I got the WARNING.txt messages that read as follows:
YOUR ID: xxxx
If you see this screen or read warning.txt.
It means you IP address: xx.xxx.xxx.xxx was included in WCAP Black List.
From your PC was infringement one or more of the following items:
1. Viewing, listening, downloading or distributing audio or video files protected
2. Spam or Ddos attack.
3. Downloading or distributing illegal content (child porno, phishing, etc.)
4. Downloading or distributing Software protected Copyright Law.
The result of these infringement you PC and file was blocked. The decision was made
about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment
1272 of 06/10/2011
You can remove you IP from black list and unlock PC and files paying money penalty
STEP 1: Buy a MoneyPak in amount of $100 at the nearest store.
STEP2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-
mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide
STEP 3: Check your e-mail. We will send you Unlock code once payment is verified. Your
computer will roll back to the ordinary state.
well, I managed to stop the virus and clean it out, I detected the virus vsdsrv32.exe and changed the file extension to type txt to render it inert and also to archive it for analysis. my pc is now running fine, however all my txt pdf doc and jpg files are encrypted ( .CRYPT ) and there doesn't seem to be any way to fix it. I read on this forum about decrypt_birele.zip, I downloaded it, unzipped it and ran it, it didn't do anything. it just opened up a little DOS box and said it couldn't find anything.
Unlike richard pierse, I couldn't find any file called cconf.txt.enc . I did however detect two malware programs, one is 0.82975027527866.exe and the other is 0.6548643921251133.exe which I am pretty sure have something to do with the encryption. I also changed the file extensions to txt to neutralize and archive them. if anyone wants to see the text of this programs, I cut-and-pasted the .txt versions onto .htm and posted all of it here: hxxxttp://www.loudfastugly.com/hacked/
so I'm hoping somebody had figured out a crack for these crypts. thanks!
Edited by nasdaq, 09 July 2012 - 10:41 AM.
http link obfuscated.