[mrpeterson@cock.li].GFS Files (GEFEST Ransomware) - Como remover

[mrpeterson@cock.li].GFS Files (GEFEST Ransomware) – Como remover

This article is made to explain to you what is the [mrpeterson@cock.li].GFS files ransomware virus and how you can remove this variant of Gefest ransomware from your computer and how you can try and restaurar .GFS arquivos criptografados.

Um vírus ransomware, using the .GFS extension was recently detected to cause a heap of trouble for users. The malware may or may not be a version, deriving from the

Scarab Gefest família de vírus. This is a virus that enters your computer silently and then performs number of malicious activities that result in you no longer being able to open your files because they are encrypted. The encrypted files have overwritten data in them, preventing them from being used and we are talking about the most commonly used file types on the infected computer. depois de criptografia, a ransom note is dropped, chamado “Como recuperar CIFRADA files.txt” and it has instructions for victims how they can pay ransom to buy off the access to their files againsomething which is NOT recommended. Se o seu computador foi infectado pelo [mrpeterson@cock.li].GFS files ransomware, read this article to learn how to remove this ransomware safely and how to try other methods to restore your files, that do not involve paying criminal hackers.

Resumo ameaça

Nome[mrpeterson@cock.li].GFS GEFEST Virus
Tiporansomware, Cryptovirus
Pequena descriçãoPossibly a variant of Gefest Ransomware. Encrypts files and asks victims of infected computers to pay ransom in cryptocurrecnies to get the files to be decoded and work again.
Os sintomasInfects the computer and then adds the [mrpeterson@cock.li].GFS extensão de arquivo. O ransomware também adiciona a “Como recuperar CIFRADA files.txt” bilhete de resgate, contendo a mensagem extortionist.
distribuição MétodoOs e-mails de spam, Anexos de e-mail, arquivos executáveis
Ferramenta de detecção Veja se o seu sistema tem sido afetada por [mrpeterson@cock.li].GFS GEFEST Virus


Remoção de Malware Ferramenta

Experiência de usuárioParticipe do nosso Fórum discutir [mrpeterson@cock.li].GFS GEFEST Virus.
Ferramenta de recuperação de dadosWindows Data Recovery por Stellar Phoenix Aviso prévio! Este produto verifica seus setores de unidade para recuperar arquivos perdidos e não pode recuperar 100% dos arquivos criptografados, mas apenas alguns deles, dependendo da situação e se você tem ou não reformatado a unidade.

[mrpeterson@cock.li].GFS Files Ransomware – How Did I Get It

The most likely method via which your computer may have caught the [mrpeterson@cock.li].GFS Files Virus could be if you opened a malicious e-mail attachment. Usually e-mails account for over 80% of ransomware infection and the GEFEST virus being of this type, it may be spread via this method. What the crooks do is they send you an e-mail, containing the infection file off GEFEST ransomware and this file could be pretending to be:

  • Uma fatura.
  • Recibo de compra.
  • Report for a revoked plane ticket or an online purchase.
  • Document from a bank, concerning a loan or something similar.
  • Document stating you broke the law.

Another likely scenario via which viruses, gostar GEFEST ransomware could be spread is for the crooks to upload the infection file on multiple third-party sites and wait for the victim to download the virus and open it. Usually these sites are low-reputation websites or compromised WordPress sites, where the malware may reside, pretendendo ser:

  • A software setup.
  • Portable program./span>
  • Activator for a license.
  • fenda.
  • gerador de chaves.

[mrpeterson@cock.li].GFS Files Ransomware – Atividade

Once your computer becomes a victims with [mrpeterson@cock.li].GFS ransomware arquivo, the virus’s files may be dropped in the following directories:

  • %Dados do aplicativo%
  • %Roaming%
  • %temp%
  • %Local%
  • %LocalLow%

o [mrpeterson@cock.li].GFS ransomware may also drop its ransom note file on the infected computers. Ele tem o seguinte conteúdo:

“Como recuperar CIFRADA files.txt” ransom note’s content:


Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.

Há apenas uma maneira de obter o seu arquivos de volta: entre em contato conosco, pagar, and get decryptor software.

Aceitamos Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io

You have unique idkey , write it in letter when contact with us.

Also you can decrypt 1 arquivo de teste, a sua garantia que podemos decifrar seus arquivos.


Não renomear arquivos criptografados.

Não tente decifrar seus dados usando software de terceiros, ele pode causar perda permanente de dados.

