I just got rid of the infection and the Laptops status is back to normal.
However, all the stuff in My Docs/Pics ect are tagged .ENCODED - Removing .ENCODED does not allow the file to open sadly.
The ransomware wanted you to wire some $ to them for the decryption method, and gave you a 3 day window (Im guessing when they cycle their drop accounts) "Or else F U" basically.
My customer did not do this, nor do i think the hackers would of given him the solution anyways lol.
I read elsewhere that only the beginning of each file is infected and has code inserted to it that can be removed or something... did anyone make a script to fix this by chance? it seems it has been out in the wild since November-ish last year.
Is he SOL or maybe can i delete all the .encoded and do some data recovery for his old stuff?
Any solution of anykind is welcome, thank you for any insight or help.
Edited by Johnny5Alive, 23 April 2011 - 02:26 PM.