Jump to content

ESET ENDPOINT Anti Virus cant remove Win32/Filecoder.EM.Trojan


Recommended Posts

Dear ESET, 

We have a situation where ESET Endpoint AV could detect a malware but failed to quarantine or remove the Win32/Filecoder.EM.Trojan. 

 

Based on ESET URL hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2372, There is no malware removal tools for Win32/Filecoder.EM.Trojan. We have run full scan and do the necessary to delete the infected machine with ESET Endpoint Antivirus however, the malware still unable to get clean. Please refer below image for your reference. For your information too we have been submitted the file for ESET analysis.

The scan was done under IN-Depth scan profile yet ESET not able to removed it.

Ive attached a file for you to view and hope it help you on your investigation. Hope you could comeback with good findings.

Thanks,
Aswath k

post-6790-0-48596800-1430118351_thumb.png

post-6790-0-41928800-1430118580_thumb.png

Link to comment
Share on other sites

  • Administrators

I assume the detected files are instructions for obtaining a decoder that were detected. Unfortunately, the names of files are not visible in your screen shots. Also the fact that the files were not cleaned automatically suggests that you have cleaning mode set to "no cleaning".

 

Please contact ESET as per the instructions at hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141 and supply us with the output from ESET Log Collector (hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3466).

Link to comment
Share on other sites

  • 1 month later...
  • Administrators

Dear Aswath,

Use the latest product version(ESET Endpoint Antivirus 6)

Maybe your issue will be resolved.

 

There's absolutely no difference between Endpoint v5 and Endpoint v6. Even if it was possible to decode encrypted files, a dedicated stand-alone decryptor would need to be used.

Link to comment
Share on other sites

 

Dear Aswath,

Use the latest product version(ESET Endpoint Antivirus 6)

Maybe your issue will be resolved.

 

There's absolutely no difference between Endpoint v5 and Endpoint v6. Even if it was possible to decode encrypted files, a dedicated stand-alone decryptor would need to be used.

 

 

 

If be infected by Win32/Filecoder, could ESET provide any solution to decode encrypted files ?

Link to comment
Share on other sites

  • 1 month later...

In my experience there are only a small handful of companies who have built decryption tools.  FoolishIT comes to mind, and Emsisoft.  Their tools also only work on specific variants of FileCoder that were more or less programed very poorly, often leaving copies of the private decryption keys on the infected computer for example. 

Edited by LocknetSSmith
Link to comment
Share on other sites

  • Administrators

In my experience there are only a small handful of companies who have built decryption tools.

 

ESET too.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...