Jump to content
SavantM

zepto bypasses antiransomware

Recommended Posts

additionally bypassed AVG business/malwarebytes with no detection upon full computer scan....

 

Share this post


Link to post
Share on other sites

Hello SavantM:

Even though a Zepto Ransomware variant may have escaped detection, it would still be informative to post the MBARW Beta logs along with an approximation of the local intrusion time, vector, and a sample of the malware.

Using the Windows built-in zip utility, please create the following 2, separate, zipped archives for MBARW developer team analysis:

1. Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
2. Create a separate .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the 2 zipped archives to your next reply.  Thank you for your beta testing contribution to the MBARW project and your valued feedback.

Edited by 1PW

Share this post


Link to post
Share on other sites

I have the same problem.  On August 26th at 11:27 AM Zepto apparently attacked my PC through google Chrome.  The funny thing is, I never saw any of the many messages it scattered on my PC called XX_HELP_instructions.html, where XX is some small number.  So far I've found 325 files on my C drive that it apparently has encrypted.  I was running the .416 beta version of MBARW as I hadn't heard of the newer update.  Does .484 version fix this hole?

At first I couldn't find the ProgramData folder, but later turned on "show hidden files" and saw an MBARW crash file dated August 31st.  I'm running Windows 10 with Chrome as my default browser (which stopped working entirely around that time requiring an uninstall, re-download, and re-install of Chrome before it would work again.)  So my problem is "Is the zepto virus still active on my PC and how do I remove it since it escaped MBARW detection?  I've attached zipped copies of the C:\ProgramData\Malwarebytes\Mawarebytes Anti-Ransomeware folder and the C:\ProgramData\Malwarebytes' Anti-Malware folder (which includes samples of the 36_HELP_instructions.html file and one encrypted .zepto file.

Malwarebytes Anti-Ransomware.zip

Malwarebytes' Anti-Malware.zip

Share this post


Link to post
Share on other sites

Hello @Williev47 and :welcome:

It is disappointing to read your Consumer Beta testing system is having MBARW Beta issues but each computer is unique.  Problems that seem "the same" frequently are not.  The same is true for solutions.  Solutions may often need to be individualized for your unique testing system.

It is less confusing for everyone if a "One Member Per Topic" policy is adhered to instead of posting to the topic of another member.  Development Team Members, Staffers, and Helpers will be able to more easily provide both you and the OP/Topic Starter, with individualized assistance.

Please start a NEW, and SEPARATE topic by left-clicking this >>Start New Topic<< link now.

Thank you always for your patience and understanding.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.