Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti child porn spam protection virus. All information is com


  • Please log in to reply
7 replies to this topic

#1 cesarin1968

cesarin1968

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 March 2013 - 10:50 AM

I'm here for looking help about ransomware "anti child porn spam protection".

 

Situation:

  1. The virus has created 3 folders named rwdctlqn (with a svhost.exe file), rxzmrhlz (with htm file that it shows when start the session) and a another folder named ProgramData with a subfolders with a lot of dlls files, svhost.exe and dll files.
  2. All the information was compressed and protected with a pass of 256 characters of long (as htm file said)
  3. The file that shows when start session show that my id is 861394138 and i must contact with spainsec1@gmail.com
  4. It changed also the name of backup files and it seems unrecoverables.

Please, ask me for more of information can you need. Thanks for your help and for your work in advance.


Edited by cesarin1968, 13 March 2013 - 11:20 AM.


BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:21 PM

Posted 13 March 2013 - 12:08 PM

Hi,

 

Look at this post by Grinler http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection-or-accdfisa/?p=3001838

 

Hi All,

I am happy to offer some good news regarding this infection. Due to multi-round SHA1 hash degradation, there might be a chance for decryption under certain conditions. If you were hacked and have found that your files have been encrypted and renamed to a file that contains an email address to send payment, please follow these steps to try and have your password generated.

Go to this form: https://vms.drweb.com/sendvirus/?lng=en. Fille in the information that is requested and select Request for curing in the Submission category drop-down menu. In the comments field, please include the email address that has been added to the renamed files. Then submit the form.

Once you submit the form, someone should get back to you.

 

 

Good Luck

Roger


Edited by rotor123, 13 March 2013 - 12:10 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 cesarin1968

cesarin1968
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 March 2013 - 01:05 PM

wow!! thanks!! i'm going to send a file and pray! ... One more time thanks a lot



#4 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:21 PM

Posted 13 March 2013 - 01:33 PM

You need to get the machine cleaned up first.

 

Good Luck

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#5 cesarin1968

cesarin1968
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 March 2013 - 01:36 PM

You need to get the machine cleaned up first.

 

Good Luck

Roger

 

I take the hard drives and access them from another operating system and another machine. It's ok? I made this because im taking advantage by the situation and change, by pass, for a new server: The infected server is too old.


Edited by cesarin1968, 13 March 2013 - 01:40 PM.


#6 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:21 PM

Posted 13 March 2013 - 04:45 PM

That is probably OK, However I'm not a Malware specialist.

 

I do suggest reading this entire Post as it tells how to prevent you new server from being hacked into.

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection-or-accdfisa/

 

Good Luck

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#7 Gaia Rossi

Gaia Rossi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 May 2013 - 04:42 AM

Hi!! You can have some information on this site. . It's an italian society able to work on the virus accdfisa!!!

 

Here you can find a page which talk about virus data recovery .

 

See you soon!

Gaia



#8 cesarin1968

cesarin1968
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 06 May 2013 - 05:00 AM

Well I have a good news. I recovered all the info with the panda tool. I recovered the folder programdata in another harddrive. My agreements to the people of Dr.WEB (i will make them  a money transfer just for agreement) and bleeping computer for your orientation.

 

You can close this threat and thanks for all again






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users