ESET Insiders NewbyUser 74 Posted May 5, 2020 ESET Insiders Posted May 5, 2020 Did the STOP definition receive any updates? Did a scan last night which was clean. Def 21274 was used. Did a scan tonight with Def 21278 and have a Win32/Filecoder.STOP detection. Hadn't received any detection from RTP in between said scans.
itman 1,921 Posted May 5, 2020 Posted May 5, 2020 (edited) Are your files encrypted? Hopefully not. Post a screen shot of the detection from the Eset Detection log. Edited May 5, 2020 by itman
ESET Insiders NewbyUser 74 Posted May 5, 2020 Author ESET Insiders Posted May 5, 2020 No, they're not. There's no indication of any infection. It's in my Opera Cache, which isn't a known vector of STOP which i'm aware of.
itman 1,921 Posted May 6, 2020 Posted May 6, 2020 You can submit the quarantined entry to Eset for analysis and ask for a verification if its actually malicious.
Administrators Marcos 5,733 Posted May 6, 2020 Administrators Posted May 6, 2020 Unfortunately I was unable to find any Filecoder.STOP-related file among today's submissions. Did you submit it anonymously or with your forum registration email address? Do you have any files except cache.ndb in "C:\ProgramData\ESET\ESET Security\Charon" ? I've tested file submission myself and it worked.
ESET Insiders NewbyUser 74 Posted May 6, 2020 Author ESET Insiders Posted May 6, 2020 No, that's the only files there.
ESET Insiders NewbyUser 74 Posted May 6, 2020 Author ESET Insiders Posted May 6, 2020 Theres the log entry for the submission if that helps track it down. I'm in US Eastern time zone if timestamp helps.
Administrators Marcos 5,733 Posted May 6, 2020 Administrators Posted May 6, 2020 I've found it submitted. Actually the problem is that on the website the ransomware note was inserted in a raw form without any html formatting (after <pre> and <code> tags) which triggered the detection. NewbyUser 1
ESET Insiders NewbyUser 74 Posted May 6, 2020 Author ESET Insiders Posted May 6, 2020 Thinking some more, isn't this technically a FP? Is that why RTP didn't alert while I was on the page?
Recommended Posts