Zagor 0 Posted September 26, 2019 Share Posted September 26, 2019 (edited) Hello, my colleague got a password protected attachment from a customer email, she opened it (the content is a .doc file) but nothing happened. Then she sent it to me saying: "I cannot read this zip file", and I opened it too, with same result. Only after I realized that the email was probably a fake one ! 😞 After that I performed a full scan with Eset (Endpoint 5.0), but it didn't find anything. I tried to directly scan the ZIP file, but it is password protected so Eset can't analyze it. How can I check whether I got a malware ? If it might be useful I can upload the suspicious ZIP file. Thanks and bye. Edited September 26, 2019 by Zagor added info Link to comment Share on other sites More sharing options...
Zagor 0 Posted September 30, 2019 Author Share Posted September 30, 2019 Hi, I have an update: I checked my computer with Nod32 and other 3 antivirus software, but all of them didn't find anything. Can I reassure myself about my PC being clean ? Is it possible that the suspicius file actually didn't take any action ? I attach the scan of the suspiciuos file performed on the www.virustotal.com web site. Thanks for any hint/suggestion. Z. Link to comment Share on other sites More sharing options...
Zagor 0 Posted October 17, 2019 Author Share Posted October 17, 2019 Hi all, did nobody really face this situation ? Are all of those malware identified by virustotal dangerous or not ? Might there be a hidden ransomware with delayed activation ? Thanks and bye, Z. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted October 17, 2019 Administrators Share Posted October 17, 2019 Since the doc file is not detected only by ESET but also by other AVs, it's unlikely to be clean. However, after scanning the file with ESET the malicious macro should have been sanitized and the file should be no longer detected by us (some other AVs may still detect it though). Link to comment Share on other sites More sharing options...
Zagor 0 Posted October 17, 2019 Author Share Posted October 17, 2019 (edited) Thanks Marcos, when I opened the doc the first time no popup warning was displayed by Nod32, is it possible that something has been installed at that time ? After having realized this, I performed full scan with Nod32, Spybot s&d, Zemana, Malwarebytes and HitmanPro, but they didn't find anything serious. Can I consider my PC clean or I should perform a deeper analysis (and in case how) ? Thanks again, Z. Edited October 17, 2019 by Zagor Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted October 17, 2019 Administrators Share Posted October 17, 2019 It's impossible to tell what could have happened when you ran the file. The thing is the payload on servers may change in time, there may be no payload at times, connections to the server may fail, the downloaded payload may be undetected, etc. If running a full disk scan doesn't reveal any threat on the machine, I'd consider it clean. Link to comment Share on other sites More sharing options...
Zagor 0 Posted October 23, 2019 Author Share Posted October 23, 2019 Hi Marcos, I have an update, I discovered that my case was an attempt of the FTCODE ransomware. Following the description given here I searched for all the features, but I found nothing, neither any file was encrypted, so I think it definitely didn't activate for some reasons. Do you agree ? Bye, Z. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted October 23, 2019 Most Valued Members Share Posted October 23, 2019 Better also to stay away from suspicious files especially Attachments that you don't expect them to come. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,919 Posted October 23, 2019 Administrators Share Posted October 23, 2019 You initially posted in September but that "FTCODE" ransowmare is relatively new, hence I think it was something different and the downloader was supposed to download a different malware. Link to comment Share on other sites More sharing options...
Recommended Posts