Recently we had one of our users get a virus that runs a file encryption program on the PC and renames every file to a .crypt file extension. That led me to this site:
I would have continued posting under that topic but its closed and I can't reply. At any rate, it seems that the perpetrators of that virus have modified it to some extent and I've got a Windows 7 workstation infected with it. I've attached a screenshot of what the program looks like when it runs. We've successfully removed the virus/mal-ware portion of the program, now we need to decrypt the data and that is where I'm running into difficulties. I found another article similar to the above link here:
At any rate, I'm bringing the machine in so I can VM it and play with it while I reload the machine. I'm afraid the data on it is gone for now.
So as I mentioned and I'm sorry for bouncing everywhere, it encrypts the file with filename.fileexention.crypt, i.e. filename.docx.crypt. I've found some references with that file exention here:
I'm also finding reoccuring information about a program called whatsapp as well as an open sourced Linux that was recently resurrected from over a year ago in February of this year.
As an FYI, the name of the program that the virus launches was called setsyslog32.exe
Any help would be appreciated.