Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus encryted all my files


  • Please log in to reply
20 replies to this topic

#1 sharnaen

sharnaen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 31 December 2014 - 11:30 AM

dear all computer fellas,

 

please help me...

 

at this afternoon, i open my notebook, and all my files (.doc, .docx, .pdf, .zip, .cdr,  etc) were encrypted. i don't know that i was infected by virus or what because i opened fake email, or what, or i download something, i didn't realize. 

But in my folder, i got some BLACKMAIL notes. the last thing that this virus do to my notebook, that this virus changed my desktop wallpaper into some ransom notes (BLACKMAIL notes). 

 

thank you for all your help.... i need all your help

 

.samuel. 

 


pic

file data:

http://app.box.com/s/sksdx62y5k4gorqh6mzc

 

the notes:

https://app.box.com/s/j75pa4k2jzp6sseg5wmz
 

my wallpaper:

https://app.box.com/s/rss2cjekrnhufu7s5rcy

 

also i give some sample files that encrypted,

 

https://app.box.com/s/2sd60r49qlcsf4m244ke

 

https://app.box.com/s/n8nwcx6kpiwaicqw41h9

 

http://app.box.com/s/ua1iyn7zslg83vv8gcen



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 PM

Posted 31 December 2014 - 03:51 PM

I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of an encrypted file here: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit any of the malware files that you suspect were involved in causing the infection. Doing that will be helpful with investigating.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Nathan

Nathan

    DecrypterFixer


  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:02 PM

Posted 31 December 2014 - 04:11 PM

been looking for this dropper for awhile. Cant do anything without it since there is no site and the files dont show a pattern.


Have you performed a routine backup today?

#4 Comdark.Bubnix

Comdark.Bubnix

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indonesia
  • Local time:09:02 AM

Posted 31 December 2014 - 07:25 PM

been looking for this dropper for awhile. Cant do anything without it since there is no site and the files dont show a pattern.

 

hello Fixer.

TS above is my friend. this buyunlockcode virus spread quickly in my country indonesia. the victims is so many,,i surprised. i never get report of ransom virus so many just in one day.

btw, you said that the files dont show a pattern,, is this indicate that the encrypt is custom made like cryptorbit (cmiiw) or real RSA unbreakable encrypt ?

also,this is just my idea,, how if you remote sharnaen pc ? to look for this exe virus. maybe this exe still in there.



#5 ikie_kyella

ikie_kyella

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 31 December 2014 - 07:33 PM

The same case like you, I was also exposed to the virus as it is where the data memories of my family could not be opened.
The virus attack when I install a fake application which said video recorder can be connected by skype.

This data is affected by the virus I have input into the zip:
hxxp://www.mediafire.com/download/l9592gj45lsu1e3/data+untuk+perbaikan.rar
 
and:
1. http://www.mediafire.com/view/72qc0zl82tzi8pm/JPG.jpg#
2. http://www.mediafire.com/view/aa633zszwi6g5d4/ZIP.jpg#
3. http://www.mediafire.com/view/wvbvtmutre9b4ll/Word.jpg#
4. http://www.mediafire.com/view/alqgsjoyhb9qy3m/Teks%20form%20virus.jpg#
5. http://www.mediafire.com/view/j4g4q1a679tq6nj/PDF.jpg#
6. http://www.mediafire.com/view/p8jdajpjab3ey8i/PDF%20dan%20Power%20point.jpg#

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 PM

Posted 31 December 2014 - 07:46 PM

Please do not post active links to possible malware, including links which may lead to sites where infections have been contracted and spread. If it is malicious, we don't want other members accidentally clicking on such links and infecting their machines.

You can submit samples here: http://www.bleepingcomputer.com/submit-malware.php?channel=3

I have disabled the one you posted so others do not click on it.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ikie_kyella

ikie_kyella

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 31 December 2014 - 08:13 PM

ok sir, i'm sorry



#8 sharnaen

sharnaen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 31 December 2014 - 09:22 PM

ok, i'm sorry, i already post sample with .pdf file type. to all, please help.

 

thank you... 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:02 PM

Posted 31 December 2014 - 09:44 PM

Please be patient. While I understand your frustration...Staff and Security Experts are all volunteers who assist members as time permits. No one is paid for their work or assistance to members of our community. We have jobs in the real world, families and other commitments which take priority over anything we do here.

This site receives hundreds of requests for help every day and we are grateful for whatever free assistance our volunteer staff, Security Developer's and Security Colleagues like Nathan (DecrypterFixer) can dedicate toward research and investigative efforts which help so many of our members with malware related problems.

New and more devious malware infections are released almost daily. It then takes time for our volunteers to investigate, analyze and test removal/repair techniques before we can try to help members like yourself.

Thanks for understanding.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Nathan

Nathan

    DecrypterFixer


  • Security Colleague
  • 1,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:02 PM

Posted 31 December 2014 - 10:58 PM

First off, I have been wanting to thank you quietman for always responding on behalf of me when I cannot, and always responding in general, so thanks :)

 

As for progress on this infection, we are still looking for the infection exe, so if you do find it or something similar, please submit it to the link quietman provided. Once we have this, we can make progress, thank you.


Have you performed a routine backup today?

#11 sharnaen

sharnaen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 January 2015 - 08:30 AM

to Nathan,,,

 

im sorry, but i don't have any .exe file that make this situation.

 

thanks for your help.  



#12 sharnaen

sharnaen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 January 2015 - 10:55 AM

dear nathan and all, i already upload several files. i hope it can help to solve our problems. thanks 



#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:02 PM

Posted 01 January 2015 - 12:04 PM

Can someone submit a copy of the buyunlockcode file as well to http://www.bleepingcomputer.com/submit-malware.php?channel=3

Thanks


Sorry I see it in the original post.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,717 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:02 PM

Posted 01 January 2015 - 02:30 PM

You may be able to restore your files using the Shadow Volume Copies. More info here:

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

I also wrote a news story detailing this ransomware with analysis from Fabian Wosar of Emsisoft.

http://www.bleepingcomputer.com/forums/t/561732/buyunlockcode-ransomware-detected-in-the-wild/

#15 sharnaen

sharnaen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 01 January 2015 - 09:08 PM

nywvtt.jpg
 

 

dear Grinler... can you help me, what should i do if my computer can't restore like this?

 

thanks a lot...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users