Jump to content

ShadowPuterDude

Emsisoft Employee
  • Posts

    19474
  • Joined

  • Last visited

  • Days Won

    201

Everything posted by ShadowPuterDude

  1. If any of the Emsisoft processes are responsible for high CPU or RAM usage, right-click on the process that is consuming excessive CPU/RAM and select "Create dump file" send that dump file to [email protected], include a brief message of the issue. If the dump is too large to send by email, you can use WeTransfer to send us files up to 2GB.
  2. @hatem1381h This is Zeppelin Ramsomware. You can try the RakhniDecryptor from Kaspersky http://media.kaspersky.com/utilities/VirusUtilities/EN/RakhniDecryptor.zip This tool only works for some variants of Zeppelin. If this is for a business, please contact our Ransomware Recovery team using the web form at https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/ Someone from our Ransomware Recovery team will contact you by email. We will follow up with you via email within the next 12-24 hours.
  3. Hello @celiolivier, Welcome to the Emsisoft Support Forums. I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU). Please read this Topic. It contains information about your situation and whether or not your files can be decrypted. https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/
  4. Update has been fixed. You should be getting updates, now.
  5. Rabbit1 is one of our servers. After doing a fresh install of the OS are you installing any drivers that windows does not install by default. Such as drivers for you computer and video card?
  6. A major source of malware is software cracks. For example roughly 50% of all ransomware infections is the STOP(DJVU) family of ransomware. STOP is exclusively distributed via software cracks, the KMS activation bypass crack being the top infection method for STOP. The Emsisoft Self-Protection module prevents malware from shutting down Emsisoft. This does not prevent an attacker who has access to the system from shutting down Emsisoft. The only way to prevent an attacker from shutting down Emsisoft after they gain access to the system is to set the Admin Password on Emsisoft. We'd need to get some debug logs during the removal process, to troubleshot why Emsisoft and FRST could not remove the infection. Often it is the fact that we could not gain permission over the files. ESET Online gaining permission over the files may have more to do with that the full AV is never downloaded to your system, just the scanner, cleaning engine, and signatures are downloaded. So, as far as the malware is concerned that is not an installed AV and is never registered on the system. It is also a process that the malware is not monitoring the system for.
  7. I use Process Hacker on my system. It loads when Windows starts, and has a tray icon that I can see a graphic representation of system resource usage. Glad to hear that you were able to decrypt your files.
  8. Hello @abuasem, Welcome to the Emsisoft Support Forums. That extension is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ I understand it is frustrating, but currently, we cannot decrypt files that we do not have the Private Encryption Key in our Database. There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using the tool in few weeks in case something changed. We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. https://blog.emsisoft.com/en/category/protection-guides/ We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ Please consider subscribing to a reliable anti-malware application to avoid similar issues in the future. You can get our full version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/pricing/ I know it’s a big loss for you. We are glad to offer this service for free and help as much as we can, but there is not always an immediate resolution for all the cases.
  9. Bonjour @GillesV, J'utilise DeepL pour traduire. L'anglais est ma langue maternelle. Veuillez contacter notre équipe Ransomware Recovery en utilisant le formulaire web à l'adresse https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/. Une personne de notre équipe Ransomware Recovery vous contactera par e-mail. Nous vous contacterons par e-mail dans les 12 à 24 heures. --------------------------------------------------------------------------------------------- Hello @GillesV, I am using DeepL to translate. English is my native language. Please contact our Ransomware Recovery team using the web form at https://www.emsisoft.com/en/tools/ransomware-recovery/inquire/ Someone from our Ransomware Recovery team will contact you by email. We will follow up with you via email within the next 12-24 hours.
  10. When you search on files in the TEMP folder many websites are going to show those as malware. Most of those sites are unreliable. You can empty the temp folder anytime you want. Or you can use tool BleachBit or CCleaner to clean up the file system from time to time. Personally I use BleachBit. Whenever you get high CPU or RAM usage, open the task manger and locate the process consuming large amounts so CPU or RAM. Right-click on the process and select "Create dump file". I can look at it see what is causing the high CPU/RAM usage. If your Fan is running fast check to see how hot your laptop is. A quick check is pick it up and put the palm of you hand on the bottom of the case where the CPU is. Hint it is close to where your laptop fan. If the laptop is running hot you may need to clean it. If it is not hot then there is a process responsible for the fan running. Large number of tabs open in a browser and video trans-coding will ramp up the fan.
  11. Sorry, that price quote should have read $119.98. You can contact the sales team at [email protected] and discuss renewal with them, if that is something you would like to do.
