hungtt 1 Posted March 8, 2017 Share Posted March 8, 2017 Hi all, I'm using ESET ENDPOINT ANTIVIRUS. My client detected Win32/Filecoder.HydraCrypt but it not deteted or clean.On ERA server, report on this client with this virus sign ACTION is NULL . Please help me check this. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted March 8, 2017 Administrators Share Posted March 8, 2017 That's because an action selection is required when payment instructions are detected unless you switch the cleaning mode from standard to strict cleaning. However, at this point the bigger issue is that files on that computer were encrypted and it's important to find out what happened. Please run ESET Log Collector on the infected machine and drop me a pm with the output archive attached. For instructions, see the link in my signature. Link to comment Share on other sites More sharing options...
hungtt 1 Posted March 8, 2017 Author Share Posted March 8, 2017 Hi Marcos, This is my ELC log. eea_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,694 Posted March 8, 2017 Administrators Share Posted March 8, 2017 ESET was installed just yesterday, ie. after the encryption occurred. The detection for Filecoder.Hydracrypt that encrypted the files was added on Feb 2. Link to comment Share on other sites More sharing options...
hungtt 1 Posted March 8, 2017 Author Share Posted March 8, 2017 Hi Marcos, So after infected, ESET can not clean this ransomware ? I don't desire decrypt files.I want clean my system after infected. Link to comment Share on other sites More sharing options...
Recommended Posts