March 17, 2017
Trojan.Encoder.10465 poses a threat to Windows computers. The Trojan is written in Delphi. The encoder appends the extension .crptxxx to the infected files and also saves to the disk a text file named HOW_TO_DECRYPT.txt, which contains the following content:
Warning!!! All your files are encrypted with AESalgorithm! For decrypt use this instructions: Download tor browser Run tor and go to: http://vejtqvliimdv66dh.onion Or you can use tor2web services http://vejtqvliimdv66dh.onion.to in log panel enter your id (CRPTksrjghkrkwkrjthkewVM) follow next instructions if server is down, try connect later locker version 3.0.0
The id parameter can assume various values on different infected computers.
If you have fallen victim to this malicious program, follow the recommendations below:
- do not remove any files from your computer or reinstall the operating system. It is also not recommended to use the infected computer until you get detailed instructions from Doctor Web’s technical support;
- if you have run an anti-virus scan, do not try to cure or remove the threats that were detected—our technical support specialists may need them during their search for a decryption key;
- try to remember as much about the circumstances of the infection as possible: this can involve receiving dubious email messages, downloading programs from the Web, or visiting websites;
- if you have the email message containing the attachment that infected your computer after you opened it, do not remove it—our specialists may need it to identify which version of the Trojan is involved.
Once again, we would like to point out that our free decryption service is only available to users who have purchased commercial licenses for Dr.Web products. Doctor Web cannot guarantee that all of your files will be decrypted successfully. However, our specialists will do their best to recover the encrypted data.
Tell us what you think
To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.