cancel
Showing results for 
Search instead for 
Did you mean: 

Malware undetectable (Trojan GpCoder - ransomware)

hi,

Our client network was infected with a virus which is still undetctable by any of the major vendors. The characteristic are , all the excel, ,jpg, wmv and many more files get changed. Example, if a file is named Mcafee.xlsx, once the virus is infected, the name of the file changes to Mcafee.xlsx.EnciPhEdEd. The file also become unusable. We will have to use a thrid part utility to decrypt the file

Does any of u had the same issue or do we have any Extra dat. I have sent many samples to Mcafee support but no use. Mcafee Gold support is not good, they do not respond too.

Message was edited by: Hayton - modifying subject header to clarify which malware is involved - on 20/05/12 05:44:55 IST
10 Replies

Re: Malware undetectable

Also, this is a new variant of the virus W32.GPCOder.

Highlighted
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 11

Re: Malware undetectable

This is a known Trojan, decryption of the files should be relatively simple. I'll check that the method still works and will post again later.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: Malware undetectable

Moved to Corporate User Assistance just in case....

Re: Malware undetectable

Hello,

We have blocked the virus by creating the access protection rule. But we would want to get it detected by Mcafee.

Re: Malware undetectable

Hello Hayton,

I was able to decrypt the infected files using a thrird party utility. But till now am unable to detect the virus. Customer s expecting a extra dat from Mcafee so that virus can ve detected. I have run the GETSUSP toll but nothing spcific found.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 7 of 11

Re: Malware undetectable

I see you got tired of waiting and found the fix for yourself while I was away. I take it the "third party" was Dr Web?

McAfee lists 14 variants of "GpCoder" but gives no clue which of the 14 this one is. Presumably the Trojan is detectable, although if it is being repeatedly modified there is always a risk that a new version will not be detected. I would expect detection of this Trojan to be included in Stinger.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 8 of 11

Re: Malware undetectable

And this thread belongs in Top Threats, so I've moved it back there.

Re: Malware undetectable

The issue we are having is, we are unable to detect the virus, We have blocked it by creating a access protection rulw but we would need to have an extr dat from Mcafee so that the files are detected and cleaned.

SamSwift
Level 12
Report Inappropriate Content
Message 10 of 11

Re: Malware undetectable

Hi,

Can you please submit samples to us and also contact Support in order to have them escalated?

thanks,


Sam

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community