Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

Stay out of it, anti-virus

Read: 158 Comments: 2 Rating: 6

Today we are going to skip our intro and get straight to the point:

Hello, We received an email with the file "18.06.18.Gz" attached to it. We opened it. It turned out to be a Trojan. The hard drive is split into two partitions. On the C drive, many files and folders are highlighted in blue, but nothing like that happened to the data on the D partition.

From a request submitted to the Doctor Web support service

The situation is clear as day: a malicious attachment arrived, got extracted, and an unknown Trojan managed to activate itself in the system (the request doesn't explicitly state that it was launched, right?).

However an analysis of the anti-virus log (the log file can be found in %userprofile%\desktop\drweb.log) revealed a completely different picture. First, the installed anti-virus already had the definition of the encryption ransomware in question.

But the most unusual thing is how the Trojan managed to launch itself:

threat: DPH:Trojan.Encoder.9 ==> send user blocked alertThe user is trying to launch the program; and the anti-virus detects the Trojan and displays a corresponding notification.
threat: DPH:Trojan.Encoder.9 ==> send user blocked alertAnother launch attempt!

A few more attempts to launch the Trojan followed until the user decided that since the anti-virus wouldn't let them start the program, they would be better off disabling it.

We have to deal with over a dozen incidents like this every day!

#anti-virus #Trojan #security

Dr.Web recommends

  1. Protect the settings of your desktop anti-virus with a password—this will prevent other users from disabling it.
  2. If the anti-virus is managed remotely over a control center, never grant users permission to disable the application.

    #drweb

  3. Block access to files and folders that users aren't supposed to use under their accounts (the accounts under which a Trojan could potentially be launched).

    #drweb

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments