Jump to content

Archived

This topic is now archived and is closed to further replies.

Alex TSK

Virus attacked by Filecoder.Magniber Trojan

Recommended Posts

My computer was attacked by  virus Filecoder.Magniber Trojan... and encrypted a lot of files such as ms office documents, excel, PDF, dbf files which I could not able to resolve the files. 

I am attached some encrypted files for your analysis and hope you can resolve the files shortly.

 

 

Share this post


Link to post
Share on other sites

Do you use a an existing version of Eset?

Share this post


Link to post
Share on other sites

I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty.

Share this post


Link to post
Share on other sites
10 hours ago, Alex TSK said:

I am using NOD32 version 4 on windows 7. 

You need to upgrade to the latest version of NOD32 which gives enhanced protections against ransomware. Additionally if you upgrade to Win 10, Eset will provided enhanced protection against script based malware. Note that many ransomware are delivered via scripts namely PowerShell ones.

Share this post


Link to post
Share on other sites

Unfortunately, files encrypted by Filecoder.Magniber cannot be decoded. As already suggested, uninstall v4 and install the latest version (home v.11.2.49 or Endpoint v7) for better protection. Also make sure to harden RDP (e.g. allow it only for internal connections and use VPN, use 2FA, etc.).

Share this post


Link to post
Share on other sites
11 hours ago, Alex TSK said:

I did check on internet and could not found and tools recover the encrypted files. Hope ESET can deploy the tools shorty.

There is a decryptor tool for Magniber available at https://gist.github.com/evilsocket/b89df665e6d52446e3e353fc1cc44711

You will have to know the AES Key in order to use this tool to decrypt your files.

The full analysis of this threat can be found at https://blog.malwarebytes.com/threat-analysis/2017/10/magniber-ransomware-exclusively-for-south-koreans/

Share this post


Link to post
Share on other sites

Hello Cousin Vinny,

Thanks for your information. Which language platform should I use for exec the codes and try?

Best Regards,

Alex

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...