Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New PCLock (updated) infection!!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 StoicaV

StoicaV

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 27 March 2017 - 09:47 AM

Hi all 

 

Like most of users who register, i do not know what to do, for my lost files. files who can not be opened in any way

I do not know how to start  and if you need new information please ask me

As from the start i what to say it is a new PC Lock the traces that left behind are unique and did not see them only on 2017

 

a few days ago my computer started to act strange, big lag and very nosy. nothing at the start ... after a few minutes i started to ask questions and open the task manager to see what is there. one program i saw ntwsys.exe force close it and the HDD activity decreased. i open startup programs he was there too and i disable it, searched registry immediately he was there too.

exported the registry and deleted. in that night stopped 

Next day start my pc and a big message appeared in 15 minutes after bot up i was devastated when i had realized what is it.

tried to open pictures videos pdf's nothingggg!!!!!!

 

 

i had installed an antivirus beside windows defender and found 

derris.dll

ntwsys.exe

twsys.exe

 

used www.id-ransomware.malwarehunterteam.com and it tells me is PCLock (Updated)

 

5 text files appeared on my drives and desktop 

Your files are locked !!!!!.txt

Your files are locked !!!!.txt

Your files are locked !!!.txt

Your files are locked !!.txt

Your files are locked !.txt

Cryptolocker.lnk - the shortcut on my desktop

wp.jpg

en_gfiles.txt

en_files.txt

 

the randsom emails are new Support e-mail: buruk01@india.com buruk02@india.com

 

in this moment i had installed an antivirsus and things get to normal

after this i had tried to tun decrypt_pclock2 and decrypt_pclock2 it say my pc is not infected but it can not decrypt my files

 

Please help me and i will provide more information,s. to be onnest i do not know what to do!!! how can i send you all the files 

 

Kind regards all!

 

PS WHAT NOT TO DO TO MAKE THINGS WORSE??


Edited by StoicaV, 27 March 2017 - 09:48 AM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:15 PM

Posted 27 March 2017 - 09:55 AM

ID Ransomware gave you a link to more information on this specific ransomware, which includes and article and support topic with other victims. It is not decryptable; the decrypters you tried were in vain, because they only work with the first few variants from years ago. They updated the code, and it is secure now.

 

http://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/

 

If you do not have backups, your only option is paying the ransom; this is not advised, as you are not guaranteed to get your files back.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 StoicaV

StoicaV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 27 March 2017 - 01:39 PM

This is not very encouraging things to read :( i thank you for the honesty but is a very hart breaking news 

as a question

1. someone still tries to decrypt the new versions ?

2. is there any way to know what type of encryption they use?

3. is there any way to do something?

4. what generation of PCLock i have ?

 

 

Your personal files encryption produced on this computer: photos, videos, documents, etc.

Encryption was produced using a unique public key RSA-2048 generated for this computer.
 
To decrypt files you need to obtain the private key.
 
If your time is up, or you or your antivirus deleted CryptoLocker from your computer,
and you do not see CryptoLocker window - the latest copy of the key remains our support.
 
To obtain the private key for this computer, you need pay 0.5 Bitcoin (~471 USD)
 
---------------------------------------------------------------------------------------------------
 
Your Bitcoin address:
 
14eL7W32piusXgLsxov383NWXM6ZupGrgn
 
You must send 0.5 Bitcoin to the specified address and report it to e-mail customer support.
 
In the letter title you must specify your Bitcoin address to which the payment was made.
 
Support e-mail: buruk01@india.com buruk02@india.com
 
Please do not contact customer support with the request to get the key for free.
Such messages will be marked as spam and decryption in the future will be impossible.
 
Thank you for understanding.
 
---------------------------------------------------------------------------------------------------
 
The most convenient tool for buying Bitcoins in our opinion is the site:
 
 
There you can buy Bitcoins in your country in any way you like, including electronic payment systems,
credit and debit cards, money orders, and others.
 
Instructions for purchasing Bitcoins on account localbitcoins.com read here:
 
 
Video tutorial detailing on buying Bitcoins using the site localbitcoins.com here:
 
 
Please check other ways to buy bitcoins:
 
 
 
Also you can use to buy Bitcoins these sites:
 
https://www.bitstamp.net/ - Big BTC exchanger
https://www.coinbase.com/ - Other big BTC exchanger
https://btcdirect.eu/ - Best for Europe
https://coincafe.com/ - Recommended for fast, many payment methods
https://bittylicious.com/ - Good service for Europe and World
 
---------------------------------------------------------------------------------------------------
 
Please do not try to decrypt the files by third-party decryptors, an error that allowed
to decrypt files for free, it has been found and corrected as early as one of the earliest versions.
Decrypt the files for free at the moment is impossible. Do not waste your time!
 
Attention!
 
After 168 hours, we reserve the right to increase the amount of the payment at its discretion.

 

Kind regards


Edited by StoicaV, 27 March 2017 - 01:42 PM.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:15 PM

Posted 27 March 2017 - 02:00 PM

The support topic explains everything. Please guide any further questions there, as this topic will likely be locked soon, instead of having information spread all over. Fabian Wosar wrote the decrypter for the first several variants, but the criminals updated their code and made it secure.

 

http://blog.emsisoft.com/2015/05/05/pclock-uses-malicious-plugin-to-turn-wordpress-blogs-into-command-and-control-servers/

 

https://www.bleepingcomputer.com/forums/t/561919/pclock-ransomware-support-and-help-topic

 

1. Can't be done.

2. The article linked gives you all the details of the encryption routine.

3. Pay, or restore from backups ("shame" if you do not have backups).

4. Doesn't matter, it's a secure variant either way.


Edited by Demonslay335, 27 March 2017 - 02:02 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 StoicaV

StoicaV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 27 March 2017 - 02:32 PM

Please do not take me wrong with my stupid questions :( 

sorry i put my hope in the future .... maybe maybe maybee the future will get my files back ( the hope goes last :D) 

 

1. i stil put my hope in the unknown, maybe in the future, an backdoor will be found for the virus 

2. as encryption ... i will read everything THANK YOU

3. as backups .... i have old hdd's and try to make deep scan's ( i do not know if will work, now i try to find from friends free HDD's)

4. again, to search in the future and to know exactly the issue of the virus, to keep reading the post

 

THANK YOU 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:15 PM

Posted 27 March 2017 - 05:23 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above PClock support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users