File extension changed
January 30th, 2015, 14:17
Hello ,
All excel/word/zip/pdf are changed as following
Doc1.DOCX.tvmpzfh
Eng..PDF.tvmpzfh
Expenses.XLSX.tvmpzfh
i tried changing extension but no use .File size seems ok like 1.2 MB .
Is this cryptowall virus? i tried uploading file to https://www.decryptcryptolocker.com/ but saying no encrypted file.
In pc3000 raw recovery dont show these files.
Any one faced similar issue or any solution
Thanks in advance
All excel/word/zip/pdf are changed as following
Doc1.DOCX.tvmpzfh
Eng..PDF.tvmpzfh
Expenses.XLSX.tvmpzfh
i tried changing extension but no use .File size seems ok like 1.2 MB .
Is this cryptowall virus? i tried uploading file to https://www.decryptcryptolocker.com/ but saying no encrypted file.
In pc3000 raw recovery dont show these files.
Any one faced similar issue or any solution
Thanks in advance
- Attachments
-
- Eng..PDF.zip
- (2.34 MiB) Downloaded 493 times
Re: File extension changed
January 30th, 2015, 15:05
Information on malware known as Ransomware:
http://www.sophos.com/en-us/support/kno ... 19006.aspx
5 stages of crypto-ransomware staying safe:
http://www.sophos.com/en-us/medialibrar ... 000KbqSAAS
http://www.sophos.com/en-us/support/kno ... 19006.aspx
5 stages of crypto-ransomware staying safe:
http://www.sophos.com/en-us/medialibrar ... 000KbqSAAS
Re: File extension changed
January 30th, 2015, 17:25
Had a client with similar issue, theirs was something like .mtvoish
Client was a dealer who eradicated the malware without noting what it was exactly. They said it was "crypto something or other" ... Helpful!
Client was a dealer who eradicated the malware without noting what it was exactly. They said it was "crypto something or other" ... Helpful!
Re: File extension changed
February 2nd, 2015, 12:44
Observed 2-3 more cases with same issue.
Virus get removed but Asking 500 or 1000usd to decrypt and asking deposit amount in given bank details which account is unknown .
Virus get removed but Asking 500 or 1000usd to decrypt and asking deposit amount in given bank details which account is unknown .
Re: File extension changed
February 2nd, 2015, 15:52
I'm assuming that you are victim of ransomware called CTB-Locker. For now is no other way than brute force or pay the ransom.
Re: File extension changed
February 3rd, 2015, 4:05
Read this, it's a very helpful guide http://www.bleepingcomputer.com/virus-r ... nformation
and you can decrypt your files using https://www.decryptcryptolocker.com/
and you can decrypt your files using https://www.decryptcryptolocker.com/
Re: File extension changed
February 3rd, 2015, 4:26
sosrecup wrote:and you can decrypt your files using https://www.decryptcryptolocker.com/
This is wrong, of course.
Re: File extension changed
February 3rd, 2015, 6:38
Read this, it's a very helpful guide http://www.bleepingcomputer.com/virus-r ... nformation
and you can decrypt your files using https://www.decryptcryptolocker.com/
Saying sample file is not encrypted..........................................
and you can decrypt your files using https://www.decryptcryptolocker.com/
Saying sample file is not encrypted..........................................
Re: File extension changed
February 11th, 2015, 11:08
So right now there's only cryptolocker and CTB?
Re: File extension changed
February 11th, 2015, 11:24
And CryptoWall 2.0/3.0
Re: File extension changed
February 11th, 2015, 17:01
LoboX wrote:So right now there's only cryptolocker and CTB?
I think this is only matter of time when other new modification will appear. And I think this will be when CTB-Locker will be busted.
Powered by phpBB © phpBB Group.