Can not detect and block some ransomware sample
-
Reproduction steps:
This problem is more serious, there are questions about SW defense ransomware
Virus sample download address 1 (normal version): https://cloud.qainfo.ru/s/SshTyjY2pPikmjZ
Virus sample download address 2 (using VMP): https://cloud.qainfo.ru/s/M3mNmNTJ5aVZcvu
Double-click the sample as shown in this image (https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K)
Actual result:
Defense failure
Expected Result:
Defense success
There are still some words that I want to say to the development team:This is no accident. When the ransomware modifies the original files without deleting them, Kaspersky’s defenses are ineffective. I have discovered this problem more than once. I thought I uploaded them to the anti-virus department. I will pay attention to it, but the result is very disappointing. They just learn my sample machine and not solve the problem of SW.
-
hello!
If there are no files on desktop to encode - nothing happens, KIS don't detect anything
If there are any file to encode - KIS detect and delete ransomware, when timer gets 0@jarvis said in Kaspersky System Watcher Defect:
hello! If there are no files on desktop to encode - nothing happens, KIS don't detect anything If there are any file to encode - KIS detect and delete ransomware, when timer gets 0
Hello, the timer time is 30 seconds, I just tested it, Kaspersky still miss (at this time, Kaspersky virus database is already the latest version), jpg images stored on the desktop can not turn on.If you can't reproduce it, please try the Chinese version of Kaspersky.
-
The sample is from here if I don't guess incorrectly.
This sample is very intersting.Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me. -
The sample is from here if I don't guess incorrectly.
This sample is very intersting.@ wesly-zhang在卡巴斯基系统观察者缺陷中说:
如果我没猜错,样本就是从这里来的。
这个样本非常有趣。这个样本是温馨小屋那个会员测试以后PM我的,卡巴检测不出来,但我不清楚为啥他们这边可以检测出来
我已经在上传一段视频到G云盘,你方便看的话也看一下 -
hello!
If there are no files on desktop to encode - nothing happens, KIS don't detect anything
If there are any file to encode - KIS detect and delete ransomware, when timer gets 0@jarvis said in Kaspersky System Watcher Defect:
hello! If there are no files on desktop to encode - nothing happens, KIS don't detect anything If there are any file to encode - KIS detect and delete ransomware, when timer gets 0
Hello, I recorded a video, please take a look: https://drive.google.com/file/d/1G7RS4q3AsX5derEhSPvFd5pyJlGGljVB/view?usp=sharing
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login© 2026 АО «Лаборатория Касперского»