Ask Your Question

Help to sniff a virus rasomware attack

asked 2022-03-08 00:30:22 +0000

Hello, my name is Erick. I desire a good day for WireShark Team. I need urgently support. I was attacked by one djvu ransomware virus variant with fgnh extension, and online key id. I have this virus infection in a windows 10 64 bits in a flat laptop, only with wifi. I already install wireshark in safemode. But I boot windows 10 64bits in normal status. Wireshark dont open. and dont let me scan wifi network to get package attack.

I saw that virus dont affect, Windows - System folders.

If There some support agent could help me, to find a manner of open wireshark and scan packages, for get the key and test it with a decryptor. I will very grateful.

I could share more info about virus, if there someboby have knowledge in encryption.

God bless you Sincerely Erick

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-03-08 08:40:47 +0000

grahamb gravatar image

Running Wireshark on a compromised machine to capture traffic seems a bit pointless to me, how do you know that the malware isn't spoofing the traffic?

If the aim is to remove the malware, please locate a suitable support channel for that, e.g. the Bleeping computer malware removal forum.

If the aim is to use Wireshark to investigate the malware traffic, then the compromised system should be isolated and Wireshark used on a known clean system used to take the captures, e.g. by using a switch and mirroring the traffic.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-03-08 00:30:22 +0000

Seen: 215 times

Last updated: Mar 08 '22