Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New ransomware called Anti-Child Porn Spam Protection or ACCDFISA


  • Please log in to reply
328 replies to this topic

#181 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 AM

Posted 08 March 2013 - 03:21 PM

You may get more info about sdeltemp in the sysinternals forum, but I think its jump a temporary storage space and will not contain any useful info.



BC AdBot (Login to Remove)

 


#182 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 AM

Posted 13 March 2013 - 08:29 AM

Hi All,

I am happy to offer some good news regarding this infection. Due to multi-round SHA1 hash degradation, there might be a chance for decryption under certain conditions. If you were hacked and have found that your files have been encrypted and renamed to a file that contains an email address to send payment, please follow these steps to try and have your password generated.

Go to this form: https://vms.drweb.com/sendvirus/?lng=en. Fille in the information that is requested and select Request for curing in the Submission category drop-down menu. In the comments field, please include the email address that has been added to the renamed files. Then submit the form.

Once you submit the form, someone should get back to you.

#183 Toomy Gun

Toomy Gun

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 March 2013 - 09:12 AM

Thanks Grinler

I've sent a file over to them and a quick description of what happened.

I'll let you know if I get any joy regarding this.

 

Many thanks



#184 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 AM

Posted 13 March 2013 - 09:14 AM

Good luck!

#185 cesarin1968

cesarin1968

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 March 2013 - 01:05 PM

wow!! thanks!! i'm going to send a file and pray! ... One more time thanks a lot



#186 Klaidoes

Klaidoes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 March 2013 - 05:19 PM

Hello to everybody... this is my first post.

I´ve  the same problem and  y send one file to drweb.

 

Waiting and praying...

 

Many thanks.



#187 Toomy Gun

Toomy Gun

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 March 2013 - 03:38 AM

DrWeb's only gone and bloody done it.

I've now got a password for my encrypted RAR files.

 

I can't believe it.

 

Thank you so much again.......................



#188 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 AM

Posted 14 March 2013 - 09:33 AM

Awesome!

#189 cesarin1968

cesarin1968

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 March 2013 - 10:52 AM

I sended today and im praying and waiting for.



#190 Klaidoes

Klaidoes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 March 2013 - 06:39 PM

Hello again:

I just recieve the pass from Dr. Web and it works...

I probe 7 files and  decompress 6 of them.

 

 

¡THANK YOU VERY MUCH!



#191 CarthagoDelenda

CarthagoDelenda

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 16 March 2013 - 04:53 AM

I've just sent the request to drweb.

 

We were attacked with this ransomware few days ago, and that's the reason i knew of this site. Since then i've followed this topic which has been a GREAT help for us.

 

We lost more than 50.000 files (and backups!), and we are doing a hard work these days trying to recover copies of our files, one by one, all the stuff, 25 hours a day.

 

Now there's a hope.

 

Thank you very much.



#192 Agglomerate

Agglomerate

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, United Kingdom
  • Local time:12:10 PM

Posted 16 March 2013 - 03:46 PM

This is interesting. I think this may become wide-spread, or more common in the future. Looks annoying to remove.



#193 cesarin1968

cesarin1968

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 19 March 2013 - 07:45 AM

Bad news by now. DR. Web say me that they can't recover the files right now because i tried to repair the server with cd after clean the virus. It is because i loose the original files of virus. For another way, they told me that may be in a month they can recover.


Edited by cesarin1968, 19 March 2013 - 07:47 AM.


#194 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:10 AM

Posted 19 March 2013 - 09:34 AM

Sorry to hear that. Good news is that if you can wait, hopefully they can recover your key.

#195 retroyoda

retroyoda

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 19 March 2013 - 12:39 PM

One of our servers was attacked by this ransomware about 3 weeks ago, so I immediately offlined it. I guessed that it may be necessary to refer to some of the malicious files if there was ever to be any hope of generating the encryption password so kept it offline rather than try to clean up the infection.

 

I contacted drweb a couple of days ago, then emailed across the files requested, and less than 24 hours later have received a password which, so far, appears to be working.

 

Thanks for all the helpful information given in this thread!






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users