Developed a utility that decodes the encrypted files Trojan.Encoder
The company "Doctor Web" has developed a utility to cope with the consequences of malicious actions Trojan cypher Trojan.Encoder.252. The new version of the well-known representative of the family of Trojans encoders dangerous because it encrypts user data and extorting money from them for deciphering the affected files. This Trojan reaches computers victims through spam submissions alleged by the arbitral tribunal. One of the identified ways to spread the malicious programs - direct mail with an attachment that is sent purporting to be from the tribunal. Run on a victim's computer, the Trojan stores the copy in one of the system folders under the name svhost.exe, modifies responsible for the automatic loading of applications branch registry and starts.
Trojan.Encoder.252 Trojan encrypts files only if the infected computer is connected to Internet. In this case, the malicious program consistently avoids disk drives from C: to N: and receives a list of files with specified extensions (. Jpg,. Jpeg,. Doc,. Rtf,. Xls,. Zip,. Rar, .7 z,. Docx,. pps,. pot,. dot,. pdf,. iso,. ppsx,. cdr,. php,. psd,. sql,. pgp,. csv,. kwm,. key,. dwg,. cad,. crt, . pptx,. xlsx, .1 cd,. txt,. dbf), which saves a text file. Trojan.Encoder.252 then checks the availability of their servers, which are then sent to the encryption key. If these servers are unavailable, the Trojan displays a message purportedly from the Arbitration Court with a proposal to test the Internet connection settings. Upon successful completion of encryption to the file name is appended string Crypted.
Also on the victim's computer PROChTIETO.txt have a text file containing the ID to decrypt the files unique to each computer. spite of the fact that on several thematic resources on the Internet can not be reported decrypt files by reason of the Trojan used Trojan.Encoder.252 encryption algorithms, experts have developed a utility to successfully deal with this problem. However, for the selection of keys will need a computer with a powerful hardware configuration: for ordinary home PC, this process can take about a month, but on a server with 24 processor cores, a record was set: the key managed to pick up in 20 hours. This utility has become a testing ground for many innovative ideas born virus analysts "Doctor Web" - all of these ideas will be used in the future to decrypt the files affected by a Trojan encoders files. Research to develop new ways to combat cryptographers in the meantime continue, the company says.
.jpg)
