Author Topic: LockyDownloader (Read 3145 times)

REDACTED · « **on:** January 12, 2017, 06:08:49 PM »

I have a new iMac and today, just turned on for the first time, I installed avast, the problem arises because scanning my email client detects js files (which I use for work, I'm a web developer) who had me sent, in fact, for the websites. The problem is that until recently, on my old iMac, always with Avast and with the same email client, has never given any indication.

I'm scared but at the same time confused, can you help?

PS. The file is moved to quarantine but only in the history of email scans. The pop-up I only say "locked infection".

Thanks for ur help.

tumic · « **Reply #1 on:** January 13, 2017, 10:19:45 AM »

The mail shield never puts files to the chest (quarantine), it simply does not "download" them
from the mail server. So they are still in your mailbox on the server, but not on your Mac.

The reason, why you get the popups now and did not get them before will be simply new definitions
in the VPS. It may also be a false positive, try using virustotal on the file to get more info.

REDACTED · « **Reply #2 on:** January 13, 2017, 10:48:23 AM »

Thanks for ur reply.

I tried now to download from the server via browser, one of the indicted zip file.
I analyzed with Avast and did not find anything. I analyzed Virus total and did not find anything.
I tried then to send it by mail to another box and open the mail client, at the time of downloading mail reported the infection blocked with popup.

It seems to me, therefore, not a false positive, but rather a global analysis that blocks all .js files inside a zip archive. Virus or less.

The question is annoying though, because doing the work as a dev I get very often of such files, how could I do?

Thanks so much!

tumic · « **Reply #3 on:** January 13, 2017, 11:09:21 AM »

Can you please post here the JS file as an attachement, or send it to my mail (available in my profile) so we can analyze the file?
Thanks.

REDACTED · « **Reply #4 on:** January 13, 2017, 11:55:10 AM »

I can't because this file/archive is a work project with confidential information.

But Avast tells me not only a file, tells me all the zip files containing a js, I have to e-mail.

Eddy · « **Reply #5 on:** January 13, 2017, 12:00:27 PM »

Send it by mail, that way no others then tumic can see it.

REDACTED · « **Reply #6 on:** January 13, 2017, 12:37:59 PM »

I cant'see the email.

Can u write me in private message?

Thanks.

Sorry for my bad english.

Eddy · « **Reply #7 on:** January 13, 2017, 12:40:54 PM »

https://forum.avast.com/index.php?action=profile;u=216362

Click on the envelope

Author Topic: LockyDownloader (Read 3145 times)

REDACTED

LockyDownloader

tumic

Re: LockyDownloader

REDACTED

Re: LockyDownloader

tumic

Re: LockyDownloader

REDACTED

Re: LockyDownloader

Eddy

Re: LockyDownloader

REDACTED

Re: LockyDownloader

Eddy

Re: LockyDownloader