• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Virus that demands payment to decrypt your files.

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

jstutman

Member
Joined
Oct 13, 2001
I was wondering if anyone else has run into this and if there is any hope for the client. I searched google for about an hour and found where one other person had been infected with it but no clues on how to fix it. Any help that can be give would be greatly appriciated. This might be a big hoax and all the guys files could have been deleted but I at least want to try to help him out.

The following is the contents of the txt file that was found on the computer:

Code:
OUR E-GOLD ACCOUNT: 2917497

INSTRUCTIONS HOW TO GET YUOR FILES BACK
READ CAREFULLY. IF YOU DO NOT UNDERSTAND, READ AGAIN.

This is automated report generated by auto archiving software.

Your computer catched our software while browsing illigal porn
pages, all your documents, text files, databases was archived
with long enought password.

You can not guess the password for your archived files - password
lenght is more then 10 symbols that makes all password recovery
programs fail to bruteforce it (guess password by trying all
possible combinations).

Do not try to search for a program what encrypted your information - it
is simply do not exists in your hard disk anymore.
If you really care about documents and information in encrypted files
you can pay using electonic currency $300.
Reporting to police about a case will not help you, they do not know
password. Reporting somewhere about our e-gold account will not help
you to restore files. This is your only way to get yours files back.

------------------------------

How to pay to get your information back.

1. click on this link to open your free e-gold account - the first
   screen is the e-gold "terms and conditions" page. You need to
   agree to these by clicking on the "I AGREE" button on the bottom
   on the page.
2. On the next page is the sign up form:
    1. "Account name" - here is where you name your account - tip:
        make it easy to remember (as you will be asked for it) and
     reasonably short, example, "John's e-gold", "My Money e-gold"
        or perhaps "Felix" (whatever you like, just make it easy for
        you to remember it).
    2. "User Name" - here just repeat the account name (from 1 above).
    3. "Point of Contact" - this is where you put our name, address,
        phone number and email address (any email address can be used
        here but it is recommended you use your ISP address - not a
        free hotmail, etc address).
        It is also recommended your also include a fax number
        (don't have a fax number? This company offers free fax to email
        services). Try and make it as easy as possible for e-gold to contact you.
    4. "Passphrase" - this is the most important piece of information
        connected to any e-gold account. We can not stress enough how
        important it is that your passphrase is kept safe and secure.
    5. "Turing Number Entry" - type the 6 numbers you see there into the input
        box below.
    6.  The last step click "Open"

On the next page it will tell you that your e-gold account number has been emailed to you.

check your email - you can expect to wait up to 5 minutes for your account number
to arrive. If it does not arrive after 5 minutes then that means the email address
you supplied was incorrect and you will have to open another new account (go through
and repeat what you just did above again).

To buy e-gold to your account please use official exchange services
http://www.me-gold.com/
http://www.goldex.net/
http://usece.com/

or try to search own way with
http://gold-pages.net/e-Gold__1MDC__Pecunix_Wizard_Links/Purchase_E-gold/index.html
http://www.google.com/search?hl=en&q=buy+e-gold&btnG=Google+Search

FINALLY when you bought e-gold you have to transfer $300 to our e-gold account.
In next 24 hours you will recieve $1 back to your account. Transfer details
of this $1 transfer will have a link to software that will automatically
unzip all your files back to normal state.

Next day login to your account https://www.e-gold.com/acct/login.html,
press History and press submit, you will see LINK TO UNZIP-software.

##########################################################################
Remember you are just $300 away from your files
##########################################################################
 
Wow. That is crappy! Sorry - no info, but that does suck... What to say but I hope you were backed up?

:cool:
 
dont pay whatever the client decides. This will not only teach the client to back-up, but to have good antivirus and spyware protection and a good firewall. His rig probably needed fomatting anyway.
 
Any lawyer would love to see this as they should most likely have a field day if the "company" is based in the US. If it's not then you will just have to get a better brute force cracker.

Whatever you do, DO NOT PAY. NEVER reward someone for this kinda **** by giving in.
 
Tell him to just take his losses and learn from his mistake, then reformat. I wouldn't pay anyone to fix that, especially the person that wrote the virus.
 
I can tell from the way the language is written that it is from Russia or one of the former Soviet states. As far as any legal action goes, you're screwed. I'd try the decrypters mentioned above and if that didn't work I'd just pop in the XP CD and boot from it then reformat.
 
Yeah, these are just the guys I want to give my credit card number to. Where do I sign up?

Were files actually missing? And what files did it target? It'd almost have to be a common directory location I would think.

And any clue as to how he got it? Or is porn really bad for your financial health as well? Two strikes, gotta find a new vice, darn. :bang head
 
White Runner said:
Overclocker's don't negotiate with virtual terrorists.
As George Carlin might say, "You're goddamn right!" Don't pay them. We do not negotiate with terrorists.

I will run down the websites mentioned in the message and get back to you, to see who they belong to, and where they are physically located. This information could be of value to both you and to law enforcement, should you choose to pursue this.

*starts hammering furiously at the keyboard*

edit: 10 character password? Eh, that's definitely not unbreakable...
 
Have you checked to see if he really has no access to his files? Try the decrypt fixes mentioned and then backup & reformat his system. Everyone needs a good firewall & antivirus these days, without them you are always at risk.

Newbie,

The sites mentioned in the message have nothing to do with this person(s), the only thing that could be used to link to them is the e-gold account # which is proteced by e-gold. I think alot of illegal money is sent via that service.
 
well, if it is encrypted, depending upon how many bits of encryption, it could take awhile to crack.
 
"Reporting to police about a case will not help you, they do not know
password."

This part I think sounds like it's just been typed up by a hacker or fraudster "They do not know password". For a start that gives it away as too some stupid person who's trying to fraud money of of you.

DON'T PAY it's people like this which makes Identity fraud and trying to get money out of people rise everyday.
 
El<(')>Maxi said:
Have you checked to see if he really has no access to his files? Try the decrypt fixes mentioned and then backup & reformat his system. Everyone needs a good firewall & antivirus these days, without them you are always at risk.

Newbie,

The sites mentioned in the message have nothing to do with this person(s), the only thing that could be used to link to them is the e-gold account # which is proteced by e-gold. I think alot of illegal money is sent via that service.
Indeed, but any link at all is a start.
 
Back