Jump to content
Sign in to follow this  
IgorO

Our office was attacked by new version of Gpcode

Recommended Posts

Hi!

Office was attacked by some strange version of Gpcode. Left messages like:

 

Some files are coded by RSA method.

To buy decoder mail: psc3423@yandex.ru

with subject: RSA 5 68250472552179479

 

Corporate policy is to use other brand antivirus :-(

Tryed trial version of Personal Pro 5.0.390 with latest bases (27.01.2006) on my computer. It have not found any viruses (actually virus was supposed to remove itself after damagin files) and have not detected any problems with "coded" file.

 

So, couple of questions:

Is trial version supposed to detect damaged files? (description of Gpcode.f says that latest version should be able to repair coded files).

Is this a known version of virus and is there a way to repair files?

 

Can send example of damaged file.

 

Thanks!

Share this post


Link to post
Hi!

Office was attacked by some strange version of Gpcode. Left messages like:

 

Some files are coded by RSA method.

To buy decoder mail: psc3423@yandex.ru             

with subject:  RSA 5 68250472552179479

 

Corporate policy is to use other brand antivirus :-(

Tryed trial version of Personal Pro 5.0.390 with latest bases (27.01.2006) on my computer. It have not found any viruses (actually virus was supposed to remove itself after damagin files) and have not detected any problems with "coded" file.

 

So, couple of questions:

Is trial version supposed to detect damaged files? (description of Gpcode.f says that latest version should be able to repair coded files).

Is this a known version of virus and is there a way to repair files?

 

Can send example of damaged file.

 

Thanks!

 

kaspersky has already added signatures to detect the virus itself, however by this virus they have added in the past also the repair support for the encrypted files, as you said above. i believe they will do it also for this version, but you have to understand that this things are not simple since they have to crack the crypt engine.

 

and i am afraid that this version uses a bit more advance crypt engine the the old versions... from the virus info it says that you should write an mail with an subject "RSA 5 68250472552179479", it is most possible that this number is sort of generic password, so that files on every computer are encrypted in a different way! if this is true then the problem to repair the files is even bigger, but i still have trust in KL that they will be able to do it but SAVE THAT TXT FILE FROM THE VIRUS WITH ITS MESSAGE, maybe you will have to supply that code to kav for it to successfully repair your files.

 

and yes, the rial should be able to detect and repair the encrypted files, the problem is only that you are probably infected with the new version Virus.Win32.GPCode.ac that was just detected before a day or two... some info about it:

 

http://www.viruslist.com/en/weblog?weblogid=178562135

http://www.viruslist.com/en/alerts?alertid=178610106

http://forum.kaspersky.com/index.php?showtopic=1835&st=0 (russian)

Share this post


Link to post
it is most possible that this number is sort of generic password, so that files on every computer are encrypted in a different way! if this is true then the problem to repair the files is even bigger, but i still have trust in KL that they will be able to do it but SAVE THAT TXT FILE FROM THE VIRUS WITH ITS MESSAGE, maybe you will have to supply that code to kav for it to successfully repair your files.

 

BTW, checked "coded" file. It starts with the same number as in readme. So this looks like it could be the key iself.

Share this post


Link to post

well i dont know how kaspersky is going on with adding this decrypt support for this latest version of this malware, but drweb seems to have a free tool that might be able to help you http://info.drweb.com/show/2747

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.