We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. https://blog.emsisoft.com/en/category/protection-guides/ We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/
  8. Hello @Louw, Thank you for contacting Emsisoft. We have identified this as "Thanos". If this is for a business, please contact our Ransomware Recovery team using the web form at https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/ Someone from our Ransomware Recovery team will contact you by email. We will follow up with you via email within the next 12-24 hours.
  9. Hello @Shubham2322, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we cannot decrypt files with an Offline-ID that we do not have the Private Encryption Key in our Database. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  10. Following the steps in this Microsoft article on how to repair missing or corrupt system files. https://support.microsoft.com/en-us/topic/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system-files-79aa86cb-ca52-166a-92a3-966e85d4094e
  11. Hello @Kaell65, Welcome to the Emsisoft Support Forums. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  12. We have no control over how long it takes to obtain the private encryption key needed to decrypt your files. You do not need to replace your laptop. You just need to make sure that any malware on the system is removed. Follow the steps in this thread to get assistance with cleaning up your computer. START HERE, if you don't we are just going to send you back to this thread
  13. Technical support for older operating systems has everything to do with human resources. It takes people to maintain the various code bases needed to support older versions of windows on multiple architectures. Which in turn costs Emsisoft money. The number of users on those older copies of windows is not sufficient enough to cover the development costs of maintaining those code bases.
  14. Hello @Sougata Saha, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we cannot decrypt files with an Offline-ID that we do not have the Private Encryption Key in our Database. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  15. Hello @Chandu Singh, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  16. Hello @Raj2021, Welcome to the Emsisoft Support Forums. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  17. Hello @Seyox, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  18. @navneet I understand it is frustrating, but currently, we cannot decrypt files with an Offline-ID that we do not have the Private Encryption Key in our Database.
  19. Hello @govardhan reddy, Welcome to the Emsisoft Support Forums. Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  20. Hello @peni, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  21. Hello @Syukri85, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
×
×
  • Create New...