ok got a test machine here and infected it with the virus
got rid of the virus no problem but the folders are encrypted
encryption keys use a random key per a file and then it encrypt the data again.
once it does this the information is then sent to a remote server with the unlock key
when someone pays them they remote unlock and the server unlocks your files.
it looks like there might be a cure after all
http://majorgeeks.com/Dr._Web_Trojan.En ... d7716.htmlYou must run it with "-k 85" as a parameter (without the quotes).
Example:
Put te94decrypt.exe in C:\
From run (windows+R) type and hit enter:
C:\te94decrypt.exe -k 85
If te94decrypt with key 85 (-k 85) does not work, I suggest sending a couple of the encrypted files to
https://vms.drweb.com/sendvirus/also try this
To decrypt it is very simple
Just download
ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exeThen, you need to put your files in a directory created in drive C:\ with the name _Directory (This is just to be faster the decryption)
After, you run cmd and go to the directory where is te94decrypt
Now, you run this program with the parameters -k 85
If it doesn't work, run with another parameter (try -k 87 or -k 88 or -k 90) (one at a time)
application from the command promt with parameter - k 186
that would be:
te94decrypt -k 196
http://www.drweb.com