sanjay mehta 6 Posted May 12, 2017 Share Posted May 12, 2017 one of my client using eset on 200 PCs with ERAS badly infected by jaff ransomware. the infection was noticed on a NAS drive which was shared as a drive on few PCs. today all the PCs having the NAS disk drive as a share are down. eset is installed on all computers. matter urgent & very serious. any help will be appreciated. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 12, 2017 Administrators Share Posted May 12, 2017 It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not. Make sure that: - the latest version of ESET (v6) is installed on all machines in LAN - LiveGrid is enabled - HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled - no dangerous exclusions are set - all Windows hotfixes are installed I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP. Link to comment Share on other sites More sharing options...
mathze 0 Posted May 28, 2017 Share Posted May 28, 2017 On 12.5.2017 at 9:11 PM, Marcos said: It's Filecoder.NLI. We are currently analyzing it and therefore it's impossible to tell now if decryption will be possible or not. Make sure that: - the latest version of ESET (v6) is installed on all machines in LAN - LiveGrid is enabled - HIPS, Advanced Memory Scanner, Exploit Blocker and Self-defense is enabled - no dangerous exclusions are set - all Windows hotfixes are installed I'd also recommend protecting ESET settings with a password and disabling or at least securing RDP. hello marco, do you have new informations for us? 1. the virus was download by loading via an spam mail. 2. the mail has a zip-in-zip file without password. 3. why can start users on a ts-server the script. 4. the scanengine has not stop the download and user-process. why? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted May 28, 2017 Administrators Share Posted May 28, 2017 Files encrypted by Filecoder.Jaff can be decoded. As for the script, if you have an undetected one, please submit it to ESET as per the instructions linked in my signature. Once a detection has been added, it must be detected and blocked upon access. Link to comment Share on other sites More sharing options...
mathze 0 Posted May 29, 2017 Share Posted May 29, 2017 (edited) 3 hours ago, Marcos said: Files encrypted by Filecoder.Jaff can be decoded. As for the script, if you have an undetected one, please submit it to ESET as per the instructions linked in my signature. Once a detection has been added, it must be detected and blocked upon access. Ok, how can i find the tool for decoding??? what file is needed, i have the spam mail with the zip-in-zip file whitch include the script. or is the "virus" needed, i have the files collected via a testmachine in a virtual-pc.and i have grabbed the domain-names the needed by virus where should i send it all thx mathze Edited May 29, 2017 by mathze Link to comment Share on other sites More sharing options...
Recommended Posts