Steward 0 Posted May 18, 2022 Share Posted May 18, 2022 Hey guys, I was encryrted by a ransomware with the extension URR.exe ☠️, ESET Antivirus version did not detecte it at all 😒, so I installed Premiun version and ESET removed it complety from my system, please check why the Antivirus version did not detect it? thx! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted May 18, 2022 Administrators Share Posted May 18, 2022 Please provide: 1, Log collected with ESET Log Collector 2, The ransowmare note with payment instructions 3, A couple of encrypted Office documents. Basically there should not be any difference in ransomware detection unless it was detected by ESSP during a LiveGuard sandbox analysis. Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 18, 2022 Share Posted May 18, 2022 5 hours ago, Steward said: Hey guys, I was encryrted by a ransomware with the extension URR.exe I assume your files are still encrypted? Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted May 21, 2022 Most Valued Members Share Posted May 21, 2022 Please also tell us the version of nod32 you had. If it was a very old version it may not have had the ransomware protection Link to comment Share on other sites More sharing options...
nexon 8 Posted May 25, 2022 Share Posted May 25, 2022 I also test in Virtual Machine ransomware but few files renamed and cant use... ESSP full scan after that and found nothing. This is only Virtual Machine but in real - my files will be lost... Eset doesnt create backup of files like other av and if i am infected virus will be removed and files restored. Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 25, 2022 Share Posted May 25, 2022 1 hour ago, nexon said: I also test in Virtual Machine ransomware but few files renamed and cant use. If only a few files were encrypted, then Eset Ransomware Shield protection performed as expected. Link to comment Share on other sites More sharing options...
nexon 8 Posted May 25, 2022 Share Posted May 25, 2022 6 minutes ago, itman said: If only a few files were encrypted, then Eset Ransomware Shield protection performed as expected. Expected? 🙂 One folder complete... Nothing is expected... Expected is that restore my files. What if i have one most important file and will encrypted? It is expected no problem? Every file encrypted is a big problem. If antivirus really working fine then none of the file will be not encrypted! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted May 25, 2022 Administrators Share Posted May 25, 2022 So what is the SHA1 of the undetected ransomware? Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 25, 2022 Share Posted May 25, 2022 1 minute ago, nexon said: If antivirus really working fine then none of the file will be not encrypted! In a perfect "anti-ransomware" solution, this would be the case. Unfortunately, few to none such solutions exist. The same behavior happens using Kaspersky. In most cases, the encrypted files can be recovered due to Kaspersky's System Watcher; i.e. system shapshoting, feature. Link to comment Share on other sites More sharing options...
nexon 8 Posted May 25, 2022 Share Posted May 25, 2022 Marcos - dont know... I dow loaded folder most popular samples of ransomware trojans etc.. For example there is petya or wannacry... Virlock or something like that. Itman- yes system watcher is a genial feature it saves my as$ 2 or 3 Times when i saw that changes rolled back (files restored) but this was happen on real Machine.. Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 25, 2022 Share Posted May 25, 2022 17 minutes ago, nexon said: Expected? 🙂 One folder complete... Are you referring to one of the folders associated with logged on C:\Users directory such as Documents, Pictures, etc.? If so, which folder was it? Or, are you referring to a sub-folder stored in one of the above noted folders? Link to comment Share on other sites More sharing options...
nexon 8 Posted May 25, 2022 Share Posted May 25, 2022 Created folder on desktop. Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 25, 2022 Share Posted May 25, 2022 (edited) 1 hour ago, nexon said: Created folder on desktop. My best guess here is desktop folders are not being actively being monitored for ransomware activity. For example in Microsoft Defender, the desktop is not a folder set up for protected access: Quote Windows system folders are protected by default Windows system folders are protected by default, along with several other folders: The protected folders include common system folders (including boot sectors), and you can add additional folders. You can also allow apps to give them access to the protected folders. The Windows systems folders that are protected by default are: c:\Users\<username>\Documents c:\Users\Public\Documents c:\Users\<username>\Pictures c:\Users\Public\Pictures c:\Users\Public\Videos c:\Users\<username>\Videos c:\Users\<username>\Music c:\Users\Public\Music c:\Users\<username>\Favorites https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide Edited May 25, 2022 by itman Link to comment Share on other sites More sharing options...
nexon 8 Posted May 25, 2022 Share Posted May 25, 2022 Hmm interesting.. I ran everything from desktop or downloads.. and no problem with kaspersky for example but with eset.... Link to comment Share on other sites More sharing options...
itman 1,752 Posted May 25, 2022 Share Posted May 25, 2022 (edited) 6 hours ago, nexon said: Marcos - dont know... I dow loaded folder most popular samples of ransomware trojans etc. Check your Eset Detections log. Eset obviously detected the ransomware, or all your user directory folders would have been encrypted. Post the log entry associated with the ransomware detection. Edited May 25, 2022 by itman Link to comment Share on other sites More sharing options...
TheStill 29 Posted May 26, 2022 Share Posted May 26, 2022 19 hours ago, nexon said: Expected? 🙂 One folder complete... Nothing is expected... Expected is that restore my files. What if i have one most important file and will encrypted? It is expected no problem? Every file encrypted is a big problem. If antivirus really working fine then none of the file will be not encrypted! For important files never rely on others to protect your only copy. That includes multi-billion dollar companies like Microsoft and Google. Keep multiple backups in multiple locations. Then when something like this happens you simply delete those corrupted files and restore them from a backup. This gets you back up and running in minutes and renders these ransomware attacks an inconvenience at most. LesRMed and peteyt 2 Link to comment Share on other sites More sharing options...
nexon 8 Posted May 26, 2022 Share Posted May 26, 2022 Yes i know i have back up that is 1st priority of course. Link to comment Share on other sites More sharing options...
Recommended Posts