Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"READ TO DECRYPT!" infection


  • Please log in to reply
5 replies to this topic

#1 ugetchiefster

ugetchiefster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 16 December 2013 - 06:50 PM

All, I am new here and searched the forums and did not find the exact problem I am having, so here it goes: A friend was showing me how to stream free movies online and afterwards, I noticed almost all of my folders had a new file in them named "READ TO DECRYPT!!!.html" and the office and pdf documents in those folders would no longer open. I have attached screenshots of the messages I get when trying to open the document. I am running windows xp pro. As you will see from the attached screenshot of the contents of the Read to Decrypt.html file, this is a ransom type situation and of course I have no intention of paying it. I have a backup of my system I made a week or two ago, so worse case I could use that. Please review the attached files and let me know if there is anything I can do to recover from this other than wiping my hard drive and going back to my last backup? I would rather not have to do that since I have done quite a bit of work and updates to files since then. Thank you very much!post-152509-0-32849300-1387234789.jpg post-152509-0-52860500-1387234788.jpg post-152509-0-99087200-1387234723.jpg post-152509-0-92584400-1387234831.jpg post-152509-0-24526900-1387234829.jpg



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,674 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:22 PM

Posted 16 December 2013 - 08:16 PM

Lots of malware developers jumping on the CryptoLocker train. Will take a look and let you know what we figure out.

This is the i2p address listed: yd66vz737e4xpdp5s7fe65jct2l6mmhpdsj5gteyuc7hxhbd7esa.b32.i2p

#3 ugetchiefster

ugetchiefster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 18 December 2013 - 02:43 PM

Thank you. Have you had a chance to figure anything out on this yet?



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,674 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:22 PM

Posted 18 December 2013 - 02:50 PM

No, we have not been able to find the sample.

#5 ugetchiefster

ugetchiefster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 18 December 2013 - 03:12 PM

Is there anything I can send you to help?

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,674 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:22 PM

Posted 18 December 2013 - 04:01 PM

If you have any samples of the infections you can submit them to http://www.bleepingcomputer.com/submit-malware.php?channel=3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users