Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new Ransomware virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 mohammed gebril

mohammed gebril

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 April 2015 - 11:07 AM

hi all,

 

a friend of me has got an email with an attachment and as he opened that attachment the display turned black while the windows on desktop were still visable . in a minute all the files wherever in folders or subfolder have got a new extention ( .adctyme) added to all files (jpg, txt, doc, xlx) > as i scanned the system with NOD32 , it detected and deleted the trojan named Win32/Filecoder.DA trojan.

the files where the trojan was named ( !Decrypt-All-Files-adctyme.txt) .a new system has been installed but still can not open all the  files.

after searching web i found a topic explaining how to decrypt these injected files but it didn't help to decrypt these files

i mean this topic

http://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information

is there any way to help solve this problem and open those files?

i tried to attach a sample of the injected files but i couldn't !

thanks in advance


Edited by hamluis, 30 April 2015 - 12:20 PM.
Moved to general security, closed - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 30 April 2015 - 11:31 AM

Hi mohammed gebril :)

It seems that your friend was infected with CTB-Locker, and not CryptoDefense. There's currently a Support thread open for users infected with CTB-Locker/Critroni where you can seek assistance and ask your questions. It's better to go in it since it'll avoid the creation of hundreds of thread for the same issue, and allow the information to be centralized.

CTB Locker or DecryptAllFiles.txt Encrypting Ransomware sets extension to .CTBL

If you want to learn more about CTB-Locker/Critroni, you can read the full FAQ on it on BleepingComputer.

CTB Locker and Critroni Ransomware Information Guide and FAQ

To avoid confusion, I asked a Moderator to close this thread.

Good luck :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 mohammed gebril

mohammed gebril
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 April 2015 - 11:46 AM

thanks alot , i will follow the other topic to find a solution for this trojan



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 30 April 2015 - 11:49 AM

No problem, my pleasure :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users