August 1, 2012
Russian anti-virus company Doctor Web is warning users about the large-scale spreading of a multi-component ransomware that has been dubbed Trojan.ArchiveLock.2. It uses the archiver WinRAR to make files inaccessible for users. Doctor Web's analysts have found a way to recover a password to extract files compromised by certain versions of the Trojan horse.
Trojan.ArchiveLock.2 is written in PureBasic. Once the Trojan has penetrated a system, it will paralyse its operation and display a message showing the criminals' demands.
Trojan.ArchiveLock.2 also features a decryption module that restores previously compressed files if the user enters a correct password.
The malware signatures are present in the databases of Dr.Web anti-virus software, so Trojan.ArchiveLock.2 is not dangerous for computers running Dr.Web Anti-virus or Dr.Web Security Space. However, Doctor Web's analysts have created a special procedure that can—with a high degree of probability—recover files encrypted by the Trojan. If your files have been compromised by Trojan.ArchiveLock.2, please submit a ticket in the Request for Curing category. Do not delete files or reinstall the OS—such actions can make decryption of the files impossible.
View the article
Doctor Web offers help to users whose systems have been compromised by an archive-blocker Trojan
Нет ответов в данной теме
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых