Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware Infection - encrypted files?


  • Please log in to reply
4 replies to this topic

#1 hellsbuttmonkey

hellsbuttmonkey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 07 June 2013 - 05:02 AM

Greetings,

 

I was wondering if anyone can assist me with a problem I am currently having with a drive that has been infected with one of the many ransomware trojans out there.

 

It is a data drive (no OS) given to me by a friend of a friend needing help.

 

I have been informed that the drive was infected with somethng called 'BKA-Trojaner', one I have not heard of before. The trojan was removed before coming to me, but specific files on the drive have been renamed.

 

Only .doc files have been encrypted (not sure if this is due to the trojan only targetting these, or if the process was interrupted before completion) The renaming, however, is something I haven't seen before. Instead of the usual locked-<file name>, or conversion to RAR files, each file nas had it's extension removed, and the name changed to a random string of characters such as 'ayyrNsteenLJJVVX' and no way to identify what the original filename was.

 

I would appreciate any help in this matter!



BC AdBot (Login to Remove)

 


#2 hellsbuttmonkey

hellsbuttmonkey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 10 June 2013 - 07:17 AM

Noone has come across this problem?



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 12 June 2013 - 04:20 PM

This is RANSOMEWARE you need to do steps 6,7 and 8 here

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 hellsbuttmonkey

hellsbuttmonkey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:01 PM

Posted 13 June 2013 - 03:18 AM

Thank you, but the Malware has already been removed, I am trying to find a way to decrypt the files that have been encrypted..



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:01 PM

Posted 13 June 2013 - 09:09 AM

Ok post the DDS log in that forum. Title post.
Malware removed need to decrypt files
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users