August 13, 2008
Doctor Web reveals a new Trojan that encrypts files on a user machine. The malware has entered the Dr.Web database as Trojan.Encoder.19. The Trojan places the crypted.txt file on a hard drive of an infected system offering a user to pay 10$ for decryption of his files.
Your files have been encrypted!
The decryption utility costs 10$!
Do not delete or modify the file!!!
This version of Trojan.Encoder.19 checks all drives available (excluding removable) and encrypts files with the following extensions:
.jpg, .jpeg, .psd, .cdr, .dwg, .max, .mov, .m2v, .3gp, .asf, .doc, .docx, .xls, .xlsx, .ppt, .pptx,
.rar, .zip, .db, .mdb, .dbf, .dbx, .h, .c, .pas, .php, .mp3, .cer, .p12, .pfx, .kwm, .pwm, .sol, .jbc, .txt, .p
Analysts from Doctor Web have created a decryption utility so any user can download it for free and cure his machine.
How to use.
Start the decryption process for the entire C: drive. Launch the program as follows:
Files on the C drive modified by the Trojan will be decrypted. When the decryption process is completed, decrypted copies of encrypted files without the .crypt extension will appear next to encrypted ones. Do not delete encrypted files because incorrect decryption is still possible.
If you are unable to decrypt a certain file, please send cryted.txt found in the root directory of your C drive and several samples of encrypted files at firstname.lastname@example.org.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.