Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Postal Retrieval Virus - encryption of data


  • This topic is locked This topic is locked
4 replies to this topic

#1 junglejim03

junglejim03

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 04 October 2013 - 11:19 AM

Against all intelligence i have, i executed a exe file that my virus scanner had indentified as a virus.

This was deilvered via email, and stated i had a lost package.

i had recently shipped a package to india, and lost my IT mind and allowed this thing in.

 

It was a new varient of crilock i suppose.

 

It encrypted all my data files, even though i had done the "prudent" thing, and put all data on a seperate drive.

This old school practice, was due to common virus' attacking the op system.

 

This is a home computer, so naturally i have not backed up my data.

 

Upon calling my IT buddy we "assumed" this was an FBI varient and attempted to just "unhide" the files.

 

This is a true ENCRYPTION trogan... asking for a 300 dollar ransom.

In followning past recovery methods, i have removed all traces of the virus.

This infact was the worst thing to do.

 

I have no link to the ?RSA? key.

 

Okay, who is working on chasing how to find the encryption key local and how to crack the private code?

I know someone... legal or not knows how to crack encryption of data files.

 

i am a "super user" not an IT pro... i wanted to get this varient and packaging out there

as well as help to recover my data.. 20 years of data...



BC AdBot (Login to Remove)

 


#2 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 08 October 2013 - 06:42 PM

Hello and Welcome to BleepingComputer Forums :welcome: 

My name is Chris and and I will be helping you with your computer problems. 

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.
  • Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time smile.gif
With that out of the way, please allow me some time to get the first set of instructions out to you
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#3 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 09 October 2013 - 05:55 PM

Hi,

 

Could you detail the removal methods you used to eradicate the malware? Depending on the variant of malware that was resident on the system we may be out of luck here. You referenced crilock in your original post : 

It was a new varient of crilock i suppose.

 

 
Do you mean Cryptolock? If that's the case, this thread may be of interest to you. Specifically, this post addresses the encryption

Can you upload a sample encrypted file?


Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#4 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:53 PM

Posted 11 October 2013 - 05:45 PM

Hey junglejim

 

Still with me?


Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:53 AM

Posted 15 October 2013 - 01:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users