More links below including free decryption tool
Vundo is one of the most prevalent malware agents encountered in-the-wild. A new version will encrypt eligible data file types on a PC and try to trick users into paying to restore files. Symantec offers a free cleaning tool as noted at the bottom that will unencrypt these files.Vundo - New Ransomware Version encrypts files
: Symantec received news of a new twist in the behavior of Trojan.Vundo. Instead of simply pushing misleading applications and other threats onto the infected computers, it seems the authors of Vundo have taken a more direct hand in revenue generation. Rather than just frightening you into believing that you may have problems or threats present on your computer, Vundo now drops a file named fpfstb.dll that attempts to make sure that you do encounter problems on your computer.
Once the files are encrypted, it starts to display messages stating that certain files on the computer are corrupted
. If the user attempts to open any of the encrypted files, a message will also appear saying that the file is corrupt. In both windows, a repair option is available.
If the user clicks on repair, a browser window will open to the domain filefixpro.com (now offline). This site offers a program named FileFix Professional (detected as FileFixProfessional), which is supposed to repair the corrupted files. Of course, FileFixPro is not a free application, so you are expected to pay in order to license it for use
. FileFix Professional is obviously not what it is cracked up to be—it is, in fact, just another part of this whole scam—it only decrypts the files that its partner in crime (Trojan.Xrupter) has encrypted.Symantec's free cleaning and decryption tool to restore encrypted fileshttp://www.symantec.com/content/en/us/glob.../FixXrupter.exe
Edited by harrywaldron, 24 March 2009 - 04:18 PM.