Hi, i recently got this popup on my computer
Some files on your machine are encrypted and your private informations were collected and sent to us.
To decrypt files so you could use them again, you have to buy our decryptor.
After you buy decryptor, your files will be decrypted, and we will destroy your private informations from our system, and help you remove malicious software from your system.
To buy decryptor, contact us at: [email protected] or [email protected]
If you dont contact us, your private informations will be shared and you will loose all your data.
Now i can't open any files whatsoever, music, pictures, ms word, ms powerpoint etc. Anyone else got this problem and know how to solve it?
To your question, it will be very difficult to decrypt the files the malware encrypted (unless it's using the same encryption key and someone managed to discover it) and I suggest that you remove the HDD from your system, plug it into another as an external HDD (make sure AutoRun is disabled) and pray that file recovery can save the remaining important documents on your HDD. I'm not too sure whether MBAM helps here since this malware is quite new, but you can give it a try.
This shit is recognized by ESET (creators of NOD32) as a ransom trojan - which means, like a kidnapper, it kidnaps your important files, put a password on it, and then demands $$$ from you in order for you to unlock the files. Those interested can learn more about its behaviour here:
http://www.eset.eu/encyclopaedia/bogoj_b_trojan_ransom_vb_a_randsom_a_ransom_trojan?lng=en
Please note that this malware can spread via thumbdrives, so my advice to you is avoid plugging yours into other computers unless AutoRun is disabled.
It seems like the economy crisis is so bad, people have to resort to doing such stupid shit to get $$$. After some Googling, I realized that most victims are Singaporeans. So I suppose the asshole who wrote this malware must be one too.
http://www.google.com/search?q=Brandos87
And hey, Chris, you're not alone. Someone's got a worse shit than you:
http://zyclone.wordpress.com/2009/02/16/bloody-idiot-seriously-i-hope-you-die/
Oh yes, one useful note here, since
Quote: "The worm deletes the original file. It avoids files which contain any of the following strings in their path:
"
If you have any important documents to handle right at the moment, place it in the Program Files folder for safekeeping to avoid encryption by the malware. And I'll would suggest you do a re-format asap.
thanks, happens that blog you gave me was someone from my school as well. I think i could have gotten the trojen through the school software
Originally posted by Chris88110:thanks, happens that blog you gave me was someone from my school as well. I think i could have gotten the trojen through the school software
Wow, what a small world indeed. It's likely that you had plugged your thumbdrive into one of the infected systems in your school computer lab and then brought the trojan home.