mplitm 0 Posted July 31, 2021 Share Posted July 31, 2021 I have a windows 7 PC with ESET Endpoint antivirus V5.0.2214.4, everything was working fine till yesterday eve. When I had logged into my pc today morning I have found an extra (local) admin account on logon screen, no logon pictures. upon signing in countered a warning txt file stating my system is attacked and files are decrypted. asked me to come onto tox.chat for discussion. encrypted file names are like = filename.[04C55B56].[.]makop Guide me what to do now? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 31, 2021 Administrators Share Posted July 31, 2021 Files were encrypted by Filecoder.Phobos. Unfortunately decryption is not possible. EEA v5 is very old and reached EOL in Dec 2020. Please uninstall it and install the latest Endpoint v8.1 (Windows 7 SP1 or newer). You can provide me with logs collected with ESET Log Collector so that I can review your configuration and recommend settings that you could enable for maximum protection, if necessary. Also I'd recommend purchasing ESET Dynamic Threat Defense which can be set up to block execution of unknown untrusted files unless analysis in ESET's cloud sandbox has completed. Link to comment Share on other sites More sharing options...
mplitm 0 Posted July 31, 2021 Author Share Posted July 31, 2021 Logs are attached here. (ELC_logs.zip). I am well aware about EEA's EOL but thing is it ain't detected that ransomware. I am not able to install anything on that PC . i can't find a workaround except a clean OS installation which is really not an option for me. Plus i have a ton of encrypted data on a 2nd HDD that was attached. There definitely would be a solution, it's ain't a new kinda ransomware. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 31, 2021 Administrators Share Posted July 31, 2021 ESET Security is not installed, only ERA Server v5.3 and Console are. As I wrote, Endpoint Antivirus v5 is very old and reach EOL last year. As such doesn't contain any modern protection features to protect you from ransomware, RDP attacks, etc. As already mentioned, files encrypted by Filecoder.Phobos cannot be decrypted. You may, however, keep important encrypted files in case that decryption would be possible in the future. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 31, 2021 Share Posted July 31, 2021 2 hours ago, Marcos said: ESET Security is not installed, only ERA Server v5.3 and Console are. Can those be installed on a Win 7 device? OP posted he was using Win 7 OS. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 31, 2021 Administrators Share Posted July 31, 2021 54 minutes ago, itman said: Can those be installed on a Win 7 device? OP posted he was using Win 7 OS. I overlooked this info. However, the latest version Endpoint can be installed on Windows 7 as long as updates adding SHA-2 code signing support are installed. Another question is using an OS that was already discontinued and doesn't receive security updates. If security matters, we recommend using an OS that is fully supported by its maker. Link to comment Share on other sites More sharing options...
Recommended Posts