Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Trojan.Encoder habitat widens

April 19, 2012

The number of countries affected by the Trojan.Encoder.94, malware continues to grow. While at first computers compromised by the Trojans were mainly found in Russia and other CIS countries, systems located in several European countries came under threat on April 9-10. Now Doctor Web receives support requests from Latin America (Brazil and Argentina), as well as European countries such as France, Belgium, Switzerland, Netherlands, Croatia, Slovenia, Hungary and Romania.

This Trojan encoder version is the first one featuring the English interface and spreading widely outside Russia. First reports concerning Trojan.Encoder.94 from Western-European users were received on April 9-10 2012, mostly from Germany, Italy, Spain, England, Poland, Austria, Norway and Bulgaria.

The encoder searches for user's files, in particular, Microsoft Office documents, music, photos, images and archives on disks available in the infected system and then encrypts them. Once user files are encrypted , the Trojan displays a demand to pay 50 euros or pounds to criminals via Ukash or Paysafecard. Currently five English-language versions of the Trojan are known to Doctor Web. They differ only in the encryption keys but operate in a similar manner.

Recently, Doctor Web's technical support service has received requests related to Trojan.Encoder.94 from users living in Brazil, Argentina and other Latin American countries. The Trojan spread through Europe, including such countries as Croatia, Switzerland, Netherlands, Slovenia, Belgium, France, Hungary and Romania. Doctor Web's engineers managed to decrypt data for virtually all users' requests which indicates the high efficiency of technologies employed for this purpose.

The Slovenian branch of the Computer Emergency Response Team has been one of organizations that contacted Doctor Web to share encoder neutralization experience. Currently CERT has successfully joined the effort supported by technologies and information from Doctor Web to tackle the outbreak.

Doctor Web once again reminds users of the simple rules to follow if your computer has been infected with Trojan.Encoder.94:

  • Never attempt to solve the problem by reinstallling the operating system.
  • Do not delete any files from the heard drives.
  • Do not try to restore the encrypted data on your own.
  • Contact Doctor Web's technical support. When file a request, select Cure request. This service is provided free of charge.
  • Attach a doc or. txt file encrypted by the Trojan to the ticket.
  • Wait for a response from a virus analyst. Due to the large number of requests it may take some time.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040