I restarted my computer today and when I looked on my desktop and my computer folders I had a readme.txt file that contained the following message:
Hello, your files are encrypted with RSA-4096 algorithm
(http://en.wikipedia.org/w
You will need at least few years to decrypt these files without our
software. All your private information for last 3 months were
collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: tristanniglam@gmail.com and provide us
your personal code 1333554546. After successful purchase we will send
your decrypting tool, and your private information will be deleted
from our system.
If you will not contact us until 07/15/2007 your private information
will be shared and you will lost all your data.
Glamorous team
I CANT access any files on my computer now. HELPPPP!!!!!!!!!!!!!!!!!!!
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
One possible, preferably using safe boot diskette
a) In task manager perform wipe
b) For start tasks perfom wipe,
c) More likely, at boot time, you may be able to get a go-back undo by selecting to boot ot the last known good configuration
(press <f8> when booting windoze)
Alternatively, boot the 'valid' CD install disk for OS, and proceed to clean state. If your system is illegal, ask god to help you
I head about those "all your files are encrypted stuff" emails.
For $300 you even buy support from them, really...
---
Ok placing a readme on your computer means "someone" was there and did something to your computer.
So there might be malware on your computer, that has to be removed.
Ok apart from that you have to save all your data, as you suggests to a second harddisk. I suggest you take that disk into another computer and copy all files to a safe place. I would not try any further boot attempts.
Then you have to check if there are really files encrypted. If yes you have to value their content and decide. Pay or not pay. Of couse you still should inform the police. But I doubt they can arrest a guy anywhere in the world without strong proof, and even then...
Keep us updated.
To check your computer I suggest you try www.superantispyware.com the free version can scan and clean your computer from malware.
Tolomir
Ok this look promissing:
http://www.o2security.com/
Detection and decryption routines have been added to the Kaspersky Anti-Virus databases. If your files remain encrypted after running a full scan of your computer with updated antivirus databases, please send your files to the Virus Lab at newvirus@kaspersky.com.
Seems like your have a virus on your computer, possibly not that mentioned here, but still there might be a chance to get your files back.
Tolomir
http://www.viruslist.com/e
Removal instructions
1. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
2. If your files remain encrypted after scanning with Kaspersky Anti-Virus, please send a sample file to our Virus Lab (newvirus@kaspersky.com).
"I copy all of my files to a second physical drive and those appear to be unaffected"
That is excellent. Since you seem have a good backup, you can just go ahead and reinstall Windows from the original XP install CD. You can delete and recreate the partition at the early stage of the install, which will get rid of any malware as well. But make sure you have a good backup first, because the reinstall will wipe out your hard drive. You will also need to reinstall all programs, and your own data files and documents.
I'll give the Kaspersky virus program a chance to see if it works tonight. I'm probably going to just wipe the machine since it has been compromised and I have no way of knowing if this person/virus can access my machine again. I just want to be able to recover a few files that are new or changed since the last time I backed up.
What I am really worried about is if they were able to get any files off of my machine? I didn't have many, but did have a few sensitive files. How much do you think that this just a scam to try and make a quick buck as opposed to really what they say it is?
Well sure thing, all it takes is e.g. a remote ftp server to upload some files.
Anything less 1 MB might be interesting.
Don't panic I just want to point out that file uploads is no big deal. Btw. how fast is your Internet connection? This might give you/us some ideas if / how much might be uploaded...
As Tolomir said, it is nearly impossible to know what might have been transferred. As a guess, without knowing anything about the details, I would think that these are random attempts at getting people to pay up, and follow up action is unlikely. You should consider reporting this to local law enforcement, don't erase the affected disk in that case.
Here are a couple of related links:
http://www.techworld.com/s
http://www.physicsforums.c
http://www.cbsnews.com/sto
I have a very fast IC. Brighthouse just upped us to 2 Mbps upload a few weeks back. I average around 1.9 mpbs. My PC is always on too so someone could uploaded tons during the day when I was at work and I'da never noticed. I can't think of any questionable website I went to so I believe this virus was downloaded via limewire. In that case I don't plan to notify the authorities because I dont want to get in trouble for the "questionable" file sharing I was doing when I got the virus. I need my PC back to normal anyhow so I'm going to wipe it if I can't get this virus scan to work.
Sorry to hear that. Yes Limewire is the probable culprit here. In some discussions of this problem (see first link I posted above e.g.) there is mention that the encryption might be "simple". Not sure if that is the case here, but if your files are/were important enough you may want to save an image of the disk for possible later recovery. Otherwise a reformat and reinstall plus a better backup plan for the future seems to be the way to go. Good luck.
There is already a fix to this trojan..
Just run this http://www.prevxresearch.c
People.... stop trying to answer posts if you don't know how to fix it. Trying to decrypt these files manually or whatever these posts say is ridiculous. Just fix the problem, if you don't know how, don't try to answer the question.
Interesting. Hope DebbieFost saved the original disk. It may be worth trying this. It seems legit. See http://www.prevx.com/blog.
Here is a link with a better description:
http://www.prevxresearch.c
Would be good to know if it works in this case.
Thank you HypercubeTechfor (r-k) that link.
@ DebbieFost: Please change all (important) passwords for your online accounts, these were compromised - left alone your personal files.
· Encrypts data on hard disk to blackmail,
· Steal browser session user credentials, <---
· Open backdoor and socks server.
Tolomir
Business Accounts
Answer for Membership
by: SunBowPosted on 2007-07-10 at 20:05:01ID: 19459628
Is this a joke?
I thought that those perpetrating that trick were all disabled and locked up years ago.
> The price is $300.
If you worry too much the you should pay, having law enforcement as you chosen method of delivery.
> I had a readme.txt file that contained the following message:
Hello, your files are encrypted
Do you believe everything that you read? Some of these are close to jokes, or pranks, actually doing little but acting a guise for a quick collect or prank.
Hmmm, in order to transmit all privat personal data, which you really won't have, they needed to hog a lot of network bandwidth. You would have noticed.
Likewise, to encrypt your drive they'd have had to tie your system up and you'd have been first complaing here about your drive.
My guess is that their exploit was done on the cheap and is easily undone by someone you may know who is more versed in computer tech.
We all should be now reminded of word we keep forgetting - "backup"
Reformat your hard drive, restore from backup and the perp is gone. However, that does not mean that they cannot return. What is it you did to enable their intrudion? How can you convince yourself that you will not let them repeat, or someone like them? They could not have done this without you.
> All your private information for last 3 months were
collected and sent to us.
yeah?
Like what?
My 500 lovers?
My 600 bank accounts?
My maiden name(s)?
That is a bit generic, if they collected everything, what would they do with it.
Treat like blackmailer who would never stop asking for payment.
Report them to authorites, who may already be collecting complaints.
> CANT access any files on my computer now. HELPPPP!!!!!!!!!!!!!!!!!!!
Prove it.