macros 1 Posted August 6, 2015 Share Posted August 6, 2015 hello, we have infected file from our customer. probably infected by ransomeware, all file extention change to .zzz this pc already formatted, so we can investigate more. They use eset endpoint security. can eset recover these files? plese help us. thank you. Link to comment Share on other sites More sharing options...
Omrraer 0 Posted August 7, 2015 Share Posted August 7, 2015 Marcos unfortunately to my knowledge no ESET product has the ability to restore the damage done by malware. What I would suggest they do is if they use ESET SysInspector see what has changed on the system and remove the malware that way. If they don't try running a full system scan with ESET that should catch the infection and remove it. Then from there if they have backups of the machines, assuming it is a network because the customer is using Endpoint Security, restore the backups. If they don't they can try restoring the extensions for all their saved files one-by-one and delete and reinstalling all their infected software. Hope this helps! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 8, 2015 Administrators Share Posted August 8, 2015 Marcos unfortunately to my knowledge no ESET product has the ability to restore the damage done by malware. That's true when speaking about files encrypted by Filecoders. Firstly, it's not always possible to decrypt files and it basically depends on the variant of Filecoder which encrypted the files. Secondly, decryption tools are made ad-hoc for a specific computer; it's impossible to include it in the products so that it could generally work for everybody. Link to comment Share on other sites More sharing options...
Recommended Posts