12 replies to this topic

[+Daedroth]

It appears this nasty piece of work is picking up steam, and could be especially nasty for unsuspecting users.

Hiding or locking all your files doesn't appear to be enough for some trojans. Encoder encrypts all your files and tries to force you into buying an 'unlock' code.

Here are links for more information and advice:

http://news.drweb.co...&c=5&lng=en&p=0

http://news.drweb.co...&c=5&lng=en&p=0

https://community.mc...tart=0&tstart=0

[butilikethecookie]

That's crazy! They need to be shut down!

[Hum]

Probably written by Norton employees.

[HighwayGlider]

Hum, on 03 May 2012 - 14:06, said:

Probably written by Norton employees.

LOL man, you're nasty.

[Charisma]

Is this for real? O_O

[ThePitt]

Hum, on 03 May 2012 - 14:06, said:

Probably written by Norton employees.

wouldnt surprise me...

EDIT
just in case here is the decrypter:

ftp://ftp.drweb.com/...snu1decrypt.exe

[Dot Matrix]

Ok, so the image shows Windows Xp... What about Windows Vista, Windows 7, or Windows 8?

[Marshall]

Dot Matrix, on 03 May 2012 - 14:19, said:

Ok, so the image shows Windows Xp... What about Windows Vista, Windows 7, or Windows 8?

A quick google and it shows this affects Vista & 7 as well, not sure about 8.

[Detection]

The first article suggests:

"Never attempt to solve the problem by reinstallling the operating system."

Why ? If I couldn't decrypt them, that's the first thing I would do. Maybe this is aimed at people who are bothered about recovering their files ?

[+littleneutrino]

makes you wonder how stupid these virus makers are. if you have to pay them then there is a money trail.

[Miuku.]

littleneutrino, on 03 May 2012 - 14:43, said:

makes you wonder how stupid these virus makers are. if you have to pay them then there is a money trail.

Fake accounts, hijacked accounts, countries where the legality of writing software such as this is not against the law and then some people are just so desperate that they will pay and not report it to anyone else.

[Max Norris]

littleneutrino, on 03 May 2012 - 14:43, said:

makes you wonder how stupid these virus makers are. if you have to pay them then there is a money trail.

It's the usual motive for malware nowadays.. money. Stealing credentials, hijacking accounts, advertisement displays, ransomware, etc etc. Don't usually see the old "I'll nuke your bootloader just because" types of malware much anymore. Agreed with MiukuMac above too; it can be traced, but depending on where it's at, it may be near impossible to punish.

[Hell-In-A-Handbasket]

Kaspersky put up a removal for it ( I think it's the same ) earlier

RannohDecryptor

http://www.kaspersky...s-removal-tools