Jump to content

Filecoder Stop


Recommended Posts

  • ESET Insiders

Did the STOP definition receive any updates? Did a scan last night which was clean. Def 21274 was used. Did a scan tonight with Def 21278 and have a Win32/Filecoder.STOP detection. Hadn't received any detection from RTP in between said scans. 

Link to comment
Share on other sites

Are your files encrypted? Hopefully not.

Post a screen shot of the detection from the Eset Detection log.

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders

No, they're not. There's no indication of any infection. It's in my Opera Cache, which isn't a known vector of STOP which i'm aware of.

2020-05-05.png

Link to comment
Share on other sites

You can submit the quarantined entry to Eset for analysis and ask for a verification if its actually malicious.

Link to comment
Share on other sites

  • Administrators

Unfortunately I was unable to find any Filecoder.STOP-related file among today's submissions. Did you submit it anonymously or with your forum registration email address?

Do you have any files except cache.ndb in "C:\ProgramData\ESET\ESET Security\Charon" ? I've tested file submission myself and it worked.

 

Link to comment
Share on other sites

  • ESET Insiders

Theres the log entry for the submission if that helps track it down. I'm in US Eastern time zone if timestamp helps.1485326763_2020-05-06(3).png.51bd123c2141ba256112fe465ab4b1ec.png

Link to comment
Share on other sites

  • Administrators

I've found it submitted. Actually the problem is that on the website the ransomware note was inserted in a raw form without any html formatting (after <pre> and <code> tags) which triggered the detection.

Link to comment
Share on other sites

  • ESET Insiders

Thinking some more, isn't this technically a FP? Is that why RTP didn't alert while I was on the page?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...