Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by Paolo79

  1. 6 hours ago, Amigo-A said:

    It is recommended that upload in 'ID Ransomware' the ransom note and the encrypted file.

    Your how_to_back_files.html file is corrupt. The identification result with such a file can annulled.

    You need find the same intact file on your computer and attach to your new message.

    Put it in the zip-archive, otherwise the protection of the site will cut all necessary out of it.

    Now I have hdd connected with a usb adapter and i can't copy the how_to_back_files.html file even trying to change permissions on the file

    The how_to_back_files.html file posted earlier is a file recovered with get data back .. I see if I can in another way

    Eset Sayhu :


    Win32/Filecoder [Threat Name] go to Threat
    Win32/Filecoder.FV [Threat Variant Name]
    Category     trojan
    Size     311296 B
    Aliases     Trojan-Ransom.Win32.Blocker.kfgf (Kaspersky)
          Trojan.Encoder.11539 (Dr.Web)
          Ransom:Win32/Ergop.A (Microsoft)
          Ransom.CryptXXX (Symantec)


  2. 3 hours ago, GT500 said:

    The best way to check is to upload a ransom note and an encrypted file to ID Ransomware, as it should be 100% accurate at detecting GlobeImposter 2.0:

    You can paste a link to the results into a reply if you would like for me to review them.

    Yes Sure .. tks 

    Only upload encrypted .feenikss I have :




    Whit file how_to_back_files.html :




    some advice?

    In attachement example of dll original and encrypted ( npgsql.dllnpgsql.dll.feenikss, and how_to_back_files.html) Regards



  • Create New...