Jump to content
Posted 30 June 2015 - 10:36 PM
Posted 04 July 2015 - 02:52 PM
Posted 04 July 2015 - 05:14 PM
Posted 18 July 2015 - 08:49 AM
Posted 06 September 2015 - 11:27 PM
I too am having this issue, almost all my files have been encrypted, including my network stored backups.
I have submitted a sample document.
Posted 24 September 2015 - 02:22 AM
same problem here.
I was able to recover som files from a backup, but a seperate backup files for other data was also infected.
problem started September 22nd last at 9:41am
It seems to be a variant of gpcode.ak which changed all office files, pdfs etc to .OMG!
I'll upload some good and encrypted files and I hope someone will find a solution to this
Posted 24 September 2015 - 01:46 PM
If you have the sample -- the payload file (exe file) that delivers the malware -- I will analyze it for you if you upload it to Mega and PM me the link.
Common places to look for this file:
Information Security Engineer | Penetration Tester | Forensic Analyst
Posted 26 September 2015 - 05:13 AM
it's hard to determine the payload file. I have a lot of exe files, amongst them are wordpad.exe, system.exe, messenger.exe... apparently he used crypter Zeus by LeonDK.
I can upload all the exe files if you want.
Malwarebytes detected the follow exe's as being backdoor.poisonivy: msdn.exe, document.exe, iexplorer.exe
It also detected trojan agents: system.exe, ieplorer.exe, svchost.exe, system(1).exe, system(2).exe
some of the are in a downloads folder and some are in the Application Data folder.
I also detected a Xenocode folder in local settings\application data... In the Xenocode folder there is a folder named Sandbox with subfolders microsoft security essentials, Google, MSDN, GMAI, gmail.com
Posted 01 December 2015 - 06:00 AM
since yesterday i have the same problem adikbum. Could you please help me? I have the same problem as adikbum, and the same info as He.
Posted 02 December 2015 - 12:09 PM
Posted 02 December 2015 - 02:36 PM
Posted 02 December 2015 - 05:53 PM
I too have some .LOL! files that have been encrypted. Some of the original file types were .ai, .bat, .xlsx, .pdf, .jpg, etc. Though I do have many before and after versions of the encrypted files, nothing seems to be able to decrypt them as of yet.
The same "how to get data.txt" file is left behind through all directories. I was able to find specifically which account it originated from and disabled the account, but cannot find any payload responsible.
The text file ends with:
Posted 02 December 2015 - 06:38 PM
Posted 03 December 2015 - 10:32 AM
What steps can the affected take to possibly decrypt the files without paying the ransom?
0 members, 0 guests, 0 anonymous users