JAMEWT 4 Posted August 8, 2014 Posted August 8, 2014 (edited) SAMPLES SENT TO ESET new cryptolocker variant***********************************************************************************************FIle downloaded from: hxxp://5.199.171.47/patriote/sansviolenceC&C IP address:5.199.171.47*********************************************************************************************************Can you please add detection? Edited August 8, 2014 by JAMEWT
Solution JAMEWT 4 Posted August 8, 2014 Author Solution Posted August 8, 2014 Thank you for your submission.The detection for this threat will be included in our next signature update.sansviolence.exe - Win32/Filecoder.NCD trojan
Administrators Marcos 5,468 Posted August 8, 2014 Administrators Posted August 8, 2014 Blocked in cloud already. Undetected by most AVs in VirusTotal: McAfee Artemis!3772A3DEEB78Symantec WS.Reputation.1TrendMicro-HouseCall Suspicious_GEN.F47V0806NANO-Antivirus Trojan.Win32.ArchSMS.ctpuyzDrWeb Trojan.Encoder.740
JAMEWT 4 Posted August 8, 2014 Author Posted August 8, 2014 i know that "Undetected by most AVs in VirusTotal:" but sorry but don't meaning nothing ... last or least .. understand what i meaning however i SUD to you and you add detection -- VERY GOOD WORK
SweX 871 Posted August 8, 2014 Posted August 8, 2014 Blocked in cloud already. On execution I assume? Most home "testers" does not execute the samples but only right-click and scan so LiveGrid blocks/detections when no signature for that sample has been released yet wouldn't come into action for them, or any similar feature in other products. They only test against the signatures, if there is no sig then it will not be detected. So AMS and AH on execution doesn't come into the game either.
rugk 397 Posted August 8, 2014 Posted August 8, 2014 (edited) And now it's added (VSD 10224)! hxxp://www.virusradar.com/en/Win32_Filecoder.NCD/description Edited August 8, 2014 by rugk
rugk 397 Posted August 8, 2014 Posted August 8, 2014 (edited) By the way: @@JAMEWT (ESET member) You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? And after this all you praise yourself (ok or ESET)?! I think there is something wrong! Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? Edit2: OK, I see it's a downloader for this cryptolocker... Edited August 8, 2014 by rugk
JAMEWT 4 Posted August 8, 2014 Author Posted August 8, 2014 By the way: @@JAMEWT (ESET member) You found this threat, post it here, said thanks to yourself and also said to yourself that you added detection? And after this all you praise yourself (ok or ESET)?! I think there is something wrong! Edit: BTW: You also reported another Cryptolocker here . Is it the same cryptolocker? Or do like to have a second sight a second time and say it will be added? Edit2: OK, I see it's a downloader for this cryptolocker... i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail I also reported another Cryptolocker = is not the same criptolocker
Administrators Marcos 5,468 Posted August 8, 2014 Administrators Posted August 8, 2014 Keybtc.btc - will be detected as BAT/Filecoder.H trojan.
User 13 Posted August 8, 2014 Posted August 8, 2014 (edited) i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail You should then mark that text as quote. Edited August 8, 2014 by User
rugk 397 Posted August 8, 2014 Posted August 8, 2014 i report the mail receive from ESET , and not thanks to me but thanks to the text inside the post from eset because ESET not answer here but to mail You should then mark that text as quote. I agree. Then it would be not such confusing.
Recommended Posts