aswath 0 Posted April 27, 2015 Posted April 27, 2015 Dear ESET, We have a situation where ESET Endpoint AV could detect a malware but failed to quarantine or remove the Win32/Filecoder.EM.Trojan. Based on ESET URL hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2372, There is no malware removal tools for Win32/Filecoder.EM.Trojan. We have run full scan and do the necessary to delete the infected machine with ESET Endpoint Antivirus however, the malware still unable to get clean. Please refer below image for your reference. For your information too we have been submitted the file for ESET analysis.The scan was done under IN-Depth scan profile yet ESET not able to removed it.Ive attached a file for you to view and hope it help you on your investigation. Hope you could comeback with good findings.Thanks,Aswath k
Administrators Marcos 5,408 Posted April 27, 2015 Administrators Posted April 27, 2015 I assume the detected files are instructions for obtaining a decoder that were detected. Unfortunately, the names of files are not visible in your screen shots. Also the fact that the files were not cleaned automatically suggests that you have cleaning mode set to "no cleaning". Please contact ESET as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141 and supply us with the output from ESET Log Collector (hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466).
Members Aria.HF 0 Posted June 21, 2015 Members Posted June 21, 2015 Dear Aswath, Use the latest product version(ESET Endpoint Antivirus 6) Maybe your issue will be resolved.
Administrators Marcos 5,408 Posted June 22, 2015 Administrators Posted June 22, 2015 Dear Aswath, Use the latest product version(ESET Endpoint Antivirus 6) Maybe your issue will be resolved. There's absolutely no difference between Endpoint v5 and Endpoint v6. Even if it was possible to decode encrypted files, a dedicated stand-alone decryptor would need to be used.
sdnian 6 Posted June 25, 2015 Posted June 25, 2015 Dear Aswath, Use the latest product version(ESET Endpoint Antivirus 6) Maybe your issue will be resolved. There's absolutely no difference between Endpoint v5 and Endpoint v6. Even if it was possible to decode encrypted files, a dedicated stand-alone decryptor would need to be used. If be infected by Win32/Filecoder, could ESET provide any solution to decode encrypted files ?
LocknetSSmith 6 Posted August 7, 2015 Posted August 7, 2015 (edited) In my experience there are only a small handful of companies who have built decryption tools. FoolishIT comes to mind, and Emsisoft. Their tools also only work on specific variants of FileCoder that were more or less programed very poorly, often leaving copies of the private decryption keys on the infected computer for example. Edited August 7, 2015 by LocknetSSmith
Administrators Marcos 5,408 Posted August 8, 2015 Administrators Posted August 8, 2015 In my experience there are only a small handful of companies who have built decryption tools. ESET too.
Recommended Posts