ESET Insiders NewbyUser 72 Posted May 5, 2020 ESET Insiders Share Posted May 5, 2020 Did the STOP definition receive any updates? Did a scan last night which was clean. Def 21274 was used. Did a scan tonight with Def 21278 and have a Win32/Filecoder.STOP detection. Hadn't received any detection from RTP in between said scans. Link to comment Share on other sites More sharing options...
itman 1,627 Posted May 5, 2020 Share Posted May 5, 2020 (edited) Are your files encrypted? Hopefully not. Post a screen shot of the detection from the Eset Detection log. Edited May 5, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 5, 2020 Author ESET Insiders Share Posted May 5, 2020 No, they're not. There's no indication of any infection. It's in my Opera Cache, which isn't a known vector of STOP which i'm aware of. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 5, 2020 Author ESET Insiders Share Posted May 5, 2020 Link to comment Share on other sites More sharing options...
itman 1,627 Posted May 6, 2020 Share Posted May 6, 2020 You can submit the quarantined entry to Eset for analysis and ask for a verification if its actually malicious. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 6, 2020 Author ESET Insiders Share Posted May 6, 2020 Done. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,911 Posted May 6, 2020 Administrators Share Posted May 6, 2020 Unfortunately I was unable to find any Filecoder.STOP-related file among today's submissions. Did you submit it anonymously or with your forum registration email address? Do you have any files except cache.ndb in "C:\ProgramData\ESET\ESET Security\Charon" ? I've tested file submission myself and it worked. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 6, 2020 Author ESET Insiders Share Posted May 6, 2020 No, that's the only files there. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 6, 2020 Author ESET Insiders Share Posted May 6, 2020 Theres the log entry for the submission if that helps track it down. I'm in US Eastern time zone if timestamp helps. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,911 Posted May 6, 2020 Administrators Share Posted May 6, 2020 I've found it submitted. Actually the problem is that on the website the ransomware note was inserted in a raw form without any html formatting (after <pre> and <code> tags) which triggered the detection. NewbyUser 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 6, 2020 Author ESET Insiders Share Posted May 6, 2020 Thanks Marcos Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 72 Posted May 6, 2020 Author ESET Insiders Share Posted May 6, 2020 Thinking some more, isn't this technically a FP? Is that why RTP didn't alert while I was on the page? Link to comment Share on other sites More sharing options...
Recommended Posts