EOG1B Files Virus (ERIS Ransomware) — How to Remove It

EOG1B Files Virus (ERIS Ransomware) — How to Remove It

.EOG1B Files Virus virus remove

What is .EOG1B files virus .EOG1B files virus is also known as .EOG1B ransomware and encrypts users’ files while asking for a ransom.

The .EOG1B files virus is new iteration of the ERIS ransomware family. As a new variant of this threat it will probably follow the same popular behavior as popular virus samples. In the end the sensitive user data of victims will be encrypted by a strong cipher and the processed files will be renamed with the .EOG1B extension.

Threat Summary

Name.EOG1B files virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.
SymptomsThe ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .EOG1B files virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .EOG1B files virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.EOG1B Files Virus – Detailed Description

The .EOG1B files virus is new version of the ERIS ransomware which is currently distributed against victims worldwide using all of the popular mechanisms. A frequent strategy is the coordination of email phishing messages and the creation of hacker-made sites that all propose that they originate from a well-known company or service. They are commonly hosted on similar sounding domain names and may even include stolen or fake security certificates.

The .EOG1B ransomware code can also be embedded inside file carriers. Two are the most common types:

  • Malicious Software Installers — They are made by taking the original setup packages of popular applications from their official sources. They are modified to include the necessary virus installation code. The hackers will target all popular software: system utilities, creativity suites, productivity and office apps and even computer games.
  • Macro-Infected Documents — They can include documents across all popular formats: presentations, text files, databases and text files. As soon as they are opened a prompt will be spawned asking the victims to enable the built-in scripts. This will trigger the infection.

All of these files can alternatively be uploaded to peer-to-peer file-sharing networks such as BitTorrent where both pirate and legitimate files are available. The .EOG1B files virus code can be embedded in browser hijackers which are malicious web plugins (also known as hijackers). They can be uploaded onto their respective repositories with fake developer credentials and user reviews.

As soon as the .EOG1B files virus is installed onto a given system it will start its built-in sequence of malicious actions. One of the most common components that are run is the data acquisition module. Its main goal is to gather sensitive information about both the victims and the systems that they are having. The data can be used for crimes like identity theft and blackmail. Having a profile of the installed hardware components makes it rather easy for the criminals to generate an unique ID for each host.

The collected data can then be used further in order to look identify if there are any running security software which can be bypassed or entirely removed. Common examples include the following: anti-virus engines, firewalls, virtual machine hosts, debug and sandbox environments and etc.

At this point boot options changes can be run. This will make the threat run every time that the computer is powered on. In some cases it can also block access to the recovery options which will make most of the manual user removal guides non-working.

The main .EOG1B files virus engine can edit Windows Registry values which will lead to serious performance issues, data loss and the inability to run certain system functions.

If configured to do so the .EOG1B files virus can be used to send out other malware such as the following:

  • Trojans — These are dangerous viruses which will establish a persistent connection to a hacker-controlled server which allows the criminals to take over control of the infected systems, steal their files and spy on the victims actions.
  • Cryptocurrency Miners — These are dangerous small-sized scripts which are made to run as soon as the virus is started. They will download a sequence of small-sized tasks that will place a heavy toll on the performance of the computers: the CPU, memory, hard disk space and other important components. For every successful report the victims will be rewarded with cryptocurrency that will be transferred directly to their wallets.
  • Browser Hijackers — These are various malicious plugins that are made compatible with all popular web browsers which are often uploaded to their relevant repositories using fake user reviews and developer credentials. They are advertised with alluring descriptions that promise performance optimizations and new features addition. When they are installed they will redirect the victims to a hacker-controlled site and hijack their personal data.

The .EOG1B files virus will start its built-in file processing engine. It will use a powerful cipher in order to process target user data according to a built-in list. An example one includes the following list: archives, databases, backups, documents, multimedia files and etc. All of them will receive the .EOG1B extension and an appropriate ransomware note will be crafted by the virus.

.EOG1B Files Virus – What Does It Do?

The .EOG1B Files Virus is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.

You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.

The .EOG1B Files Virus cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove .EOG1B Files Virus

If your computer system got infected with the .EOG1B Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share