mblpcblock.in (crazy encrypt/rename virus?)

Discussion in 'Malware Help (A Specialist Will Reply)' started by shiftlessatol, May 21, 2013.

  1. shiftlessatol

    shiftlessatol Private E-2

    got a machine that opened up one day and all my files were links that go to the same website.

    changing the extension doesn't do anything - all of them are inaccessible

    i've included two examples of the files in the payload.zip under the folder "symptoms"

    not sure what to do to regain access to files. happened around 5/14/13

    let me know what you think
     

    Attached Files:

    shiftlessatol, May 21, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please download decrypt_mblblock.exe to your desktop.
    The complete usage instructions and video can be found here.
    • If you only have a single hard disk with one partition, the only thing you need to start the tool.
    • Windows XP users can simply double click and run the tool, Windows Vista, 7 & 8 users need to run the tool with administrator rights.
    • Now it will automatically scan your complete hard disk for decrypt the files, when there are encryptes files present it will automatically decrypt those without deleting the encrypted originals.
    • After the decryption check all of the decrypted files if they open properly.
    • Once you verified the files were decrypted properly you can delete the encrypted HTML files.
    If you have more than one hard disk or partitions with encrypted files, things a slightly more complicated. To scan and decrypt files on those other hard disks or partitions you will have to pass the additional drives as a command line parameter:
    • While holding down the Windows key now press the R key.http://www.imgdumper.nl/uploads6/5198943266c36/5198943264916-Windows_key_R_system_information_prepare.png The “Run Box” will now appear.
    • In the “Run box” Type in “cmd.exe” and press Enter.
    • The Windows Command Line prompt should show up.
    • You first need to switch into the directory where you downloaded the decryption tool to.
    • This can be done using the cd command: cd /d “<path>”
    • Just replace <path> with the path you downloaded the decryption tool to. If you downloaded it to C:\Users\Administrator\Downloads for example the exact command line to type in should look like this:
    • cd /d “C:\Users\Administrator\Downloads”
    • If you did everything right you will see that the command prompt changed slightly and now references the download directory.
    • Run the decryption tool with a list of all your drives you want the tool to scan. If you have a C:, D: and E: drive for example, run the tool like this:
    • decrypt_mblblock.exe C:\ D:\ E:\
    • Please be patient while the tool is running, and you may better not use the computer before the tool is ready.
     
    chaslang, May 22, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds