Paolo79

.feenikss is globeimpostre 2.0 ransomware?

Recommended Posts

Hi, just a question:

I have two 1tb hdd each in raid 1 unfortunately all the files will have been encrypted and now have the extension .feenikss. I wanted to ask if it's globeimpostre 2.0 ransomware? Is there any chance of recovery or any advice? Thanks for any reply

 

Best Regards

Share this post


Link to post
Share on other sites

The best way to check is to upload a ransom note and an encrypted file to ID Ransomware, as it should be 100% accurate at detecting GlobeImposter 2.0:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

The best way to check is to upload a ransom note and an encrypted file to ID Ransomware, as it should be 100% accurate at detecting GlobeImposter 2.0:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Yes Sure .. tks 

Only upload encrypted .feenikss I have :

https://id-ransomware.malwarehunterteam.com/identify.php?case=cc65ca50c62c2d7288e868a232d774179fcd380a

 

ZGbXy20.jpg

Whit file how_to_back_files.html :

https://id-ransomware.malwarehunterteam.com/identify.php?case=1946c6c4b01605f55c142e2286e0c65fe455de63

 

N18APbF.png

some advice?

In attachement example of dll original and encrypted ( npgsql.dllnpgsql.dll.feenikss, and how_to_back_files.html) Regards

 

npgsql.zip

Share this post


Link to post
Share on other sites

It is recommended that upload in 'ID Ransomware' the ransom note and the encrypted file.

Your how_to_back_files.html file is corrupt. The identification result with such a file can annulled.

You need find the same intact file on your computer and attach to your new message.

Put it in the zip-archive, otherwise the protection of the site will cut all necessary out of it.

Share this post


Link to post
Share on other sites
6 hours ago, Amigo-A said:

It is recommended that upload in 'ID Ransomware' the ransom note and the encrypted file.

Your how_to_back_files.html file is corrupt. The identification result with such a file can annulled.

You need find the same intact file on your computer and attach to your new message.

Put it in the zip-archive, otherwise the protection of the site will cut all necessary out of it.

Now I have hdd connected with a usb adapter and i can't copy the how_to_back_files.html file even trying to change permissions on the file

The how_to_back_files.html file posted earlier is a file recovered with get data back .. I see if I can in another way

Eset Sayhu :

Quote

Win32/Filecoder [Threat Name] go to Threat
Win32/Filecoder.FV [Threat Variant Name]
Category     trojan
Size     311296 B
Aliases     Trojan-Ransom.Win32.Blocker.kfgf (Kaspersky)
      Trojan.Encoder.11539 (Dr.Web)
      Ransom:Win32/Ergop.A (Microsoft)
      Ransom.CryptXXX (Symantec)

https://www.virusradar.com/en/Win32_Filecoder.FV/description

Share this post


Link to post
Share on other sites

Trojan.Encoder.11539 (Dr.Web) - is GlobeImposter Ransomware

A Variant Of Win32/Filecoder.FV (ESET-NOD32) - also GlobeImposter Ransomware

Victim ID is similar to the one that uses GlobeImposter.

ESET-NOD32 defines Maoloa Ransomware (Win32/Filecoder.Maoloa.A) good, after my publications and many samples.

But Maoloa began to copy almost all the elements of the GlobeImposter in the latest versions.

So additional analysis is required to be more precise. But that will not change anything. Both of them cannot be decrypted without paying a ransom. No free decryptors.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.