Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Doctor Web has released a free decryption utility to counteract the new extortion Trojan.Encoder.19

August 13, 2008

Doctor Web reveals a new Trojan that encrypts files on a user machine. The malware has entered the Dr.Web database as Trojan.Encoder.19. The Trojan places the crypted.txt file on a hard drive of an infected system offering a user to pay 10$ for decryption of his files.

Your files have been encrypted!
The decryption utility costs 10$!
More:
http://decryptor.******
E-mail: decryptor2008@******
ICQ: *******
S/N BF_3-pUChT$+bm5
Do not delete or modify the file!!!

This version of Trojan.Encoder.19 checks all drives available (excluding removable) and encrypts files with the following extensions:
.jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .asf, .doc, .docx, .xls, .xlsx, .ppt, .pptx,
.rar, .zip, .db, .mdb, .dbf, .dbx, .h, .c, .pas, .php, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .sol, .jbc, .txt, .p

Analysts from Doctor Web have created a decryption utility so any user can download it for free and cure his machine.

How to use.
Start the decryption process for the entire C: drive. Launch the program as follows:
te19decrypt.exe [path]
e.g.:
te19decrypt.exe c:\

Files on the C drive modified by the Trojan will be decrypted. When the decryption process is completed, decrypted copies of encrypted files without the .crypt extension will appear next to encrypted ones. Do not delete encrypted files because incorrect decryption is still possible.

If you are unable to decrypt a certain file, please send cryted.txt found in the root directory of your C drive and several samples of encrypted files at vms@drweb.com.

Due to the huge influx of requests from users of other anti-virus products, effective June 19, 2013, Doctor Web's support service is providing its free decryption service only to users of Dr.Web products.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040