I got a virus on my computer. Why didn't my antivirus software block it? Why am I paying for protection and it didn't work?

  • 1
  • Problem
  • Updated 3 months ago
  • In Progress
I got a virus on my computer. It may have been a ransom ware virus. Why didn't my antivirus software block it? Why am I paying for protection and it didn't work?
Photo of gary.steagall

gary.steagall

  • 70 Points

Posted 4 months ago

  • 1
Photo of TM_Neo

TM_Neo, Employee

  • 1,158 Points 1k badge 2x thumb
Hi gary.steagall and welcome to the Trend Micro Community!

Sorry to hear that you're encountering this issue.

There are many reason why your computer may got a virus even though you have a Trend Micro Security.

One common reason is that your Trend Micro Security is outdated.

Upon checking your records here, I found out  that your subscription was purchased from Best Buy.

Please contact our support so that your call can be escalated to one of our L2 engineers where they can assist you further with regards to your concern.

We will be waiting for your call. Have a nice day!

Trend Micro Home Users Community
(Edited)
Photo of techsupport

techsupport

  • 110 Points 100 badge 2x thumb
unfortunately the infected computer has no AV installed on it, we were running network back up on other Pc's on same network, also these backups has been infected.
i need your assistance to decrypt these data files
Photo of TM_Neo

TM_Neo, Employee

  • 1,158 Points 1k badge 2x thumb
Hi techsupport, and thank you for your prompt reply.

My apologies for the inconvenience but currently, our Trend Micro Ransomware File Decryptor cannot decrypt this new ransomware variant.

This could be prevented if you had installed the Trend Micro Security and setup the Folder Shield feature.

Should you encounter similar cases in the future, you can try to use the Trend Micro Ransomware File Decryptor on decrypting files for supported ransomware variants.

Should you have further inquiries or concerns, feel free to post on the community.

I hope everything will work well.

Trend Micro Home Users Community
Photo of Max Slo

Max Slo, Champion

  • 7,620 Points 5k badge 2x thumb
-I'm not a Trend Micro representative, but I like to give you some suggestion-

Neo Hi,

please a clarification. 

I tested TM injecting several kind of ransomwares using a test PC.
Application blocked them (all of them) in a very easy way. 

So, it seems to be well protected, Folder Shield or not. 
Is Folder Shield an 'highest level' on ransomwares protection, or it is why I can block other kind of data thieft attempts? 

No ransomwares was able to infect Test PC using Antivirus+ default settings (Fodler Shield disabled).

I understand that Folder Shield is a protection in case of other kind of related security issue, e.g. file modification attempts, open by unclassified softwares etc...
(Edited)
Photo of TM_Neo

TM_Neo, Employee

  • 1,158 Points 1k badge 2x thumb
Hi Max Slo,
I tested TM injecting several kind of ransomwares using a test PC.
Application blocked them (all of them) in a very easy way. 
So, it seems to be well protected, Folder Shield or not. 
That is correct.

Your computer will be protected by Trend Micro Security from ransomware regardless if the Folder Shield is disabled or enabled.

The Folder Shield feature aims to only allow programs present in whitelist access all files inside a shielded folder.

For whitelist exception, there are some bad programs that could use good programs to do suspicious and malicious actions, in our current detection flow, this behavior would not be detected because good program such as Powershell.exe is in the Whitelist. To resolve this problem, we have put in place a whitelist exception list.

Should you have further inquiries or concerns, feel free to post on the community.

Have a great day!

Trend Micro Home Users Community
Photo of Max Slo

Max Slo, Champion

  • 7,620 Points 5k badge 2x thumb
TNX Neo. u.u
Photo of techsupport

techsupport

  • 110 Points 100 badge 2x thumb
Photo of TM_Ian

TM_Ian, Employee

  • 5,172 Points 5k badge 2x thumb
Hi @techsupport,

You may use our tool to try to decrypt the infected files on your PC but please know that there are no guarantee that the tool will be able to decrypt all the infected files specially when the ransomware is a new variant and not yet supported by the tool. You may access it on this page:

Downloading and Using the Trend Micro Ransomware File Decryptor

Thank you and have a great day!

Trend Micro Home Users Community
Photo of techsupport

techsupport

  • 110 Points 100 badge 2x thumb
Dear TM_Ian,
kindly note that we tried Trend Micro Rasnsomware file decryptor but it didn't help as the ransom infected our PC has new extension .HRM which not listed in the list of ransom supported by decryptor.
has anyone else reported same case, is it possible to send you copy of infected file to have look at it to help us decrypting our data files.

Best Regards
Hassan 
Photo of techsupport

techsupport

  • 110 Points 100 badge 2x thumb
Can we have update on above please, it's really critical and we need solution to decrypt the data
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 19,912 Points 10k badge 2x thumb
Hi techsupport

Welcome to TM Home users Community, a public site where volunteers try to help each-other , also there are TM Employees that can give answers, that is only at working hours. I am just a volunteer!

Maybe this can help:
http://malwarecomplaints.info/hrm-file-virus-ransomware/

Also the use of TM file decryptor is explains.

Hope this helps,

Kind regards,
Tom