Members
  • Total Members: 12813
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 867
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Need McAfee's official name for the Ransomware viruses  (Read 1931 times)

0 Members and 1 Guest are viewing this topic.

stonecoldtx

  • SCF Member
  • **
  • Posts: 14
  • KARMA: 3
  • Gender: Male
Hi, All--

Over the last couple of weeks, my PC has been hit by not one, but TWO "Ransomeware" viruses--the FBI Ransomware and the Department of Justice Ransomware, and for some reason, McAfee VirusScan 8.7i did not detect, nor clean them!!

Obviously, this is a concern, because up to this point, I have placed all my trust into this product, and in searching their Virus Information Labs site, I can find no mention of these viruses, so they must have a different name for them . . .

Does anybody happen to know what McAfee is calling this family of malware?

Thanks in advance!

Samker's Computer Forum - SCforum.info





jheysen

  • SCF Global Moderator
  • *****
  • Posts: 753
  • KARMA: 100
  • Gender: Male
Re: Need McAfee's official name for the Ransomware viruses
« Reply #1 on: 06. May 2013., 17:21:52 »
Maybe VSE got infected.. I don't particulary know the Avert name for these viruses, but maybe we can try to help you get rid of the infection.
An easy way to see differet names for a malware is to upload a sample to virustotal.
If you want help with the cleaning... we'll need HijackThis logs for starting, also some information about your system.

Regards,
J.

stonecoldtx

  • SCF Member
  • **
  • Posts: 14
  • KARMA: 3
  • Gender: Male
Re: Need McAfee's official name for the Ransomware viruses
« Reply #2 on: 06. May 2013., 19:46:54 »
Thanks, but I've already cleaned the machine--TWICE; it is just very disconcerting that these viruses are not being detected by VSE . . . not by the On Access scanner, nor by the On Demand Scan, even though other products *were* able to detect them when booted to Safe Mode, so it's not that VSE was infected--it just plain didn't detect the malware . . .

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 753
  • KARMA: 100
  • Gender: Male
Re: Need McAfee's official name for the Ransomware viruses
« Reply #3 on: 07. May 2013., 00:53:12 »
Do you know an Alternate name (from other vendors) of those malwares to search them in avert?
Weird thing.. I assume you are using latest Engine and DAT...
Maybe that detection relied on Artemis?

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Re: Need McAfee's official name for the Ransomware viruses
« Reply #4 on: 07. May 2013., 10:23:06 »
Her is a link that is McAfee view on Ransomware:
http://scforum.info/index.php/topic,8153.0.html

Also this article is nice to read regarding Ransomeware:
No Surprise—Ransomware On the Rise

And a couple of articles also regarding to Ransomware:
http://news.softpedia.com/newsTag/ransomware

So the main thing what I understand of McAfee's opinion of Ransomeware is that the Ransomware in it sela is not the Virus/Trojan it is just a carrier of a other payload that in fact is the Virus/Trojan that thay should detect.

Her is a link to McAfee Free tools: http://www.mcafee.com/us/downloads/free-tools/index.aspx

And If you have an infected computer that McAfee dose not detect the maleware use the Getsup tool.


GetSusp
McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) file reputation database to gather suspicious files.

GetSusp is recommended as a first tool of choice when analyzing a suspect computer. However, one must follow the existing McAfee support process for escalating suspicious files it finds.
http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx


You can also try to detect the infection with Spybot - Search & Destroys
http://www.safer-networking.org/
Just to see what you get for infection name. Offen you can use that name and google it to get the other antivirus toolkits name of the infection.
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

stonecoldtx

  • SCF Member
  • **
  • Posts: 14
  • KARMA: 3
  • Gender: Male
Re: Need McAfee's official name for the Ransomware viruses
« Reply #5 on: 07. May 2013., 13:46:23 »
Do you know an Alternate name (from other vendors) of those malwares to search them in avert?
Weird thing.. I assume you are using latest Engine and DAT...
Maybe that detection relied on Artemis?
Well, the name is different for each variant and each vendor, and so far I haven't seen an actual "official" virus name, such as how AVERT would classify it

Her is a link that is McAfee view on Ransomware:
http://scforum.info/index.php/topic,8153.0.html

Also this article is nice to read regarding Ransomeware:
No Surprise—Ransomware On the Rise

And a couple of articles also regarding to Ransomware:
http://news.softpedia.com/newsTag/ransomware

So the main thing what I understand of McAfee's opinion of Ransomeware is that the Ransomware in it sela is not the Virus/Trojan it is just a carrier of a other payload that in fact is the Virus/Trojan that thay should detect.

Her is a link to McAfee Free tools: http://www.mcafee.com/us/downloads/free-tools/index.aspx

And If you have an infected computer that McAfee dose not detect the maleware use the Getsup tool.


GetSusp
McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) file reputation database to gather suspicious files.

GetSusp is recommended as a first tool of choice when analyzing a suspect computer. However, one must follow the existing McAfee support process for escalating suspicious files it finds.
http://www.mcafee.com/us/downloads/free-tools/getsusp.aspx


You can also try to detect the infection with Spybot - Search & Destroys
http://www.safer-networking.org/
Just to see what you get for infection name. Offen you can use that name and google it to get the other antivirus toolkits name of the infection.

Thanks for the links to the articles; I actually have done quite a bit of reading up on this stuff since I was hit TWICE in the last week or so, and have a good idea of how to resolve the issue now . . . but this addtional information is good stuff!

It is quite an eye opener that McAfee doesn't consider this to be "malware"--WTF is the definitiion of malware anyway?  Something that does bad things to your computer, right? "Unwanted" programs, right? Things like lock it down so you can't do anything on it, right? 

Really McAfee?  This doesn't qualify as malware, and therefore "worthy" of detection? 

REALLY?!?!?

What's next, McAfee?  Something that does the exact same thing, but before it can be circumvented, it nukes the machine, and all data is lost?!?

These other tools should not be necessary for any version of ransomware--they should be considered malware, pure and simple, because what they do is "Unwanted" (as per the definition of malware) and should be detected just like any other malware!! 

Shame on you, McAfee!!

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising