Jump to content

Isn't ESET Internet Security should prevent from Ransomware? Even through there was ESET Internet security installed in the computer, ransomware encrypt my files.

Recommended Posts

If you have your system protected against attackers logging in under an administrator account, then the protection against new malware (include ransomware) is excellent. However, if attackers can log in via RDP, pause protection and then run malware (ransomware) undetected, then the primary problem is in unsecured RDP.

Please contact samples[at]eset.com and provide:

- a handful of encrypted files (ideally Office documents)
- the ransomware note (payment info)
- logs collected with ESET Log Collector (ESET must be already installed, activated and updated prior to collecting logs).

Share this post

Link to post
Share on other sites
Posted (edited)

Some additional important information:


In addition, the STOP-Djvu Ransomware does the following:

1) leaves behind a software module that steals personal information from browsers and other programs;
2) modifies the hosts file to prevent browsers from opening anti-virus companies' websites and forums (like this one) that helps victims.

For these targets:

1) after checking and cleaning the PC, when it is be confirmed that there are no other malicious modules, you need to replace the passwords for all sites with more complex ones (at least 12-16 characters, including A-a, Z-z, 0-9, @ # $).
2) you need to reset or delete the modified hosts file, without it, all legitimate sites will be available to you.

The path to this file is: C:\Windows\System32\drivers\etc\


Additionally, it appears this variant is not decryptable:


It's important to note that STOPDecrypter will not be able to help with this newer variant of STOP/Djvu. They've changed the encryption method they use, and STOPDecrypter doesn't support it.


Edited by itman

Share this post

Link to post
Share on other sites

Thank you everyone to reply

Is there any possibility to recover those encrypted files.

Share this post

Link to post
Share on other sites

Files encrypted by Filecoder.STOP cannot be decrypted, only some older variants can be.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...