Estou neste momento em mais um computador infectado com um virus Cryptografico
Similar ao Cryptlocker e ao CTB Locker
Este renomeou a extensão de todos os ficheiros comuns (.xls, .doc, .jpg, .pdf ) para um sufixo .ecc
Aparentemente deve ter sido apanhado através do anexo de um email
Felizmente os PST´s do Outlook nao ficaram contaminados, nem a pasta de rede comum a vários utilizadores
Talvez não tenham ficado encriptados pois pedi para desligarem o pc mal me descreveram os sintomas com que estava
Neste momento estou no pc infectado, mas atraves de um BOOT CD do Hirens
O removedor do Decryptcryptolocker e do Mcafee não resultam nesta estirpe
Partilho alguns links actuais :
http://www.techreleased.com/blog/ctb-locker-a-new-spin-on-ransomware/
http://www.bleepingcomputer.com/forums/t/570101/encrypted-files-ecc-malware-removal-help-needed/
https://blogs.mcafee.com/mcafee-labs/teslacrypt-joins-ransomware-field
http://www.bleepingcomputer.com/forums/t/570101/encrypted-files-ecc-malware-removal-help-needed/
https://blogs.mcafee.com/mcafee-labs/teslacrypt-joins-ransomware-field
Em todas as pastas por onde passou deixou um TXT chamado HELP_RESTORE_FILES.txt com as instruções de como remover
All your documents, photos, databases and other important files have been encrypted
with strongest encryption RSA-2048 key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.
If you see the main encryptor red window, examine it and follow the instructions.
Otherwise, it seems that you or your antivirus deleted the encryptor program.
Now you have the last chance to decrypt your files.
Open
http://xxxxxxxxx.com or
http://xxxxxxxxxxxxxxxxx.com ,
https://xxxxxxxxxxx.tor-gateways.de/ in your browser.
They are public gates to the secret server.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
xxxxxxxxxxxxxxxxxxxxxxx
Follow the instructions on the server.
If you have problems with gates, use direct connection:
1. Download Tor Browser from
http://torproject.org
2. In the Tor Browser open the
http://xxxxxxxxxxxx.onion/
Note that this server is available via Tor Browser only.
Retry in 1 hour if site is not reachable.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Follow the instructions on the server.