Menu
Forums
New posts
News feed
Latest activity
Search forums
News
Security News
Technology News
Hardware News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
MalwareTips Giveaways
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blogs
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Forums
Software
Security Software
ESET
Eset LiveGrid needs tweaking
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="McMcbrad" data-source="post: 911184" data-attributes="member: 89360"><p>It wouldn't have worked on both samples, but file journaling with effective DBI would have been able to remediate the ransomware, which simply registers one service. DBI could've become suspicious when executable with no digital signature and no visible window is ran. It also adds hooks. At that point it could've started monitoring the changes and journaling the files. Deleting then dropping large number of files in a sequence is a clear indication of ransomware. It could then kill the process, delete the service registry key, delete the file and restore all files from the journal. This would've been the correct behaviour.</p></blockquote><p></p>
[QUOTE="McMcbrad, post: 911184, member: 89360"] It wouldn't have worked on both samples, but file journaling with effective DBI would have been able to remediate the ransomware, which simply registers one service. DBI could've become suspicious when executable with no digital signature and no visible window is ran. It also adds hooks. At that point it could've started monitoring the changes and journaling the files. Deleting then dropping large number of files in a sequence is a clear indication of ransomware. It could then kill the process, delete the service registry key, delete the file and restore all files from the journal. This would've been the correct behaviour. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
