Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help: Infected w/ Cryptodefense, exploit.drop.gs, win32/filecoder.cr trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 protrader71

protrader71

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 30 May 2014 - 02:11 PM

Hello,

 

I have been a very happy user of Bleepingcomputer (your site has helped me, my family and friends out more times than I can count, thank you!).  --- I apparently just became infected with something called:  Win32/Filecoder.cr trojan  ... And now my files (like .pdf, .doc, etc) have been encrypted to where I am unable to open them.  I have received a pop up message and now have .txt messages in folders stating that my files have been encrypted with CryptoDefense using a unique key RSA-2048 ... I need to obtain the private key..blah, blah, blah. 

 

My antivirus prog is AVG and it noticed / caught malware called Exploit.drop.gs ... but apparently it was too late, b/c I ran antimalwarebytes and it found Win32/Filecoder.cr trojan ... and then ran ESET free online scanner and it found 600+ threats (all being this trojan in different folders)...It removed them, then they came right back.  My files are completely encrypted.

 

Please advise as to the next appropriate steps.  Thanks in advance!

 

If you have any questions, feel free to ask.

~~ protrader71



BC AdBot (Login to Remove)

 


#2 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 30 May 2014 - 03:26 PM

Update:  I have been retrieving ("decrypting") files by right clicking, going to properties, then previous versions tab, and restoring that way. 

 

I still need help with removing the malware / trojan so as to not get RE-infected.  Thank you!



#3 protrader71

protrader71
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 31 May 2014 - 11:06 PM

Update 2:   I copied recovered "decrypted" files using the method above and then installed a backup hard drive that had been backed up 6 months ago.  I decided trying to rid myself of the Cryptodefense sounded like more work and not really possible, so the backup drive made more sense.  Thanks to all the people that did plenty of research on this nasty ransom malware...I read through all the recent pages on the Crypto- ransom malware thread on here.  Very helpful information.

 

Matter resolved.  Thanks again to all Bleepingcomputer admins.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 04 June 2014 - 07:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users