Ask Your Question
0

Help to sniff a virus rasomware attack

asked 2022-03-08 00:30:22 +0000

ystudio gravatar image

Hello, my name is Erick. I desire a good day for WireShark Team. I need urgently support. I was attacked by one djvu ransomware virus variant with fgnh extension, and online key id. I have this virus infection in a windows 10 64 bits in a flat laptop, only with wifi. I already install wireshark in safemode. But I boot windows 10 64bits in normal status. Wireshark dont open. and dont let me scan wifi network to get package attack.

I saw that virus dont affect, Windows - System folders.

If There some support agent could help me, to find a manner of open wireshark and scan packages, for get the key and test it with a decryptor. I will very grateful.

I could share more info about virus, if there someboby have knowledge in encryption.

God bless you Sincerely Erick

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-03-08 08:40:47 +0000

grahamb gravatar image

Running Wireshark on a compromised machine to capture traffic seems a bit pointless to me, how do you know that the malware isn't spoofing the traffic?

If the aim is to remove the malware, please locate a suitable support channel for that, e.g. the Bleeping computer malware removal forum.

If the aim is to use Wireshark to investigate the malware traffic, then the compromised system should be isolated and Wireshark used on a known clean system used to take the captures, e.g. by using a switch and mirroring the traffic.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-03-08 00:30:22 +0000

Seen: 356 times

Last updated: Mar 08 '22

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2