Đăng Nhập
Tìm kiếm
Top posting users this month
No user |
Thống Kê
Hiện có 3 người đang truy cập Diễn Đàn, gồm: 0 Thành viên, 0 Thành viên ẩn danh và 3 Khách viếng thăm Không
Số người truy cập cùng lúc nhiều nhất là 58 người, vào ngày Wed Aug 02, 2017 7:50 pm
How to confront malware of the family Trojan-Ransom.Win32.Xorist?(1.4.4)
SeHTF :: Câu lạc bộ An ninh mạng for Security 2TVN :: Góc nhìn hệ thống by Security 2TVN :: An ninh máy tính by Security 2TVN :: Thông tin cập nhật Top Virus by Security 2TVN
Trang 1 trong tổng số 1 trang
11082010
How to confront malware of the family Trojan-Ransom.Win32.Xorist?(1.4.4)
How to confront malware of the family Trojan-Ransom.Win32.Xorist? |
In
this section you will find recommendations how to fight malicious
programs which cannot be disinfected by Kaspersky Lab's products. In
order to disinfect/remove malicious programs you may have to modify the
system registry or use an additional utility. If you failed to find the
necessary information or you find these recommendations too complicated
or inadequate, please send a request to the Technical Support service
via the [You must be registered and logged in to see this link.].
How to confront malware of the family Trojan-Ransom.Win32.Xorist? | ||||
ID Article: 2911 | Other languages: [You must be registered and logged in to see this link.] | 258 | 2010 Jul 27 10:00 | [You must be registered and logged in to see this link.] |
Malware of the family Trojan-Ransom.Win32.Xorist is
designed for unauthorized modification of data on a victim computer. It
makes computers uncontrollable or blocks its normal performance. After
taking the data as a “hostage” (blocking it), a ransom is demanded from
the user.
The victim is supposed to deliver the ransom to the pirate, who is
promising to send in return a program which would release the data or
restore normal performance of the computer.
There is a utility to confront malware of the family Trojan-Ransom.Win32.Xorist - XoristDecryptor.exe.
Disinfection of an infected system
- Download the archive [You must be registered and logged in to see this link.].
Extract its contents using an archiver program, WinZip for example. - Execute the file XoristDecryptor.exe.
If you run the utility without any switches, it searches for the key
used to encrypt the data. As soon as the key is found, it is used to
decrypt all files.
Additional command line switches:
-l - log file name.Signs of infection
-y – close the window after the utility work is over.
- The user is displayed with messages demanding to send an SMS to
decrypt the files. The text is in Cyrillic, so it possible that you
will see some hieroglyphic symbols instead. - Another sign is presence of a file named “Прочти Меня - как расшифровать файлы” on disk C.
- There is a file in the folder Windows named CryptLogFile.txt.
The trojan program encrypts all files with the following extensions:
doc,
xls, docx, xlsx, db, mp3, waw, jpg, jpeg, txt, rtf, pdf, rar, zip, psd,
msi, tif, wma, lnk, gif, bmp, ppt, pptx, docm, xlsm, pps, ppsx, ppd,
tiff, eps, png, ace, djvu, xml, cdr, max, wmv, avi, wav, mp4, pdd,
html, css, php, aac, ac3, amf, amr, mid, midi, mmf, mod, mp1, mpa,
mpga, mpu, nrt, oga, ogg, pbf, ra, ram, raw, saf, val, wave, wow, wpk,
3g2, 3gp, 3gp2, 3mm, amx, avs, bik, bin, dir, divx, dvx, evo, flv, qtq,
tch, rts, rum, rv, scn, srt, stx, svi, swf, trp, vdo, wm, wmd, wmmp,
wmx, wvx, xvid, 3d, 3d4, 3df8, pbs, adi, ais, amu, arr, bmc, bmf, cag,
cam, dng, ink, jif, jiff, jpc, jpf, jpw, mag, mic, mip, msp, nav, ncd,
odc, odi, opf, qif, qtiq, srf, xwd, abw, act, adt, aim, ans, asc, ase,
bdp, bdr, bib, boc, crd, diz, dot, dotm, dotx, dvi, dxe, mlx, err, euc,
faq, fdr, fds, gthr, idx, kwd, lp2, ltr, man, mbox, msg, nfo, now, odm,
oft, pwi, rng, rtx, run, ssa, text, unx, wbk, wsh, 7z, arc, ari, arj,
car, cbr, cbz, gz, gzig, jgz, pak, pcv, puz, r00, r01, r02, r03, rev,
sdn, sen, sfs, sfx, sh, shar, shr, sqx, tbz2, tg, tlz, vsi, wad, war,
xpi, z02, z04, zap, zipx, zoo, ipa, isu, jar, js, udf, adr, ap, aro,
asa, ascx, ashx, asmx, asp, aspx, asr, atom, bml, cer, cms, crt, dap,
htm, moz, svr, url, wdgt, abk, bic, big, blp, bsp, cgf, chk, col, cty,
dem, elf, ff, gam, grf, h3m, h4r, iwd, ldb, lgp, lvl, map, md3, mdl,
mm6, mm7, mm8, nds, pbp, ppf, pwf, pxp, sad, sav, scm, scx, sdt, spr,
sud, uax, umx, unr, uop, usa, usx, ut2, ut3, utc, utx, uvx, uxx, vmf,
vtf, w3g, w3x, wtd, wtf, ccd, cd, cso, disk, dmg, dvd, fcd, flp, img,
iso, isz, md0, md1, md2, mdf, mds, nrg, nri, vcd, vhd, snp, bkf, ade,
adpb, dic, cch, ctt, dal, ddc, ddcx, dex, dif, dii, itdb, itl, kmz,
lcd, lcf, mbx, mdn, odf, odp, ods, pab, pkb, pkh, pot, potx, pptm, psa,
qdf, qel, rgn, rrt, rsw, rte, sdb, sdc, sds, sql, stt, t01, t03, t05,
tcx, thmx, txd, txf, upoi, vmt, wks, wmdb, xl, xlc, xlr, xlsb, xltx,
ltm, xlwx, mcd, cap, cc, cod, cp, cpp, cs, csi, dcp, dcu, dev, dob,
dox, dpk, dpl, dpr, dsk, dsp, eql, ex, f90, fla, for, fpp, jav, java,
lbi, owl, pl, plc, pli, pm, res, rnc, rsrc, so, swd, tpu, tpx, tu, tur,
vc, yab, 8ba, 8bc, 8be, 8bf, 8bi8, bi8, 8bl, 8bs, 8bx, 8by, 8li, aip,
amxx, ape, api, mxp, oxt, qpx, qtr, xla, xlam, xll, xlv, xpt, cfg, cwf,
dbb, slt, bp2, bp3, bpl, clr, dbx, jc, potm, ppsm, prc, prt, shw, std,
ver, wpl, xlm, yps, md3.
Admin- Chủ Tịch Se S2T
- Con Giáp :
Tuổi giáp Trung Hoa :
Tổng số bài gửi : 1481
Điểm Se S2T : 88055
Sinh Nhật : 03/11/1990
Tham gia ngày : 27/08/2009
Tuổi : 33
Đến từ : Äồng Há»›i City
Sở thích : Máy tÃnh, Soft, AV....
Tính hài hước : Bình thÆ°á»ng
Huy chương
Sức mạnh:
(100/100)
Điểm SeS2T:
(50/50)
Permissions in this forum:
Bạn không có quyền trả lời bài viết