Help me for zepto file

[andhikautomo 0]

Help Us, my computer treat virus .zepto file, how decrrypt file locked zepto.
 
I Need Help

 

[Marcos 5,070]

Files with the .zepto extension were encrypted by Filecoder.Locky. With ESET Smart Security v8 / v9 or ESET Endpoint Security v6 installed and all protection features enabled, the chances of getting infected should be very slim.

[Bic12 0]

We have Eset Nod32 ver 9 installed on our companies PC and two PC had zepto files in various directories. 344 files were switched to zepto in a two minute period on July 5. No indication from Nod32 that there was an issue. We can manually scan the zepto file and Eset finds nothing wrong. Shouldn't the fact that a file has a .zepto extension tip off the ant virus software that there is an issue?

[Marcos 5,070]

Shouldn't the fact that a file has a .zepto extension tip off the ant virus software that there is an issue?

 

Files with the .zepto extension are encrypted legitimate files and thus are not subject to detection.

[jimwillsher 65]

We've just been hit with .zepto today and it's encrypted all our network drives. We'll have to restore from backup.

 

turbis.exe looks like the suspect .exe but I'm currently struggling to get access to t, even with icacls or takeown.

[jimwillsher 65]

Yes, I've found the cause. The dropped .exe (turbis.exe) is currently detected by 2/52 at VirusTotal, and the offending email attachment (a .docm) is being detected by 12/52 at VirusTotal. ESET isn't detecting anything in either file.

 

 

 

Jim

[Marcos 5,070]

Yes, I've found the cause. The dropped .exe (turbis.exe) is currently detected by 2/52 at VirusTotal, and the offending email attachment (a .docm) is being detected by 12/52 at VirusTotal. ESET isn't detecting anything in either file.

 

Please pm me the links to VirusTotal scan results. Also you should know that:

1, VirusTotal does not say anything about whether a file is malicious or clean, functional or non-functional - it merely shows which vendor detects it and it rather helps users to find out if the file is suspicious enough to be temporarily renamed at least before re-scanning it at a later time.

2, VirusTotal does not say anything about whether a file is blocked by LiveGrid or other protection mechanisms.

3, It takes even several hours for VirusTotal to scan files with the latest signature database after it's been released.

[Jsansky 0]

Yesterday a friend of mine had his Windows 10 laptop infected with Zepto. This thing is so nasty and I cannot open the files with any type of program. Then I read a post saying they were encrypted and it would take a lot of time even for powerful PCs to decode this. So I found a security forum (sensorstechforum) claiming data recovery software might help with at least some of the files if you havent reformatted Windows. What do you think?

[Marcos 5,070]

Unfortunately no software tool can decode files encrypted by Filecoder.Locky.

[IT Alex 0]

Can "Eset Antivirus" really block the virus "ZEPTO" before the distribution of this one ?

[EricJ 2]

Hello IT Alex,

Currently, if you're using the latest version of ESET Products and have settings configured at the recommended level (Live Grid, Advanced Memory Scanner, Advanced Heuristics on File Execution) then ESET will be extremely effective at blocking Filecoder-Ransomware type infections. 

To answer your specific question, we currently have multiple signatures for Filecoder variants that use the .zepto extension. However, keep in mind that new variants are released daily, which is why it is so important to use recommended settings and not unnecessarily disable recommended protections, such as Live Grid.

 

Best,

EricJ