-2

I am researching information regarding locker ransomware. I did a search for "Locker ransomware github". I clicked on the link in GitHub and found the link to view code and clicked that link and Symantec endpoint detected the file as Ransom.Locky.. two files as Ransom.Locky.

I have disconnected the WiFi and network. I am performing full scan using Symantec endpoint. There is no malware. Am I safe from ransom? Is there anything I need to investigate?

there is no malware service installed on my windows system. Last legitimate service was 1 day ago.

Is Symantec endpoint fully secure against ransomware? Locky ransomware does not spread right?

  • Does this answer your question? [Help! My home PC has been infected by a virus! What do I do now?](https://security.stackexchange.com/questions/138606/help-my-home-pc-has-been-infected-by-a-virus-what-do-i-do-now) – kelalaka Nov 28 '21 at 22:38

2 Answers2

3

You are probably fine.

Viewing code on Github really does just that: viewing the code. Not executing it. Your anti-virus program probably detected those source files in your browser cache and reacted to them before you might accidentally load those files into your IDE, compile them and execute the resulting binary.

By the way: If you want to research malware samples in a safe way, then you might want to look into virtualization. Examining the code in a virtual machine spun up for specifically that purpose is far less risky. Although I would still not do it on hardware which contains any important data, because I have seen some proofs-of-concept of malware able to break out of a virtualization container.

Philipp
  • 49,017
  • 8
  • 127
  • 158
2

As long as you did not run any files on your computer, you are safe...

Your AV probably saw the malicious source code and thought that the site is a virus...

ThePro501
  • 447
  • 1
  • 3
  • 10