Steward 0 Posted May 18 Share Posted May 18 Hey guys, I was encryrted by a ransomware with the extension URR.exe ☠️, ESET Antivirus version did not detecte it at all 😒, so I installed Premiun version and ESET removed it complety from my system, please check why the Antivirus version did not detect it? thx! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted May 18 Administrators Share Posted May 18 Please provide: 1, Log collected with ESET Log Collector 2, The ransowmare note with payment instructions 3, A couple of encrypted Office documents. Basically there should not be any difference in ransomware detection unless it was detected by ESSP during a LiveGuard sandbox analysis. Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 18 Share Posted May 18 5 hours ago, Steward said: Hey guys, I was encryrted by a ransomware with the extension URR.exe I assume your files are still encrypted? Quote Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 297 Posted May 21 Most Valued Members Share Posted May 21 Please also tell us the version of nod32 you had. If it was a very old version it may not have had the ransomware protection Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 25 Share Posted May 25 I also test in Virtual Machine ransomware but few files renamed and cant use... ESSP full scan after that and found nothing. This is only Virtual Machine but in real - my files will be lost... Eset doesnt create backup of files like other av and if i am infected virus will be removed and files restored. Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 25 Share Posted May 25 1 hour ago, nexon said: I also test in Virtual Machine ransomware but few files renamed and cant use. If only a few files were encrypted, then Eset Ransomware Shield protection performed as expected. Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 25 Share Posted May 25 6 minutes ago, itman said: If only a few files were encrypted, then Eset Ransomware Shield protection performed as expected. Expected? 🙂 One folder complete... Nothing is expected... Expected is that restore my files. What if i have one most important file and will encrypted? It is expected no problem? Every file encrypted is a big problem. If antivirus really working fine then none of the file will be not encrypted! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted May 25 Administrators Share Posted May 25 So what is the SHA1 of the undetected ransomware? Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 25 Share Posted May 25 1 minute ago, nexon said: If antivirus really working fine then none of the file will be not encrypted! In a perfect "anti-ransomware" solution, this would be the case. Unfortunately, few to none such solutions exist. The same behavior happens using Kaspersky. In most cases, the encrypted files can be recovered due to Kaspersky's System Watcher; i.e. system shapshoting, feature. Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 25 Share Posted May 25 Marcos - dont know... I dow loaded folder most popular samples of ransomware trojans etc.. For example there is petya or wannacry... Virlock or something like that. Itman- yes system watcher is a genial feature it saves my as$ 2 or 3 Times when i saw that changes rolled back (files restored) but this was happen on real Machine.. Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 25 Share Posted May 25 17 minutes ago, nexon said: Expected? 🙂 One folder complete... Are you referring to one of the folders associated with logged on C:\Users directory such as Documents, Pictures, etc.? If so, which folder was it? Or, are you referring to a sub-folder stored in one of the above noted folders? Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 25 Share Posted May 25 Created folder on desktop. Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 25 Share Posted May 25 (edited) 1 hour ago, nexon said: Created folder on desktop. My best guess here is desktop folders are not being actively being monitored for ransomware activity. For example in Microsoft Defender, the desktop is not a folder set up for protected access: Quote Windows system folders are protected by default Windows system folders are protected by default, along with several other folders: The protected folders include common system folders (including boot sectors), and you can add additional folders. You can also allow apps to give them access to the protected folders. The Windows systems folders that are protected by default are: c:\Users\<username>\Documents c:\Users\Public\Documents c:\Users\<username>\Pictures c:\Users\Public\Pictures c:\Users\Public\Videos c:\Users\<username>\Videos c:\Users\<username>\Music c:\Users\Public\Music c:\Users\<username>\Favorites https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide Edited May 25 by itman Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 25 Share Posted May 25 Hmm interesting.. I ran everything from desktop or downloads.. and no problem with kaspersky for example but with eset.... Quote Link to comment Share on other sites More sharing options...
itman 1,398 Posted May 25 Share Posted May 25 (edited) 6 hours ago, nexon said: Marcos - dont know... I dow loaded folder most popular samples of ransomware trojans etc. Check your Eset Detections log. Eset obviously detected the ransomware, or all your user directory folders would have been encrypted. Post the log entry associated with the ransomware detection. Edited May 25 by itman Quote Link to comment Share on other sites More sharing options...
TheStill 19 Posted May 26 Share Posted May 26 19 hours ago, nexon said: Expected? 🙂 One folder complete... Nothing is expected... Expected is that restore my files. What if i have one most important file and will encrypted? It is expected no problem? Every file encrypted is a big problem. If antivirus really working fine then none of the file will be not encrypted! For important files never rely on others to protect your only copy. That includes multi-billion dollar companies like Microsoft and Google. Keep multiple backups in multiple locations. Then when something like this happens you simply delete those corrupted files and restore them from a backup. This gets you back up and running in minutes and renders these ransomware attacks an inconvenience at most. LesRMed and peteyt 2 Quote Link to comment Share on other sites More sharing options...
nexon 7 Posted May 26 Share Posted May 26 Yes i know i have back up that is 1st priority of course. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.