Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


All files have the Extention .LOL!

  • This topic is locked This topic is locked
1 reply to this topic

#1 thevoxhumana


  • Members
  • 8 posts
  • Gender:Male
  • Local time:12:30 AM

Posted 21 December 2015 - 04:51 PM

Looks like I am having an issue with some ransomware. All of my files on my NAS have a .LOL! extension. The NAS shared folders are networked to several computers, and I did have one system that seemed to be infected. There is also a note attached to all folders called "How to get Data", that reads as follows:


Hello boys and girls! Welcome to our high school "GPCODE"!
If you are reading this text (read this very carefully, if you can read), this means that you have missed a lesson about safety and YOUR PC HACKED !!! Dont worry guys - our school specially for you! The best teachers have the best recommendations in the world! Feedback from our students, you can read here:
1)http://forum.kaspersky.com 2)http://forum.drweb.com 3)http://forum.eset,com 4)www.forospyware.com                
As you see- we trust their training, only we have special equipment(cryptor.exe and decryptor.exe) and only here you will get an unforgettable knowledge!
The lesson costs not expensive. Calculate the time and money you spend on recovery. Time is very expensive, almost priceless.We think that it is cheaper to pay for the lesson and never repeat the mistakes.We guarantee delivery of educational benefits(decryptor.exe). First part(cryptor.exe) you have received :-)
Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES.No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor etc repair tools are useless and can destroy your files irreversibly.
If you want to restore files - send e-mail to gpcode@gp2mail.com       with the file "how to get data.txt" and 1-2 encrypted files less than 5 MB. PLEASE USE PUBLIC MAIL LIKE YAHOO or GMAIL.
You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.
P.S. Remember, we are not scammers. We don`t need your files. After one month all your files and keys will be deleted.Oops!Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples and positive feedbacks from previous users.



It seems to be very rare or very new, because I can't find any info on it. Any help on making sure I am rid of the payload would be helpful.

Luckily I am backed up, but I want to make sure the data that is returned won't be encrypted.

Thanks a ton!


BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,954 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:30 PM

Posted 21 December 2015 - 04:59 PM

This .LOL! ransomware infection appears to be related to Symantec's description of OMG! Trojan.Ransomcrypt.G which uses the same how to get data.txt file with a P.S. Remember, we are not scammers... and string of random characters at the end.

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users