Two days ago, I opened my computer to see a ransomware message which displayed the following:
Your Id: 22
YOUR COMPUTER IS BLOCKED. All your documents, text files and databases are securely encrypted.
You can unblock your computer by completing three easy steps.
STEP 1: Buy a MoneyPak in amount of $50 at the nearest store.
STEP2: Fill out the fields on the black screen on your cumputer. Otherwise send as an e-mail at email@example.com. Indicate your ID in the message title and provide MoneyPak number.
STEP 3: Check your e-mail. We will send you a program to remove the malware and decrypt your files once payment is verified. Your computer will roll back to the ordinary state.
Q: How I can make sure that you can really decipher my files?
A: You can send ONE any ciphered file on email firstname.lastname@example.org (Indicate your ID and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file.
Q: Where can I purchase a MoneyPak?
A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Walmart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer.
Q: How do I buy a MoneyPak at the store?
A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.
- here you
At the time my computer was using Microsoft security essentials and did not identify any issues. This was on 6/10/2012. I haven't the foggiest idea of how or where I picked up this virus, but all JPG, DOC, WPS and just about any media files became encrypted. These files all now have a .CRYPT file extension.
I downloaded Malwarebytes, which identified the virus as VSDV32.exe and quarantined it. It was not until 6/11/2012 that microsoft security essentials eventually identified and removed this ransomware, but the damage is done.
I have lost all of my kids pictures from his first two years and am desperate to find a fix which can decrypt the files that were beset by this malware.
I have researched online, and have reviewed the available fixes out there for ransomware decryption, none of which seem to work on this variant. I tried all of Kaspersky's available decryption programs without success. Rectordecryptor RannohDecryptor XoristDecryptor are not effective.
I also followed the blog posting at majorgeeks which listed a possible fix developed by fabian wosar at emisoft:
This is also equally ineffective against this variant.
I have seen nearly identical issues posted on this site, but as of yet have not seen a workable resolution:
I wanted to see if anyone out there has any experience with this virus and any suggestions as to how to decrypt the files affected.
Is something like Photorec effective?
Is it worth trying to backup to a restore point before the virus hit?(all postings where this has been attempted are unsuccessful)
Should I take my computer to a big box store to have someone look at it, or is this a waste of time?
I don't pretend to be an expert on computer issues, so would welcome any suggestions.