Jump to content


ESET Insiders
  • Content Count

  • Joined

  • Last visited

  • Days Won


BALTAGY last won the day on December 9 2019

BALTAGY had the most liked content!

Profile Information

  • Gender
  • Location
    Please select

Recent Profile Visitors

3,180 profile views
  1. That's what i'm talking about, also many users won't even know it's a ransomware and could be waiting online for sometime then the ransom will keep downloading other viruses etc until the system freeze and you can't open it and for sure the ransom note also will be gone and you can't use it if the Decryptor require it This scenario can easily happen, if the anti-ransomware need to read the ransom note to be triggered then it also can read it and leave it
  2. how encryption occurred is not in ransom note, ransom note only contain info how to pay and emails and the important part is the id Even if anyone removed the ransomware it self from the system and didn't delete the ransom note it won't do anything but it will help the user to determine the ransom name and version by uploading it to some sites like id ransomware I hope you consider leaving the note as it contain an important info and if something wrong happen to the system the user may not be able to recover the files without it like GandCrab it's ransom note is important to recover the
  3. Why it must be detected if it harmless ? i'm just curios
  4. Not sure i get what you mean ? Yes the user is asked but if you choose ignore it will keep come up many times until you exclude it or delete it I just want to know what the point of delete the ransom note ? it's harmless also if ESET can't detect the ransomware it self and only delete the ransom note after sometime while ransom is running and downloading other viruses etc, the user may not be able to recover the note from quarantine
  5. You mean this option ? Also i know it can be restored but i must disable the protection to restore it What the point of deleting it ? Here's an example, it's being deleted via database, and here's virus total https://www.virustotal.com/gui/file/c65b7b3734f8f42687487c69c50da5ba31915d092ae8bca3ae4d1670300f652c/detection _readme.rar
  6. Hi, Why ESET is deleting Ransomware notes ? it contain important info like ID that can be used to decrypt the encrypted files ! Thanks
  7. I remember i did read something about it but did search and didn't find anything, thanks for the info
  8. Isn't these testes act like a real ransomware ? why ESET don't block the operation of encrypting these files ?
  9. Hi, I came across this tool that should be testing some ransomware scenarios Original link https://www.comss.ru/page.php?id=3594 Shouldn't be ESET block these testes ?
  10. I was just testing the custom scan now and selected "Operating memory,Boot sector, WMI, System registry, Desktop" I see some files being scanned too many times like storage.dll in SysWOW64 And some files took ESET sometime to finish ( i can send one of them if you like ) Scan finished after 25min Did a custom scan again for the C drive ( System Drive ) with Boot sectors and UEFI selected by defaults and scan finished after 5min only
  • Create New...