Virus monitoring service of Doctor Web, Ltd. informs all users on new modification of Trojan. Encoder (see our first <"http://info.drweb.com/show/2747/en">news about it.) detected by Dr.Web Anti-virus as
Trojan.Encoder.6.
Several variants of this Trojan program are detected at present. Different from previous versions, the Trojan’s author uses much longer encryption keys of 260 bits, which makes the process of decoding much more difficult.
All versions of this Trojan program are distributed via e-mail as spam and a careless user may run the attachment and become a victim of the blackmailer - all document files of the invaded computer get encrypted. The user is offered to buy a decryptor; for this he should contact an unknown blackmailer via e-mail. After the Trojan has encrypted files, a readme.txt file of the following content appears in each folder:
Some files are coded by RSA method.
To buy decoder mail: k47674@mail.ru
with subject: REPLY
At present, virus analytics of Doctor Web, Ltd. have managed to find one of the keys used by the felon for crypting the documents of the victimized computer. The curing decoding utility is soon to be released.
Meanwhile, the preventive measures are recommended by Doctor Web, Ltd. to keep safe from viruses – both for those who has an anti-virus program installed and for those who do not have any:
Use only a legal anti-virus software – only in this case you will receive hot add-ons to virus database.
Keep abreast of updates.
Never open attachments arrived in suspicious e-mail messages or from unknown contacts
Do not work under administrator account if you do not have any anti-virus program installed
If you have a suspicion that your computer is infected, and you do not have any anti-virus installed, check your computer with FREE curing scanner - Dr.Web CureIt!. This utility will not only check the computer, but in most cases will cure remove the infection - not only viruses, but also spyware, adware, hacker tools and paid dialers.
