Jump to content

Thank you Windows Defender for quarantining this and allowing me to track down the source on my W...

G+_Rud Dog

By G+_Rud Dog,
in Know How

 Share

Recommended Posts

G+_Jeff Gros Newbie

G+_Jeff Gros

Posted
Posted

Wow. Look at the name of the exe.

 

I assume you installed this. What is ConquerorLive and OSTotoSoft? Google says something about automatic "driver fixing"?

 

Unless you think this is a false positive, you should probably uninstall and force delete the directory.

 

Backing up your files would be a good idea too. Just in case the ransomware is still on the machine.

Link to comment
Share on other sites
G+_William L. DeRieux IV Newbie

G+_William L. DeRieux IV

Posted
Posted

Apparently the infection route is through an infected Microsoft office (.doc) file or downloaded via a TrojanDownloader (rootkit, spam email, etc)

 

Also, enabling "Controlled folder access" can also mitigate some of the damage caused by malware attempting to install itself into "protected" areas.

 

microsoft.com - Win32/Locky threat description - Windows Defender Security Intelligence

Link to comment
Share on other sites
G+_Rud Dog Newbie

G+_Rud Dog

Posted
  • Author
Posted

There is no memory of downloading that file then again it could be born of a file I do remember but long since gone.

The worry I have concerns any file for a contractor quote for any given project around the house. How well do they police their end of the system?

Not sure what available security software would catch this type intrusion. My old software was from Norton and tried a few others. After listening to Leo's thoughts dropped the third-party scanners.

So here I am full circle.

Link to comment
Share on other sites
G+_William L. DeRieux IV Newbie

G+_William L. DeRieux IV

Posted
Posted

Rud Dog

There is something that Leo Laporte and Steve Gibson were recently talking about....Virus Total

 

https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works

 

It's a good place to upload virus and malware samples, and have them scanned by over 70 antivirus programs.

 

If you could have managed (or do so in the future) you could upload the sample to the site and it will show what virtually every AV scanner, in the industry, thinks about it.

 

Moreover, the sample would become part of their publicly accessible database on malware samples (and the details about it would be available to the general public).

--------

Security researchers find this useful because it allows them to track malware across different samples; they can use it to find variations on a malware-campaign and, just, otherwise keep tabs on them.

Link to comment
Share on other sites
G+_Rud Dog Newbie

G+_Rud Dog

Posted
  • Author
Posted

William L. DeRieux IV Thank you. This was suggested by one of the members of KH community and I bookmarked it in my bookmark bar.

Unfortunately while opening my mail I don't think to run these through the "Virustotal" site. It is a habit I do use when checking out web sites and suggested downloads. Now I need to get more regimented into using it when saving attachments to my emails. thank you again.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...