Author Topic: LockyDownloader  (Read 2488 times)

0 Members and 1 Guest are viewing this topic.

Offline protasi.simone

  • Newbie
  • *
  • Posts: 4
LockyDownloader
« on: January 12, 2017, 06:08:49 PM »
I have a new iMac and today, just turned on for the first time, I installed avast, the problem arises because scanning my email client detects js files (which I use for work, I'm a web developer) who had me sent, in fact, for the websites. The problem is that until recently, on my old iMac, always with Avast and with the same email client, has never given any indication.

I'm scared but at the same time confused, can you help?

PS. The file is moved to quarantine but only in the history of email scans. The pop-up I only say "locked infection".

Thanks for ur help.

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: LockyDownloader
« Reply #1 on: January 13, 2017, 10:19:45 AM »
The mail shield never puts files to the chest (quarantine), it simply does not "download" them
from the mail server. So they are still in your mailbox on the server, but not on your Mac.

The reason, why you get the popups now and did not get them before will be simply new definitions
in the VPS. It may also be a false positive, try using virustotal on the file to get more info.

Offline protasi.simone

  • Newbie
  • *
  • Posts: 4
Re: LockyDownloader
« Reply #2 on: January 13, 2017, 10:48:23 AM »
Thanks for ur reply.

I tried now to download from the server via browser, one of the indicted zip file.
I analyzed with Avast and did not find anything. I analyzed Virus total and did not find anything.
I tried then to send it by mail to another box and open the mail client, at the time of downloading mail reported the infection blocked with popup.

It seems to me, therefore, not a false positive, but rather a global analysis that blocks all .js files inside a zip archive. Virus or less.

The question is annoying though, because doing the work as a dev I get very often of such files, how could I do?

Thanks so much!

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: LockyDownloader
« Reply #3 on: January 13, 2017, 11:09:21 AM »
Can you please post here the JS file as an attachement, or send it to my mail (available in my profile) so we can analyze the file?
Thanks.

Offline protasi.simone

  • Newbie
  • *
  • Posts: 4
Re: LockyDownloader
« Reply #4 on: January 13, 2017, 11:55:10 AM »
I can't because this file/archive is a work project with confidential information.

But Avast tells me not only a file, tells me all the zip files containing a js, I have to e-mail.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31333
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: LockyDownloader
« Reply #5 on: January 13, 2017, 12:00:27 PM »
Send it by mail, that way no others then tumic can see it.

Offline protasi.simone

  • Newbie
  • *
  • Posts: 4
Re: LockyDownloader
« Reply #6 on: January 13, 2017, 12:37:59 PM »
I cant'see the email.

Can u write me in private message?

Thanks.

Sorry for my bad english.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31333
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: LockyDownloader
« Reply #7 on: January 13, 2017, 12:40:54 PM »