Jump to content

Probably infected by ransomeware


Recommended Posts

hello,

we have infected file from our customer. probably infected by ransomeware, all file extention change to .zzz

this pc already formatted, so we can investigate more. They use eset endpoint security.

can eset recover these files?

plese help us.

thank you.

Link to comment
Share on other sites

Marcos unfortunately to my knowledge no ESET product has the ability to restore the damage done by malware.  What I would suggest they do is if they use ESET SysInspector see what has changed on the system and remove the malware that way.  If they don't try running a full system scan with ESET that should catch the infection and remove it.  Then from there if they have backups of the machines, assuming it is a network because the customer is using Endpoint Security, restore the backups. If they don't they can try restoring the extensions for all their saved files one-by-one and delete and reinstalling all their infected software.

 

Hope this helps!

Link to comment
Share on other sites

  • Administrators

Marcos unfortunately to my knowledge no ESET product has the ability to restore the damage done by malware.

 

That's true when speaking about files encrypted by Filecoders. Firstly, it's not always possible to decrypt files and it basically depends on the variant of Filecoder which encrypted the files. Secondly, decryption tools are made ad-hoc for a specific computer; it's impossible to include it in the products so that it could generally work for everybody.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...