andhikautomo 0 Posted July 12, 2016 Share Posted July 12, 2016 Help Us, my computer treat virus .zepto file, how decrrypt file locked zepto. I Need Help Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 14, 2016 Administrators Share Posted July 14, 2016 Files with the .zepto extension were encrypted by Filecoder.Locky. With ESET Smart Security v8 / v9 or ESET Endpoint Security v6 installed and all protection features enabled, the chances of getting infected should be very slim. Link to comment Share on other sites More sharing options...
Bic12 0 Posted July 19, 2016 Share Posted July 19, 2016 We have Eset Nod32 ver 9 installed on our companies PC and two PC had zepto files in various directories. 344 files were switched to zepto in a two minute period on July 5. No indication from Nod32 that there was an issue. We can manually scan the zepto file and Eset finds nothing wrong. Shouldn't the fact that a file has a .zepto extension tip off the ant virus software that there is an issue? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted July 25, 2016 Administrators Share Posted July 25, 2016 Shouldn't the fact that a file has a .zepto extension tip off the ant virus software that there is an issue? Files with the .zepto extension are encrypted legitimate files and thus are not subject to detection. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted August 11, 2016 Share Posted August 11, 2016 We've just been hit with .zepto today and it's encrypted all our network drives. We'll have to restore from backup. turbis.exe looks like the suspect .exe but I'm currently struggling to get access to t, even with icacls or takeown. Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted August 11, 2016 Share Posted August 11, 2016 Yes, I've found the cause. The dropped .exe (turbis.exe) is currently detected by 2/52 at VirusTotal, and the offending email attachment (a .docm) is being detected by 12/52 at VirusTotal. ESET isn't detecting anything in either file. Jim Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted August 13, 2016 Administrators Share Posted August 13, 2016 Yes, I've found the cause. The dropped .exe (turbis.exe) is currently detected by 2/52 at VirusTotal, and the offending email attachment (a .docm) is being detected by 12/52 at VirusTotal. ESET isn't detecting anything in either file. Please pm me the links to VirusTotal scan results. Also you should know that: 1, VirusTotal does not say anything about whether a file is malicious or clean, functional or non-functional - it merely shows which vendor detects it and it rather helps users to find out if the file is suspicious enough to be temporarily renamed at least before re-scanning it at a later time. 2, VirusTotal does not say anything about whether a file is blocked by LiveGrid or other protection mechanisms. 3, It takes even several hours for VirusTotal to scan files with the latest signature database after it's been released. Link to comment Share on other sites More sharing options...
Jsansky 0 Posted August 24, 2016 Share Posted August 24, 2016 Yesterday a friend of mine had his Windows 10 laptop infected with Zepto. This thing is so nasty and I cannot open the files with any type of program. Then I read a post saying they were encrypted and it would take a lot of time even for powerful PCs to decode this. So I found a security forum (sensorstechforum) claiming data recovery software might help with at least some of the files if you havent reformatted Windows. What do you think? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted August 31, 2016 Administrators Share Posted August 31, 2016 Unfortunately no software tool can decode files encrypted by Filecoder.Locky. Link to comment Share on other sites More sharing options...
IT Alex 0 Posted September 11, 2016 Share Posted September 11, 2016 Can "Eset Antivirus" really block the virus "ZEPTO" before the distribution of this one ? Link to comment Share on other sites More sharing options...
Former ESET Employees EricJ 2 Posted September 13, 2016 Former ESET Employees Share Posted September 13, 2016 Hello IT Alex,Currently, if you're using the latest version of ESET Products and have settings configured at the recommended level (Live Grid, Advanced Memory Scanner, Advanced Heuristics on File Execution) then ESET will be extremely effective at blocking Filecoder-Ransomware type infections. To answer your specific question, we currently have multiple signatures for Filecoder variants that use the .zepto extension. However, keep in mind that new variants are released daily, which is why it is so important to use recommended settings and not unnecessarily disable recommended protections, such as Live Grid. Best,EricJ Link to comment Share on other sites More sharing options...
Recommended Posts