Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help


  • Please log in to reply
10 replies to this topic

#1 kzcuspid

kzcuspid

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 09 May 2014 - 11:38 AM

Hello

First I want to thank you for making yourself available. I really appreciate it as this is not my area of expertise and it feels good to know that there is someone available to help. Thanks again!

This is for windows 7 professional 32 bit operating system

I noticed all my jpg files and pdf files have extension .block extension and when i try to open any of those files it gives following error:

'windows photoviewer cant open this file or file is corrupted' -

 

I tried to run some antivirus softwares and anti malware softwares and now when i try to open these files it shows following error:

'Windows photo viewer can't open this picture becuase either photoviewer doesn't support this file format, or you dont have the latest updates to photo viewer'

 

Also,

I got this warning message I am copying it down here....

"Your identification number: 60
Your IP address:
If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List.

 

 


As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) you PC and files are now blocked.
You can remove you IP from black list and unlock PC and files by paying a fine of 200$ (USA and Canada) / 200EUR (via Western Union to other Countries)

You can unblock your computer and files by completing theese three steps.

STEP 1: Buy a moneypak prepaid voucher for the amount of $200 at the nearest store.
STEP 2: Enter your prepaid voucher number and your email address in the fields below then click PAY and you will be prompted to enter the unlock code.
OR Send an e-mail at UNLOCK@SOPASYSTEM.COM. Indicate your ID in the message title and provide moneypak prepaid voucher number.
STEP 3: Check your e-mail. In 24 hours we will send your Unlock program once payment is verified. Run it then enter your unlock code that you received by email from us and click UNLOCK.
Your computer will roll back to the ordinary state.

WARNING!!!: Infringed article of the Criminal Code of United States of America provides for deprivation of liberty from two to twelve years.
Fines may only be paid within 72 hours after the infringement.
As soon as 72 hours elapse, the possibility to pay the fine expires, and a criminal case is initiated against you automatically within the next 72 hours!

Q: How can I make sure that you can really decipher my files?
A: You can send one ciphered file on email UNLOCK@SOPASYSTEM.COM (Indicate your ID and IP address in the message title), in the response message you receive the deciphered file.

Q: Where can I purchase a MoneyPak?
A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer.

Q: How do I buy a MoneyPak at the store?
A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.

Q: What if I don’t have possibility to purchase prepaid voucher?
A: You can send money in amount of 200EUR by WesternUnion as alternative option.

We accept only Moneypak prepaid vouchers.
Visit for information http://www.moneypak.com

S.O.P.A. system USA 2012"

 

I am not sure what exactly this is... is it some virus or... what!!

 

I will appreciate if you can help with this...

Thanks
 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 09 May 2014 - 12:01 PM

Hi kzcuspid.

 

Did you get screen looks something like this?

 

http://nakedsecurity.sophos.com/2012/10/06/ransomware-encrypts-files-claiming-sopa-piracy-charges/

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 kzcuspid

kzcuspid
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 13 May 2014 - 09:51 AM

Thank you Sirawit for reply, this is work comp so could not respond earlier.

No, the screen i see is nothing like this. It is on notepad which says warning... and nothing else...

Can you please suggest what should I do?

Thanks



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 13 May 2014 - 12:12 PM

Most likely you had been infected with Ransomware.

 

Please try this:

Press Windows Key (On the keyboard) + R then type in %appdata% and click OK.

Then try to locate the file name "Initia1Log.txt.block".

 

Please reply me about your result.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 kzcuspid

kzcuspid
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 13 May 2014 - 12:27 PM

I can see bunch of folders and some files but nothing like what you mentioned... I tried looking into those folders but could not locate that file there... do I have to look deep in all folders??

Thanks



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 14 May 2014 - 11:19 AM

Please keep clam while we find you the solution.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 16 May 2014 - 11:08 AM

Please try this one:

Download this and extract it to desktop: http://tmp.emsisoft.com/fw/decrypt_birele.zip

Right click it and select Run as Administrator. Then follow instructions.

 

So, all of your files just got encrypted with .block extensions, then you get the message on text file with no program that display warning or lock screen?

Where is that text file locate? And what is its name?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 kzcuspid

kzcuspid
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 20 May 2014 - 03:00 PM

When I click on the zip file it opens up a file with following message:

 

Trojan - Ransom.win32.Birele decrypter v1.3 - use at your own risk!

Written by Fabian Wosar - ....his website 

Could not find decryption key. Maybe a new variant?

 

And this file is located in C drive and name is decrypt_birele.exe

 

I hope I did it right.. :(


Edited by kzcuspid, 20 May 2014 - 03:01 PM.


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 24 May 2014 - 03:12 AM

Sorry for delay. :/

 

Please try this decrypter:  http://tmp.emsisoft.com/fw/decrypt_cryptodefense.zip

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 kzcuspid

kzcuspid
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 27 May 2014 - 04:40 PM

Hello Sirawit

Its perferctly fine, even I get delayed in responding as this computer is at my work... but I really appreciate you helping me with this... I got the following message after running that decrypter...

Loaded private key from current user's key storage!

Scanning 2 folder(s):
  C:\
  F:\

Statistics:

  0 files successfully decrypted
  0 files caused errors during decryption
  0 ransom notes deleted

Finished!



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:20 AM

Posted 28 May 2014 - 09:28 AM

OK, looks like it may have found decryption key.

 

Can you place encrypted files and decrypter in the same folder then try again?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users