Jump to content

How to enable scanning for a file with a specific name or hash


Rables
Go to solution Solved by itman,

Recommended Posts

Hi,

In my organization, someone found the virus "Payment_.exe" Eset did not remove this file and there was no detection about it and I need to enable scanning for this particular file by name. Unfortunately I don't know how to enable scanning for this particular file to search for it by name or by hash . Please help 

Link to comment
Share on other sites

  • Solution

You need to first locate where Payment_.exe file is stored on the Windows installation. The only way I know to do so is by using Win explorer to search your entire C:\* or Win installation drive. Once the file is located, you can use Eset Context scan option to scan the file.

Note that malware often will delete its malware payload file. As such, the file may no longer exist on the Win installation drive.

Link to comment
Share on other sites

13 hours ago, Marcos said:

A detection (MSIL/Kryptik.AKGE trojan) was added on November 28. Please provide logs collected with ESET Log Collector for perusal.

I can confirm this. I download a sample from a malware share web site date 12/21 and Eset real-time protection immediately detected it;

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
12/23/2023 2:46:37 PM;Real-time file system protection;file;C:\Users\xxxxxxx\Downloads\d9c3810761942c6191a8e2dfb22b2178d6970bf474a908a4af1bc80b3022a774.exe;a variant of MSIL/GenKryptik.GRLZ trojan;cleaned by deleting;xxxxxxxx;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (69DEB494A366940463D41383EB019F54F593B680).;C5434C31851555523D380591C3C7A3EC884278B8;12/23/2023 2:46:16 PM

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...