Solutions Buy Download Information Partners Support Forum About us «Doctor Web» company news (RSS channel)

Trojan.Encoder encrypts, Doctor Web decrypts

January 27, 2006

During last 24 hours several cases of a particular infection has been reported to Virus monitoring service of Doctor Web, Ltd. The files of these users turned to be encrypted by an unknown virus. Besides, all of them have found on their hard drives numerous readme.txt files where a blackmailer notified its victims about his contact details. 

"Some files are coded by RSA method.
To buy decoder mail: ********34@rambler.ru 
with subject:  RSA 5 68243170728578411"

Such systems are hit by a new Trojan Horse detected by Dr.Web Anti-virus engine as Trojan.Encoder (added to virus base on January 26, 2006). The Trojan comes to users computers via e-mail and sets the registry key 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
services = Filename.exe

The Troj activates itself using the vulnerability in the operating system. Having settled in the victimized computer, the program searches for files with the following extensions

"rtf" ,"txt" ,"pdf" ,"csv" ,"frm" ,"css" ,"xls" ,
"mdb" ,"dbf" ,"dbt" ,"db" ,"safe" ,"flb" ,"pst" ,"pwl" ,"pwa" ,"pak" ,"rar" ,
"zip" ,"arj" ,"gz" ,"tar" ,"sar" ,"htm" ,"html" ,"cgi" ,"pl" ,"kwm" ,"pwm" ,
"cdr" ,"dbx" ,"mmf" ,"tbb" ,"xml " ,"frt" ,"frx" ,"gtd" ,"rmr" ,"chm" ,"mo" ,
"man" ,"c" ,"cpp" ,"h" ,"pgp" ,"gzip" ,"lst" ,"pfx" ,"p12" ,"db1" ,"db2" ,
"cnt" ,"sig" ,"css" ,"arh" ,"pem" ,"key" ,"prf" ,"old" ,"rnd" ,"prx"
and encrypts them using RSA algorithm.

As the first incident was reported, the virus analysts of Doctor Web, Ltd. have promptly developed the decoder which fully restores the files damaged by the Troj. We offer all users who faced this invasion to contact Customer support service of Doctor Web, Ltd. and we will help you - free of charge!

Download free utility for decoding your corrupted files. The format of the command line when using this utility is the following:

te_decrypt.exe the_file_to_decrypt










     Other news





2008-09-05Doctor Web against extortion
2008-09-04One of the key players of Telecom market in Smolensk adopts Dr.Web AV-Desk
2008-09-02Subscribers of leading ISP in Belgorod shielded by Dr.Web AV-Desk
2008-09-01August virus activity review from Doctor Web
2008-08-28Intersvyaz starts public testing of the Dr.Web  anti-virus service
2008-08-25Leading Russian manufacturer of weapons chooses Dr.Web
2008-08-22Comprehensive protection from  Dr.Web for subscribers of Teleos-1
2008-08-19Improved version of GUI-scanner for Dr.Web for Windows released
2008-08-18Dr.Web for Windows standard of anti-virus protection for executive bodies of Permskiy Kray
2008-08-13Doctor Web has released a free decryption utility to counteract the new extortion Trojan.Encoder.19
2008-08-13Dr.Web AV-Desk anti-virus covering for subscribers of Bashinformsvyaz
2008-08-08Doctor Web: statement on  Virus Bulletin comparative reviews
2008-08-08Telnet secures its subscribers with Dr.Web anti-virus
2008-08-05July 2008 virus activity review by Doctor Web
2008-08-01Dr.Web AV-Desk now in Ulyanovsk region
2008-07-31Dr.Web AV-Desk deployment summary  by Eltel
2008-07-31Dr.Web AV-Desk moves on in Moscow region
2008-07-24Three regions of Moscow protected by Dr.Web AV-Desk
2008-07-23Doctor Web releases new LinkChecker for Mozilla Firefox
2008-07-22Dr.Web AV-Desk chosen by ISP "Hazynet" in Krasnoyarsk
2008-07-18Doctor Web, Ltd. releases Active Directory installer for Dr.Web Enterprise Suite 4.44.3 
2008-07-16Dr.Web anti-virus now accessible to subscribers of Infocentre
2008-07-16Doctor Web launches the beta-testing of Dr.Web for MIMEsweeper
2008-07-15Anti-virus protection is delivered to subscribers of Lintecs by Dr.Web AV-Desk
2008-07-15”Nauka-Sviaz” deployed Dr.Web AV-Desk
2008-07-15Dr.Web AV-Desk adopted by three ISPs in Krasnoyarsk
2008-07-15Dr.Web will protect Internet users of GlavSET
2008-07-14Dr.Web anti-virus is the new service for subscribers of SZT
2008-07-14Dr.Web AV-Desk deployed by MajaNet in Estonia
2008-07-12Dr.Web AV-Desk will secure networks of Maginfo
2008-07-11Corrected verson of Dr.Web SpIDer Guard 4.44 released
2008-07-11Dr.Web for IBM Lotus Domino validated by IBM
   Information



   My five cents
 
What is the screen size of your monitor?

12''
14''
15''
17''
19''
more than 19''
other


Doctor Web, Ltd. © 2008 Doctor Web, Ltd. - a Russian company developing and distributing Dr.Web® Anti-virus solutions.
Our customers can be found among home users from all regions of the world and in large enterprises, small companies and nationwide corporations. We thank all of them for support and long-term devotion to our product. State certificates and awards received by the Dr.Web Anti-virus, as well as the geography of our users are the best evidence of exceptional trust to the products created by the talented Russian programmers.