Jump to content

Win32/Filecoder.Trigona disable Endpoint/AV on Servers and make server attack.


Go to solution Solved by Marcos,

Recommended Posts

Posted

My server has been attacked by  Win32/Filecoder.Trigona. Before attack about 5 mins. Endpoint alert disabled. How virus can disable my AV?

  • Administrators
Posted

Please supply me with:
- logs collected with ESET Log Collector
- a couple of encrypted files (ideally Office documents)
- the ransomware note with payment instructions

  • Administrators
  • Solution
Posted

As long as a machine is managed by ESET PROTECT Cloud, administrators are presented with a wizard enabling them to set up password protection easily:

image.png

Posted

Thank you @Marcos. My server is shut down and isolated from my environment. I'm trying to turn it on but cannot run Eset Collect. 

 

I'm also enabling set up password protection.

 

Posted

Thank you information @itman. Very helpful. 

I'm also enabling set up password protection.

Posted

So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that? 

  • Administrators
Posted
59 minutes ago, denpin said:

So, @MarcosHow about Rootkit scanner by Eset? Which is tool can do that? 

ESET can detect active rootkits. You can also use Gmer to find suspicious processes that attempt to hide in the systems but it detects also legit applications just based on the behavior so you should interpret the results with a grain of salt.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...