Informações de contato:

primary email: mrpeterson@cock.li

reserve email: debora2019@airmail.cc

Your unique idkey:

Besides te ransom note, victims can also miss out multiple hidden activiites that may be done by the [mrpeterson@cock.li].GFS virus, tal como:

  • Execute commands in Windows Command Prompt.
  • Obtain your location and IP address.
  • Execute escalação de privilégios.
  • Obtain administrator permissions.
  • criar mutexes.

além disso, the GEFEST Ransomware virus may also tamper with the Run an RunOnce registry sub-keys, where value strings with data may be created in order to run the virus file each time you start Windows. Os sub-chaves têm os seguintes locais:

→ HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Run
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Run
HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunOnce
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion RunOnce

o [mrpeterson@cock.li].GFS may also delete the shadow copies on the computers that have been infected by it by executing the following commands as an administrator on victimized machines:

→ VVS sc stop
wscsvc parada sc
parada WinDefend sc
wuauserv parar sc
BITS sc stop
sc stop ERSvc
sc stop WerSvc
cmd / C bcdedit / conjunto {padrão} recoveryenabled Não
cmd / C bcdedit / conjunto {padrão} ignoreallfailures bootstatuspolicy
C:\Windows System32 cmd.exe”/ C Vssadmin.exe Apagar Sombras / All / Quiet

[mrpeterson@cock.li].GFS Ransomware – Encryption

The files that could become encrypted as a result of an infection with [mrpeterson@cock.li].GFS ransomware could end up to be from the following file types:

→ “PNG PSD .PSPIMAGE .TGA THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .indd .PCT .PDF .xlr .XLS .XLSX .ACCDB .DB DBF MDB .PDB .SQL .apk Ficheiros .APP .BAT .CGI .COM .EXE .gadget .JAR .pif .wsf .dem .GAM NES .ROM .SAV CAD DWG DXF GIS .GPX .KML .kmz .ASP .ASPX .CER .CFM .csr .CSS .HTM .HTML .JS .jsp .PHP .rss .xhtml. DOC .DOCX .LOG .MSG .ODT .páginas .RTF .tex .TXT .WPD .WPS .CSV .DAT .ged .KEY .KEYCHAIN ​​.pps .PPT .PPTX ..INI .PRF arquivos codificados .HQX .mim .UUE .7z .cbr .DEB .GZ .PKG .RAR .RPM .SITX .tar.gz .ZIP .zipx .BIN CUE .DMG .ISO .MDF .toast .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Áudio Ficheiros .aif .IFF .M3U .M4A .MID .MP3 O AMF .WAV .WMA Vídeo .3g2 .3GP .ASF .AVI FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3dm .3DS .MAX .OBJ R.BMP .dds .GIF .JPG ..CRX .plugin .FNT .FON .OTF .TTF CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .icns .ICO LNK .SYS .CFG”

After GEFEST ransomware encrypts those files, the virus may generate a uniuqe RSA decryption key for each file, which makes decrption much more difficult than normal. The ransomware may then leave the files looking like the following:

Remove GEFEST Ransomware and Try Restoring .GFS Files

If you want to get rid of the Gefest ransomware virus, we strongly advise you to do a backup of your files first, even though they cannot be opened. This is done to make sure that your files do not get permanently damaged during the removal process. The safest process is to create a system image of Windows, instructions for which can be found on the following URL. This avoids damage to your files by CBC(cipher block chaining) and other mechanisms ransomware viruses, like GEFEST may use to permanently damage your files if you tamper with them or try to change their extension.

Remover GEFEST Ransomware, you are welcome to try the manual removal steps underneath this article. Their main idea is to help you manually find and delete the files of GEFEST ransomware Do seu computador. If manual removal does not work or you want a fast and effective solution, then we recommend that you follow the automatic removal steps under step 1 e 2 abaixo. They include scanning your computer with an advanced anti-malware software, the main idea of which is to scan your computer easily and detect and remove any virus files, pertencendo à GEFEST ransomware automatically from it. Installing such software also minimises the risk of your computer becoming a ransomware victim in the future too.

If you want to try and recover your files, you can see the “Tente restaurar” passo por baixo. It contains a lot of file recovery methods that can assist you in getting at least some of your data back. Be advised that the methods may not be 100% eficaz, but they are a good temporary solution, at least until researchers release a working decryption tool, which will be added in this article as an update when released. Keep following this post for further updates on the situation.


Ventsislav Krastev

Ventsislav tem vindo a cobrir o mais recente de malware, desenvolvimentos de software e mais recente tecnologia em SensorsTechForum para 3 anos. Ele começou como um administrador de rede. Formado marketing bem, Ventsislav também tem paixão pela descoberta de novas mudanças e inovações em cibersegurança que se tornam mudanças do jogo. Depois de estudar Gestão da Cadeia de Valor e, em seguida, Administração de Rede, ele encontrou sua paixão dentro cybersecrurity e é um crente forte na educação básica de cada usuário para a segurança on-line.

mais Posts - Local na rede Internet

Me siga:

2 Comentários

  1. Avatarmarcos

    estou com esta encriptação em meus arquivosso q nao sabia ainda do que se tratava formatei meu pce agora nao tem nenhuma chave de decriptação…. e perdi as artes da gráfica q trabalhoo.O

  2. AvatarSZA



Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar