Wilders Security Forums  

Go Back   Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET NOD32 Antivirus
Reload this Page XDocCrypt/Dorifel/Quervar
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old August 11th, 2012, 08:18 PM
FanJ FanJ is offline
Updates Team
  
Join Date: Feb 2002
Posts: 1,804
Default XDocCrypt/Dorifel/Quervar
Hi ESET,

Siljaline was so kind to post in the other thread a link to David Harley's ESET blog.

I see that ESET has also an article in the Threat Encyclopaedia with a removal tool called ESETQuervarCleaner.exe.

My question is: does this removal tool also fully decrypt and recover the by this malware encrypted Office files?
  #2  
Old August 11th, 2012, 08:28 PM
FanJ FanJ is offline
Updates Team
  
Join Date: Feb 2002
Posts: 1,804
Default Re: XDocCrypt/Dorifel/Quervar
PS for David Harley :

You wrote in the blog:
Quote:
Martijn Grooten, of Virus Bulletin, tells me that it has attracted the attention of telephone support scammers, who are using it to convince potential victims in the Netherlands that they need to let the scammer ‘clean’ or ‘protect’ their systems. For a price, as always…

Yes, the official Dutch "National Cyber Security Centrum" is warning for that in its Dutch article.
See the part following "UPDATE 10 AUGUSTUS 2012 14:45".
(note: it is in Dutch).
  #3  
Old August 13th, 2012, 12:24 AM
siljaline's Avatar
siljaline siljaline is offline
Security Expert
  
Join Date: Jun 2003
Location: Montréal, Canada
Posts: 4,138
Post Re: XDocCrypt/Dorifel/Quervar
It might be more prudent to pose your query directly to the Blog entry:
http://blog.eset.com/2012/08/11/dori...-secret-weapon, as David Harley does not support ESET via Wilders.

I have asked that the removal tool be included in the other stand-alone removal tools.
  #4  
Old August 13th, 2012, 03:28 AM
FanJ FanJ is offline
Updates Team
  
Join Date: Feb 2002
Posts: 1,804
Default Re: XDocCrypt/Dorifel/Quervar
Quote:
Originally Posted by siljaline
It might be more prudent to pose your query directly to the Blog entry:
http://blog.eset.com/2012/08/11/dori...-secret-weapon, as David Harley does not support ESET via Wilders.

I wasn't asking for support from David Harley here and it wasn't a query (as in: "query" meaning a "question"). It was meant as a tip or extra info: giving the link of the official site where that info is posted. That's all. But you're right, this might not be the right place. Anyway, up to Eset whether to inform David Harley about it or not.

Quote:
I have asked that the removal tool be included in the other stand-alone removal tools.

That seems fine to me.
I am only asking for a little bit more clarification about the Eset removal tool because I know that at another site, which I already mentioned in the other thread, there is (among other things) discussion about which AV products can detect and clean it and bring infected Office files back to their original status.
  #5  
Old August 20th, 2012, 12:42 AM
siljaline's Avatar
siljaline siljaline is offline
Security Expert
  
Join Date: Jun 2003
Location: Montréal, Canada
Posts: 4,138
Post Re: XDocCrypt/Dorifel/Quervar
Please see: this reply. Thanks to ESET for the updated removal tool.
 

Wilders Security Forums > Official ESET Support Forum > ESET Home Users Products Forum > ESET NOD32 Antivirus « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 07:24 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums