Your questions answered
A few days ago, I spotted a couple of strange-looking folders on my data drive: Tprogram136 and Oapplication5. An internet search revealed nothing, so I tried deleting one of the files only for Cybereason RansomFree to pop up and claim it had blocked an attempt to lock my computer. I selected the option to remove the ransomware, but then another file popped up in its place: Tfiles37. Inside these are seemingly random files with various formats. Where are they coming from? JOHN BUCHANAN
After some extensive research and further scans using John’s other tools – Avast FREE, EEK and Malwarebytes – we suddenly had our eureka moment! The folders in question – hidden by default – are created by Cybereason RansomFree as bait. It monitors these folders and, if it notices attempts to delete or modify the files, it leaps into action.
This so-called ‘heuristic’ detection means the application works solely by looking for certain types of suspicious behaviour associated with ransomware rather than relying on definition updates to spot potential infections. It can be effective, but is rather blunt. Cybereason has discontinued the tool now, but as John knows what it’s doing, he can leave it in place if he wishes. Alternatively, he could try a free alternative such as Acronis Ransomware Protection ( www.acronis.com/en-gb/
personal/free-data-protection/), which works in a similar way but also offers 5GB of free online space where you can store particularly sensitive files out of any ransomware infection’s reach, even if breaches Acronis’s defences. NICK PEERS
THIS SO-CALLED ‘HEURISTIC’ DETECTION MEANS THE APPLICATION WORKS SOLELY BY LOOKING FOR CERTAIN TYPES OF SUSPICIOUS BEHAVIOUR ASSOCIATED WITH RANSOMWARE RATHER THAN RELYING ON DEFINITION UPDATES TO SPOT POTENTIAL INFECTIONS. IT CAN BE EFFECTIVE, BUT IS RATHER BLUNT.