Win32/Filecoder.HydraCrypt not deleted

[hungtt 1]

Hi all,

I'm using ESET ENDPOINT ANTIVIRUS.

My client detected Win32/Filecoder.HydraCrypt but it not deteted or clean.On ERA server, report on this client with this virus sign ACTION is NULL .

Please help me check this.

 

[Marcos 5,070]

That's because an action selection is required when payment instructions are detected unless you switch the cleaning mode from standard to strict cleaning. However, at this point the bigger issue is that files on that computer were encrypted and it's important to find out what happened. Please run ESET Log Collector on the infected machine and drop me a pm with the output archive attached. For instructions, see the link in my signature.

[hungtt 1]

Hi Marcos,

This is my ELC log.

eea_logs.zip

[Marcos 5,070]

ESET was installed just yesterday, ie. after the encryption occurred. The detection for Filecoder.Hydracrypt that encrypted the files was added on Feb 2.

[hungtt 1]

Hi Marcos,

So after infected, ESET can not clean this ransomware ?

I don't desire decrypt files.I want clean my system after infected.