  12. A Emsisoft Anti-Malware Home subscription rate for 3 systems for 3 years is $199.98. Where did the $149.75 CAD price quote come from?
  13. If what I have told you so far doesn't sort things out. let us know.
  14. The logs you uploaded to File.io and no longer available. We do not scan devices connected to the system via a USB port automatically. Your copy of Windows was cracked and used and activation bypass. The crack that was used is know to be distributed with malware. Once the system is compromised it is a trivial task to evade detection by an AV.
  15. "Not Manged" means that the systems are not associated with the workspace properly. That can be corrected by running the installer you downloaded on those systems. As mentioned in my previous reply it will open and appear to do nothing. That is expected as it only needs to apply the workspace information to the computer. Open Emsisoft and click update now. Alternatively, you can log into your MyEmsisoft account locally from Emsisoft on the computer and the management console should pick up the computer during the next update. You should do this on all systems that are not showing up properly in your Workspace. I would suggest refreshing the Workspace page in your browser a few times, as this could be a caching issue. If that doesn't work than clear the browser cache and open MyEmsisoft again.
  16. Looking over your account I see five systems using the license with a sixth trying to map to the license. Also, I am only seeing three systems associated to your workspace while five are using the license. Be sure to uninstall our software from any system that you are no longer using. For any system that is not showing up under your workspace run the downloaded installer that system. If our software is already installed the installer will open and appear to do nothing. That is expected. Open Emsisoft on the computer and click on update now. If the installer is opening and closing and our software does not appear to be on the system, do the following For cases like this, we provide Emsiclean, which will search for any Emsisoft Anti-Malware remnants on your system and remove them for you. Please note that this tool is not intended to be a replacement for the default uninstaller shipped with our products. So only use it after you tried the shipped uninstaller, accessed via the Windows Control Panel's Uninstall a Program/App feature. Please download the newest Emsiclean from the following location: https://dl.emsisoft.com/Emsiclean.zip NOTE: you must use the Emsiclean version appropriate for your machine, 32bit or 64bit. If you don't know, try the 64bit one first as it is far more common. The 64bit version should fail if you're using 32bit. The 32bit one will not remove things completely from a 64bit computer though, so it is important to use them in that order if you're not positive. EmsiClean.exe can also be found in any new installation folder of Emsisoft Anti-Malware, in the installation folder, but the download above is available in case your installed version is very old or damaged. After you finish downloading, double click to open the zip file, then double click the 32bit or 64bit file to start Emsiclean. Read the disclaimer and click "Yes" if you agree. The program will scan your system for any remnants and display a list of everything it finds. It usually is safe to just remove everything except folders, unless you're sure you haven't intentionally saved anything to those folders. Emsisoft Clean can't know if the folder still contains any data you may have put there yourself, which is why those entries aren't checked by default. Emsisoft Clean is capable of removing the folders as well, but before you enable the checkbox in front of any folder entries, make sure you check their content for files you wish to keep. Once you finish your selection, click the "Remove selected objects" button. The tool will eventually ask you to reboot. Save all your open work and perform the reboot as requested. After the reboot, you should be able to install Emsisoft Anti-Malware just fine.
  17. @MJmusicguyHow many PC and years and for which version of our software is that price quote for?
  18. @MBR That file extension RUGJ is used by STOP(DJVU). Unfortunately, we no longer have any method to decrypt STOP(DJVU) unless the encryption occurred before the 29th of August 2019. Please refer to this blog post for information about a decrypter that may work, and also for support instructions if it does not: https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/ I understand it is frustrating, but currently, we cannot decrypt files that we do not have the Private Encryption Key in our Database. There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using the tool in few weeks in case something changed. We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all. Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future. Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. https://blog.emsisoft.com/en/category/protection-guides/ We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/ If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/ Please consider subscribing to a reliable anti-malware application to avoid similar issues in the future. You can get our full version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/pricing/ I know it’s a big loss for you. We are glad to offer this service for free and help as much as we can, but there is not always an immediate resolution for all the cases.
  19. @adjiif our decryption tool could not decrypt your files, then they cannot be decrypted without paying the ransom. Reinstalling your OS will do nothing about your encrypted files. If fact, reinstalling Windows in some cases will make it impossible to recover the encrypted files. That is not the case with the case with STOP(DJVU).
×
×
  • Create New...