Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (24)
  • add to favourites
    Add to Bookmarks

Stay out of it, anti-virus

Read: 29334 Comments: 2 Rating: 9

Wednesday, June 27, 2018

Today we are going to skip our intro and get straight to the point:

Hello, We received an email with the file "18.06.18.Gz" attached to it. We opened it. It turned out to be a Trojan. The hard drive is split into two partitions. On the C drive, many files and folders are highlighted in blue, but nothing like that happened to the data on the D partition.

From a request submitted to the Doctor Web support service

The situation is clear as day: a malicious attachment arrived, got extracted, and an unknown Trojan managed to activate itself in the system (the request doesn't explicitly state that it was launched, right?).

However an analysis of the anti-virus log (the log file can be found in %userprofile%\desktop\drweb.log) revealed a completely different picture. First, the installed anti-virus already had the definition of the encryption ransomware in question.

But the most unusual thing is how the Trojan managed to launch itself:

threat: DPH:Trojan.Encoder.9 ==> send user blocked alertThe user is trying to launch the program; and the anti-virus detects the Trojan and displays a corresponding notification.
threat: DPH:Trojan.Encoder.9 ==> send user blocked alertAnother launch attempt!

A few more attempts to launch the Trojan followed until the user decided that since the anti-virus wouldn't let them start the program, they would be better off disabling it.

We have to deal with over a dozen incidents like this every day!

#anti-virus #Trojan #security

The Anti-virus Times recommends

  1. Protect the settings of your desktop anti-virus with a password—this will prevent other users from disabling it.
  2. If the anti-virus is managed remotely over a control center, never grant users permission to disable the application.

    #drweb

  3. Block access to files and folders that users aren't supposed to use under their accounts (the accounts under which a Trojan could potentially be launched).

    #drweb

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments