X

Kaspersky Lab has detected the latest version of Gpcode, a virus which encrypts user data and demands payment for the decryption routine.

Virus.Win32.Gpcode.ai, which was detected last week, uses a complex encryption algorithm to encrypt user files and archives, making it impossible to open them. It will then drop a file titled “read_me.txt” to the victim’s machine, which contains the following text:

Hello, your files are encrypted with RSA-4096 algorithm(http://en.wikipedia.org/wiki/RSA). You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300. To buy our software please contact us at: xxxxxxx@xxxxx.com and provide us your personal code – xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system. If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data.

Glamorous team

The virus also creates a hidden folder called “wsnpoem” in the Windows system directory, which contains two empty files: “video.dll” and “audio.dll”. In order to remove this malicious virus, users must:

1. Modify the system registry key value by adding any symbol to the end of the name of the malicious module.

For example: [HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon] “UserInit” = “%System%userinit.exe, %System%ntos.exe_”

2. Reboot the computer.
3. Manually delete the files listed below from the Windows system directory: ntos.exe
4. If the malicious program has encrypted files on your machine, you can use Kaspersky Lab’s free utility to decrypt them.
5. And finally, update your antivirus databases and perform a full scan of the computer.

If your files have been encrypted by Gpcode, Kaspersky Lab strongly recommends that you should not pay money to the creators of this virus, as this will encourage further crime. Antivirus solutions are able to deal with the issue and restore encrypted data to its original form.

Visit the Viruslist website to get a full description of the Gpcode Virus.

05 Channel New Banner T30S COMBO 728x90 Gpcode Virus Returns
QUEEN 728x90 Gpcode Virus Returns
ARLO MG3 2024 Banner 728x90px Gpcode Virus Returns
728x90 Gpcode Virus Returns
Flick of a switch 728x90 1 Gpcode Virus Returns
Whatmough 728x90 Gpcode Virus Returns
Leaderboard 728x90 1 Gpcode Virus Returns
hitachi banner 728x90 Gpcode Virus Returns
Litheaudio 728x90 Gpcode Virus Returns
BlueAnt 4SQM X5iPartySpeaker 728x90px Gpcode Virus Returns
240215 SAV R Volution CNewsFeb Leaderboard 1 Gpcode Virus Returns
BEL2385 4SQ Dock Banners 4SQ 728x90 Gpcode Virus Returns
728X90 Gpcode Virus Returns
728x90 Gpcode Virus Returns
Haier 728x90 1 Gpcode Virus Returns
728x90 Gpcode Virus Returns
Martin Logan 728 x 90 Gpcode Virus Returns
PAN0029 Digital Banners Curry Leaderboard 728x90 02 Gpcode Virus Returns
iP16 4SQRmedia 970 x 90 px 03 Gpcode Virus Returns
Middleton 728x90px Product Gpcode Virus Returns
4SquareMedia 728x90 scaled Gpcode Virus Returns
728x90 Iconic Gpcode Virus Returns


YOU MAY ALSO LIKE