Does ESET protect me from Filecoder (CryptoLocker) malware?KB Solution ID: SOLN3433|Last Revised: February 10, 2015
- Your ESET product detects a variant of the threat "Win32/Filecoder", for example, filecoder.cr
- Your ESET product detects the threat "Win32/Gpcode"
- Your ESET product detects the threat "Win32/TrojanDownload.Elenoocka.A."
- These threats are also known as "CryptoLocker", "Cryptowall", "Dirty decrypt", and "CTB locker"
ESET software can detect and block most variants of the Win32/Filecoder malware.
Keep ESET updated
- How do I know ESET Smart Security/ESET NOD32 Antivirus is updating correctly?
New versions of this malware are released frequently, so it is important that you are receiving regular virus database updates (your ESET product will check for updates every hour provided that you have a valid license and a working internet connection) and take precautions to ensure that your computer is not vulnerable to this infection.
- Which ESET product do I have and is it the latest version?
Use the most recent version of your ESET product available and stay up-to-date.
Keep Remote Desktop Protocol disabled
Filecoder malware often accesses target machines using Remote Desktop Protocol (RDP), a Windows utility that allows others to access your desktop remotely. If you do not require the use of RDP, you can disable RDP to protect your machine from Filecoder and other RDP exploits. For instructions to do so, visit the appropriate Microsoft Knowledge Base article below:
Keep Advanced Memory Scanner and Exploit Blocker enabled
These newly designed ESET algorithms strengthen protection against malware that has been designed to evade detection by antimalware products through the use of obfuscation and/or encryption.
Keep ESET Live Grid enabled
In some cases, your ESET product with ESET Live Grid enabled may respond faster to new threats than virus signature database update.
Minimize the risk of malware attack
Do not disable User Account Control (UAC). Do not open suspicious attachments purporting to be a fax, invoice, receipt, which have a suspicious name or you did not expect them at all.
To learn more about how you can protect your system from this malware, we recommend that you read the following ESET blog posts:
- CTB-Locker: Multilingual Malware Demands Ransom
- Cryptolocker 2.0 – new version, or copycat?
- 11 things you can do to protect against ransomware, including Cryptolocker
- Filecoder: Holding your data to ransom
- Don’t pay up! How to avoid ransomware threats – and how to fight back
- Remote Desktop (RDP) Hacking 101: I can see your desktop from here!