Hi
I received today a 80gb ntfs hard disk with all files and folders names untoutched, except that all of them have now 476 bytes in size, and the following string:
"Virus MlourdesHReloaded II ha atakdo esta computadora"
"Virus 100% Méxicano, no es muy peligroso que digamos"
"Pero tu has sido el rival más débil ¡Adios!"
"Saludos a Ana Paty de Sinaloa y a Gedzac Labs"
"Espero y se hallan pasado una feliz Navidad y un próspero año nuevo"
"Feliz 2004 para todos"
"Para mayor información enviar un e-mail a
tips@esmas.com"
"donde hablamos de computación en tu idioma"
""
"*-Dime solo esta vez, que has pensado... solo esta vez -*"
I've checked and only pc-cilin makes reference to it as PE_WINDANG.B
In the link:
http://uk.trendmicro-europe.com/enterpr ... B#Solution
It is said that this virus will overwrite all files on the volume.
I found no way to restore my client data. I've tried the "standard" ways: Easy recovery, Getdataback, Media Tools, FinalData, Winhex raw Recovery"
Only Finaldata was capable of after 8 hours of cluster scan, retrieve some documents .DOC and .JPG. The client was an architect and had a lot of .3DS and .DWG files.
Also google searches return no more than a few links
Anyone have experience with this malware? Any chances of retrieving the data back?
Thanks to all of you,
-BR-