Jump to content

Recommended Posts

  • ESET Insiders
Posted

Did the STOP definition receive any updates? Did a scan last night which was clean. Def 21274 was used. Did a scan tonight with Def 21278 and have a Win32/Filecoder.STOP detection. Hadn't received any detection from RTP in between said scans. 

Posted (edited)

Are your files encrypted? Hopefully not.

Post a screen shot of the detection from the Eset Detection log.

Edited by itman
  • ESET Insiders
Posted

No, they're not. There's no indication of any infection. It's in my Opera Cache, which isn't a known vector of STOP which i'm aware of.

2020-05-05.png

Posted

You can submit the quarantined entry to Eset for analysis and ask for a verification if its actually malicious.

  • Administrators
Posted

Unfortunately I was unable to find any Filecoder.STOP-related file among today's submissions. Did you submit it anonymously or with your forum registration email address?

Do you have any files except cache.ndb in "C:\ProgramData\ESET\ESET Security\Charon" ? I've tested file submission myself and it worked.

 

  • ESET Insiders
Posted

No, that's the only files there.

2020-05-06.png

2020-05-06 (2).png

  • ESET Insiders
Posted

Theres the log entry for the submission if that helps track it down. I'm in US Eastern time zone if timestamp helps.1485326763_2020-05-06(3).png.51bd123c2141ba256112fe465ab4b1ec.png

  • Administrators
Posted

I've found it submitted. Actually the problem is that on the website the ransomware note was inserted in a raw form without any html formatting (after <pre> and <code> tags) which triggered the detection.

  • ESET Insiders
Posted

Thanks Marcos

  • ESET Insiders
Posted

Thinking some more, isn't this technically a FP? Is that why RTP didn't alert while I was on the page?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...