I didn't test numerous antivirus, just two. Kaspersky Cloud Security and 360 Total Security Essentials.
 |
| Ransomware running in memory |
Kaspersky Cloud Security
- Quick Scan terminated and deleted the malware
360 Total Security Essentials
- Malware is detected and deleted as soon as 360 TSE is enabled.
Note: There are no changes created by Eris in the Startup folder nor in HKLM/HKCU\...\Run. I have to point this out because majority of removal instructions I've seen are just using templates without having an actual ransomware sample to work with. They give instructions to find entries (keys) made by the malware in the registry.
 |
| Startup entries while ransomware is active |
You can use any antivirus/antimalware as long as it's updated and can detect Eris.
No comments:
Post a Comment