Jump to content

.makop ransomware attacked my PC


Recommended Posts

I have a windows 7 PC with ESET Endpoint antivirus V5.0.2214.4, everything was working fine till yesterday eve.

When I had logged into my pc today morning I have found an extra (local) admin account on logon screen, no logon pictures. upon signing in countered a warning txt file stating my system is attacked and files are decrypted. 

asked me to come onto tox.chat for discussion.

encrypted file names are like = filename.[04C55B56].[.]makop 

Guide me what to do now?

Link to comment
Share on other sites

  • Administrators

Files were encrypted by Filecoder.Phobos. Unfortunately decryption is not possible.

EEA v5 is very old and reached EOL in Dec 2020. Please uninstall it and install the latest Endpoint v8.1 (Windows 7 SP1 or newer).

You can provide me with logs collected with ESET Log Collector so that I can review your configuration and recommend settings that you could enable for maximum protection, if necessary.

Also I'd recommend purchasing ESET Dynamic Threat Defense which can be set up to block execution of unknown untrusted files unless analysis in ESET's cloud sandbox has completed.

Link to comment
Share on other sites

Logs are attached here. (ELC_logs.zip).

I am well aware about EEA's EOL but thing is it ain't detected that ransomware.


I am not able to install anything on that PC . i can't find a workaround except a clean OS installation which is really not an option for me. Plus i have a ton of encrypted data on a 2nd HDD that was attached.

There definitely would be a solution, it's ain't a new kinda ransomware.

Link to comment
Share on other sites

  • Administrators

ESET Security is not installed, only ERA Server v5.3 and Console are.

As I wrote, Endpoint Antivirus v5 is very old and reach EOL last year. As such doesn't contain any modern protection features to protect you from ransomware, RDP attacks, etc.

As already mentioned, files encrypted by Filecoder.Phobos cannot be decrypted. You may, however, keep important encrypted files in case that decryption would be possible in the future.

Link to comment
Share on other sites

2 hours ago, Marcos said:

ESET Security is not installed, only ERA Server v5.3 and Console are.

Can those be installed on a Win 7 device? OP posted he was using Win 7 OS.

Link to comment
Share on other sites

  • Administrators
54 minutes ago, itman said:

Can those be installed on a Win 7 device? OP posted he was using Win 7 OS.

I overlooked this info. However, the latest version Endpoint can be installed on Windows 7 as long as updates adding SHA-2 code signing support are installed.

Another question is using an OS that was already discontinued and doesn't receive security updates. If security matters, we recommend using an OS that is fully supported by its maker.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...