Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.

Ransomware "Rootkit.win32.equation drug.a"

Recommended Posts


my server has been hit by ransomware ,encrypting all files with   Rootkits.win32.equation drug.a,   mem.trojan.win32.cometer.gen 

it alts that should send an email to : workup@india.com

All files are now java ,Does kaspersky has any decryptor for this virus ....?

please help 

Share this post

Link to post

Prevention: Do not open attachments in phishing emails. Change RDP passwords to strong passwords. Beware of fake utilities and fake program updates. Do not click on malicious Flash content.
Keep all applications and operating system up to date. 

Restore: from backups or Shadow volume copies and/or Previous Versions.

Decryption: There is a possibility that Tech Support can decrypt your files.  

You can write a letter to Tech Support: https://my.kaspersky.com/

Problem description: Drop down and select: Malware infection. Encrypted files. 

Note: Need a commercial license for Kaspersky Anti Virus.

Also, please attach small encrypted/original file here, in archive. The file must be the same. Or upload small encrypted/original file to sendspace.com, and then post the download link. 

Disinfection: Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the fifth (5th) Important topic. 
There, you will find instructions for GSI and AVZ logs.

Please see the small print that is located at the bottom of this message. 

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now