Press Release Summary = Virus monitoring service of Doctor Web, Ltd. informs all users on new modification of Trojan. Encoder detected by Dr.Web Anti-virus as Trojan.Encoder.6.
Press Release Body = Virus monitoring service of Doctor Web, Ltd. informs all users on new modification of Trojan. Encoder detected by Dr.Web Anti-virus as Trojan.Encoder.6. Several variants of this Trojan program are detected at present. Different from previous versions, the Trojan's author uses much longer encryption keys of 260 bits, which makes the process of decoding much more difficult. All versions of this Trojan program are distributed via e-mail as spam and a careless user may run the attachment and become a victim of the blackmailer - all document files of the invaded computer get encrypted. The user is offered to buy a decryptor; for this he should contact an unknown blackmailer via e-mail. After the Trojan has encrypted files, a readme.txt file of the following content appears in each folder:
Some files are coded by RSA method. To buy decoder mail: k47674@mail.ru with subject: REPLY
At present, virus analytics of Doctor Web, Ltd. have managed to find one of the keys used by the felon for crypting the documents of the victimized computer. The curing decoding utility is soon to be released. The utility can be downloaded from www.drweb.com and should be used as following: 1.Call command line (press \"Start\" - Run - cmd) 2.Go to the directory with files to be decrypted 3.Place the decoding utility rsad.exe to the same directory 4. Run the command line instruction rsad.exe [name _ of _ decryption _ file] [Enter] If the files were encrypted with the supported key variant, they will be decrypted and the file with the .decrypted extensions will appear. Virus analysts work hard to find other two keys and soon new hot add-on to Dr.Web virus base will be released. Doctor Web, Ltd. informs all users to be very cautious with mail messages incoming from unknown addressees. Meanwhile, the preventive measures are recommended by Doctor Web, Ltd. to keep safe from viruses - both for those who has an anti-virus program installed and for those who do not have any: . Use only a legal anti-virus software - only in this case you will receive hot add-ons to virus database. . Keep abreast of updates. . Never open attachments arrived in suspicious e-mail messages or from unknown contacts . Do not work under administrator account if you do not have any anti-virus program installed . If you have a suspicion that your computer is infected, and you do not have any anti-virus installed, check your computer with FREE curing scanner - Dr.Web CureIt!. This utility will not only check the computer, but in most cases will cure remove the infection - not only viruses, but also spyware, adware, hacker tools and paid dialers.
2012
