Recommended Posts

3 hours ago, justaquestion said:

Win32/Packed.VMProtect.ABO

Detection names are useless, they are for classification only.  I need to know what specifically was detected and the full path of the detection.

Share this post


Link to post
Share on other sites

this is before zipping the file https://www.virustotal.com/gui/file/05e869d70d290d7d45ff3bd2a6a16cff3450d902aa7a697ddade33ee9207d230/detection

this is the threat eset detect it and delete it https://www.virustotal.com/gui/file/01d884594c3a03ad87e6bf2bdddedf3ecefe8a2d8adcb0bb762b20a57c4d2212/detection

this is the activator https://www.virustotal.com/gui/file/52b455921757d2d1ab1ffec069a07a58cfc18adcd5ec874bf25be04fb79ca049/detection

this is a file called code generator https://www.virustotal.com/gui/file/f21006977e161b4ded274bfb603b9ed93e0b55e4e8c16a5e630c640d5a7c2241/detection

 

eset log for this specific event 

 

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
3/12/2020 7:58:16 AM;Real-time file system protection;file;C:\Users\X\Downloads\SW2018\SW2016_SP4.0_Full-SSQ\_SolidSQUAD_\_SolidSQUAD_\SolidWorksPDM\LicenseServer\sw_d.exe;a variant of Win32/Packed.VMProtect.ABO trojan;cleaned by deleting;DESKTOP-MOPFAPQ\X;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (207F71E6312956DB1CE7D5ACEE7E37E7E2800030).;8EE411AC7E1B098D515C5BE64FD04154086CB5E4;3/10/2020 2:19:15 AM

Share this post


Link to post
Share on other sites

Those are not false positives.  To date 100% of STOP/DJVU (New Variant) ransomware attacks have been as a result of software piracy.  We have strict anti-piracy policies here at Emsisoft.  If we see pirated software present, or suspect pirate software is in use no aid we be given.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.