G+_Rud Dog Posted August 24, 2018 Share Posted August 24, 2018 Thank you Windows Defender for quarantining this and allowing me to track down the source on my Windows 8.1 PC. Link to comment Share on other sites More sharing options...
G+_Jeff Gros Posted August 25, 2018 Share Posted August 25, 2018 Wow. Look at the name of the exe. I assume you installed this. What is ConquerorLive and OSTotoSoft? Google says something about automatic "driver fixing"? Unless you think this is a false positive, you should probably uninstall and force delete the directory. Backing up your files would be a good idea too. Just in case the ransomware is still on the machine. Link to comment Share on other sites More sharing options...
G+_William L. DeRieux IV Posted August 25, 2018 Share Posted August 25, 2018 Apparently the infection route is through an infected Microsoft office (.doc) file or downloaded via a TrojanDownloader (rootkit, spam email, etc) Also, enabling "Controlled folder access" can also mitigate some of the damage caused by malware attempting to install itself into "protected" areas. microsoft.com - Win32/Locky threat description - Windows Defender Security Intelligence Link to comment Share on other sites More sharing options...
G+_Rud Dog Posted August 25, 2018 Author Share Posted August 25, 2018 There is no memory of downloading that file then again it could be born of a file I do remember but long since gone. The worry I have concerns any file for a contractor quote for any given project around the house. How well do they police their end of the system? Not sure what available security software would catch this type intrusion. My old software was from Norton and tried a few others. After listening to Leo's thoughts dropped the third-party scanners. So here I am full circle. Link to comment Share on other sites More sharing options...
G+_William L. DeRieux IV Posted August 25, 2018 Share Posted August 25, 2018 Rud Dog There is something that Leo Laporte and Steve Gibson were recently talking about....Virus Total https://support.virustotal.com/hc/en-us/articles/115002126889-How-it-works It's a good place to upload virus and malware samples, and have them scanned by over 70 antivirus programs. If you could have managed (or do so in the future) you could upload the sample to the site and it will show what virtually every AV scanner, in the industry, thinks about it. Moreover, the sample would become part of their publicly accessible database on malware samples (and the details about it would be available to the general public). -------- Security researchers find this useful because it allows them to track malware across different samples; they can use it to find variations on a malware-campaign and, just, otherwise keep tabs on them. Link to comment Share on other sites More sharing options...
G+_Rud Dog Posted August 25, 2018 Author Share Posted August 25, 2018 William L. DeRieux IV Thank you. This was suggested by one of the members of KH community and I bookmarked it in my bookmark bar. Unfortunately while opening my mail I don't think to run these through the "Virustotal" site. It is a habit I do use when checking out web sites and suggested downloads. Now I need to get more regimented into using it when saving attachments to my emails. thank you again. Link to comment Share on other sites More sharing options...
Recommended Posts