Where to report Malicious/Harming undetected Files?

ZeroX · 2024-10-17T04:34:56+00:00

There was an error rendering this rich post.

Good Evening/Day everyone,
I got a Malicious File, its some kind of Ransomware wich deletes allmost all User Files, Removes the Mouse, Restarts the System. It runs via Command Line and got Detected by Advanced Threat Defence i think, but it was not able to prevent it from rendering the Sytem Unusable. There was no Heuristic or Signature Detection trough Scanning the File.
Is there any way to Report Malicious Files?

Best Regards,
ZeroX

Find more posts tagged with

Report

malware

help

ransomware

Accepted answers

All comments

Gjoksi

Hello.

Only the anti-malware researchers at Bitdefender Labs can help you with the issue.

You should report the file(s) as false negative to Bitdefender Labs here:

https://www.bitdefender.com/consumer/support/answer/29358/

Regards.

Alexandru_BD

This sounds like a particularly destructive type of ransomware or maybe wiper malware..

Like Gjoksi advised, it's best to report it to the Bitdefender Labs for further analysis. But if it got detected by Advanced Threat Defense, I don't think it's a false negative. However, it's important to find out exactly what happened afterwards and if the antivirus was able to completely remove the threat or not. When Bitdefender finds an infection on your computer, it usually takes automatic action against it and gets rid of the malware without requiring any input on your side.

If infected files are still found on the system and haven’t been dealt with by the system scan, follow the steps from the below article to manually remove the infection. Use the scan log to find out the path to the infected file:

https://www.bitdefender.com/consumer/support/answer/2127/

Note: If Bitdefender still detects infected files that cannot be resolved, run a System scan and send the log to the Bitdefender Support Team via ticket. Check out this article to learn How to Scan a PC for viruses with Bitdefender & Export the scan Log. If you don’t have a ticket, please use the contact form available at this link:

https://www.bitdefender.com/consumer/support/help/

I hope this helps.

Regards,

Alex

Gjoksi

Hello again.

To add here, scan (and disinfect, if needed) your PC with Bitdefender Rescue Environment:
https://www.bitdefender.com/consumer/support/answer/29132/

and after the scan is done, restart your PC.

You should also try the Bitdefender Ransomware Recognition Tool:
https://www.bitdefender.com/blog/labs/bitdefender-ransomware-recognition-tool/
and see if you can get the appropriate decryption tool, if it exists.

Regards.

Flexx

You can also visit ID Ransomware website ( https://id-ransomware.malwarehunterteam.com/ ), which holds the largest collection of information to detect what ransomware your system is infected with and whether a decryptor is available for it or not.

Regards

Alexandru_BD

Thank you guys for jumping in and helping out! 😉👍️

ZeroX

Hello Guys,

So it seems like some of you didnt quite understand what i wrote there.
Firstly, i reported this as false Negative now because Bitdefender was NOT able to prevent it from destroying the System. Im doing Malware Analysis in my Freetime and found this File in the Any Run Sandbox. When launching it in my Virtual Machine it deleted many User Files (on Desktop etc) and probably downloaded another Malware (or its in the same Payload, idk) wich deleted the Mouse Curser. I think it also tries to instantly reboot the System after Executing but it could also open some kind of Ransom Screen and telling to pay. Im not sure anymore. But defenitely after Executing it Deletes User Files and after a System Reboot the Mouser Curser is gone. Theres no way of getting it back or resetting Windows other then trough BIOS or smth i guess. Funny thing is that Windows Defender detects this as Tojan Wacatac i think, and Bitdefender and Kaspersky dont do anything. Not even Behaviour Monitoring Module (Advanced Threat Defense/System Watcher) were able to stop it from Destroying the System.

Heres the Anyrun Sandbox Analysis for yall interested:
https://app.any.run/tasks/1deaf899-1405-47b7-a983-a8c12f5bd3bc
And heres the Virustotal Analysis:
https://www.virustotal.com/gui/file/08303d62f72e58e997e5caa20bf00c7d2ad37e9a14401cd6ac28def5a5a9231f

Best Regards;
ZeroX

Flexx

https://community.bitdefender.com/en/discussion/comment/345165#Comment_345165

As per the VirusTotal link, I don’t see any well-known vendors like Bitdefender, Kaspersky, ESET, Avast/AVG, Norton/Symantec, or TrendMicro detecting the file as malicious, apart from Avira, so I guess the file may not be malicious. Additionally, Malwarebytes detects the file as suspicious, but it’s not a signature-based detection created by malware researchers. That being said, @Alexandru_BD can share the hash and VirusTotal link, along with your testing technique, with the malware research team to have it checked.

Regards

Alexandru_BD

Hello,

Quick update here, I've shared the hash with the security researchers and they confirmed the file is malicious and detection will be available soon.

@ZeroX in regard to your device, do you think you could contact the Support teams and ask them for help to get the PC up and running again? I'll leave the link here:

https://www.bitdefender.com/consumer/support/help/

Just tell them what happened and that the file has been reported and detection will be added for it, and ask for their advice going forward. You can refer to this thread, ofc.
State your contact reason / choose request category, then choose from the available contact channels, chat, phone and email/ticket. Chat would be the fastest way to reach them.

Let us know how it goes and thank you for sharing your findings here.

Regards,

Alex

ZeroX

Hey @Alexandru_BD ,
I did this as part of my Malware Analysis in my Freetime in my Virtual Maschine, theres no System that needs to be recovered. ;)

Thanks for forwarding it to the Developement Team, if it wasnt Malicious then i wouldnt have reported it. ;)

Best Regards.

Alexandru_BD

Thank you very much @ZeroX 👍️