Folders Made By The Bait Layer In Padvish Anti-crypto

Question

  1. There are some hidden folders with strange names (tMrWGzNUI.jpg etc.) on my system desktop and I am unable to remove them. Has my system been infected?
  2. What are!!AntiCrypto!! Or!!ACPadvishAV!! And why they were created?
  3. Has my system been infected with Ransomware?

Basic explanation

No, these folders are not Ransomware and your system is not infected. Ransomware is a kind of malware that encrypted your data and demands money to return them.

But the folder you have visited is related to the Padvish anti-crypto component, which must prevent the system from being infected with known and unknown Ransomware. This component is a very unique feature of Padvish that no other foreign anti-viruses extended a component like it. In a way, the Padvish anti-crypto has obtained the full real-world Ransomware detection certificate from the AV-Test institution in Germany.

Specifically, these folders and their files are baits that Padvish anti-crypto spread to detect Ransomware. So, do not worry and leave these files be.

Technical explanation

The anti-crypto component has four protection layers which – in addition to other current mechanisms and technologies in anti-virus- specifically protect your system and data against Ransomware. The fourth and last added layer to anti-crypto is the baiting layer which all folders are about.

But for a better understanding, first, you need to know about anti-crypto protection layers:

  1. Tamper protection layer: this layer detect Ransomware behavior. This detection is completely behavioral and needs no daily updates.
    The early versions of Padvish anti-crypto had only this layer and it is the same layer that detects the Wannacry virus from the first instance and as a default with no need to be updated in the past year, while this virus infected all the world and anti-viruses had to provide updates to detect it.
  2. DataCop layer: this layer backs up your whole data twice a day. These backups are created with Snapshot technology and produced in a few seconds and use only a few megabytes of storage space.
    The secret of this technology is that it is not copied to back up your data, but creates a snapshot on the same hard drive, and from now on the file changes are stored elsewhere. As a result, the backup takes no time and their volume is only as long as your daily changes. Also, DataCop protects the deletion of these backups against methods and software attacks. This layer can work as a handy backup, and also, protect the system against Ransomware. For instance, if you accidentally deleted or rewrite a file, it is recoverable by this method. (Read about DataCop backup recovery here)
    DataCop backup cannot replace a full backing-up mechanism. To be secure from any type of software/hardware problems, you need to back up your important data to a separate disk. But also, these easy, fast, and compact backups are so useful in their place.
  3. MBR protection layer: this layer has been designed for specific Ransomware such as Petya that infects MBR Disk and encrypts the disk when the system resets before booting Windows. This layer blocks these kinds of Ransomware.
  4. Baiting-Protection layer: this layer detects Ransomware when accessing these bait files/folders by creating bait files in different parts of the disk. Before the introduction of this layer in Padvish anti-crypto, some Ransomware still renamed user files even though they could not encrypt files due to previous layers and the contents of the files remained intact. In this protection layer, these kinds of incidents will be prevented.

As you can see, these layers perform in a way that if Ransomware trespasses each layer, will be detected and blocked in other layers. And this is what made Padvish anti-crypto unique.

In the version of the 2.4 series, Padvish complete security and Padvish anti-crypto series 1.5 the name of this folder was!!AntiCrypto!! Or!!ACPadvishAV!! In the latest series of Padvish anti-virus and anti-crypto, these names produce randomly so the Ransomware authors are unable to identify these baiting files by names. Meanwhile, in these versions, you can turn off this protection layer and remove these folders by disabling the bait option in anti-crypto settings.

Note: in the organization installation of Padvish, the network manager can choose a constant name for these folders from the Padvish management console, if needed.
Important: if you face a Ransomware attack, call the Padvish support team before you do anything.

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>