Subscribe0
- Conduct a full scan of your computer using an updated version of Kaspersky Anti-Virus(download a trial version).
- If the antivirus is unable to decrypt the infected file, please send the infected file to newvirus@kaspersky.com (our virus laboratory) for analysis.
This file virus is a Windows PE EXE file, packed using UPX. The packed file is approximately 61KB in size, and the unpacked file is approximately 134KB in size.
The program was widely distributed throughout the Russian segment of the Internet using spammer technologies.
Once launched, the virus encrypts files saved on the victim machine which have the following extensions:
arh arj c cdr cgi chm cnt cpp css csv db db1 db2 dbf dbt dbx doc flb frm frt frx gtd gz gzip h htm html key kwm lst man mdb mmf mo old p12 pak pdf pem pfx pgp pl prf prx pst pwa pwl pwm rar rmr rnd rtf safe sar sig tar tbb txt xls xml zip
The virus partly uses the RSA algorithm to encrypt files.
Once encrypted, files cannot be used. The author of the program then demands money to decrypt the encrypted files. A file called 'readme.txt' appears in folders where encrypted files are located. The file contains the following text (although the email and the encryption key may differ):
Some files are coded by RSA method. To buy decoder mail: *****sh34@rambler.ru with subject: RSA 5 ********728578411
When contacted by the user, the author of the program will demand payment for decrypting the encrypted files.
Users are reminded that they should be extremely cautious when faced with attachments to suspicious messages. Additionally, users should not contact the authors of malicious programs, nor pay them money, as this will simply act as motivation to write new variants.
Removal instructions
Hot Articles