This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does anyone have more information about CXmail/EncDoc-B? Got hit by this but unable to find what the consequences or actions are

Hi All,

Reaching out to the community because I can't find any further info in Sophos' documentation. Have alerts for a machine hit with CXmail/EncDoc. Have deleted the infected doc but would like to know:

1. What does it do and could it have downloaded or spawned other malware, spawned process, stolen credentials, logged keystrokes etc etc. Need this both to check for evidence of other actions and to log it internally.

2. Having just deleted the infected file is that all the remediation I need to do? Have scanned the machine since removal and got a green light but this feels a bit lightweight in terms of ensuring the machine can be returned back into service.

All the best

Jon

This thread was automatically locked due to age.

0 Badrobot over 5 years ago

What application did you open or download the doc with and how did you open.

ONLY an Example-

i.e. if you download an attachment from outlook and open in word it is where you saved it, plus in the temp folders for word.

If you opened it through outlook via preview it would be in the temp folders for outlook.

There is a Sophos page here: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmail~EncDoc-B.aspx

Here: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmail~EncDoc-B/detailed-analysis.aspx

What I have been trying to figure out is. Does Sophos give malicious code their own Sophos approved name or is this something generic used everywhere, each time I search for them the only reference I find is Sophos which leans me towards their own naming.

Respectfully,

Badrobot
Cancel
Vote Up 0 Vote Down

Cancel