My Files, Documents, Databases have been Archived!

Discussion in 'Malware Help (A Specialist Will Reply)' started by rocksfinders, Mar 8, 2006.

  1. rocksfinders

    rocksfinders Private E-2

    Hi Guys

    Boy do I have a problem. Somehow yesterday a program bypassed all my protection and archived, password encrypted, everything on my hard drives:eek: .

    The Notepad that shows up in all my files has an e-gold account # and says that I have to pay $300 using electronic currency in order to get a password that will open all my files.

    What do I do? Who can I call? I printed out the "AUTO_ZIP_REPORT" that shows on my computer, but I did not want to post it here until I know what it is all about. Don't want anyone else to suffer my fate. Has anyone else run into this situation?​
     
    rocksfinders, Mar 8, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    I have never heard of this.

    When you say "everything on your hard drives" ....what do you really mean?

    Are you saying all files are in individual zips? Do they end in .ZIP extensions?

    If everything was put in a locked ZIP, your PC would not even boot.

    Can you install and run programs?
     
    chaslang, Mar 8, 2006
    #2
  3. rocksfinders

    rocksfinders Private E-2

    When I say all files I mean all databased files. Everything that ended with a .pdf, .doc, .pif and such. Everything that was audio, video, documents and various other information files. Even my Zip files were encrypted. They did not mess with any of my drivers or windows operating system files. They want you to be able to get your email and get on the internet. How else could you pay them electronically for the password to get your ransomed files back. It is very weird I must admit, my friend took a copy of the letter on the note pad down to our computer experts here in town and they immediately got online to try and find a program to get the password. However, the note from the individuals that did this said it was a 10 letter password and I could never get it. They want me to electronically transfer $300 to their account for my e-gold password. They will then send me a $1.00 back of this money with the password attached. I want to get the information out to everyone so nothing like this can happen to anyone else. I trust you guys so that is why I came to you first. I could send any one a copy of the note, but I want to make sure it doesn't carry anything with it. The wording of the note, suggests that it was not done in the US, but that also could be a ploy. It is very frustrating. Also, I believe it is extortion and they are ransoming off my own files. Approx. 4300+
     
    rocksfinders, Mar 9, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I think you should run through the below procedures so we can get a better understanding of what may be running on your PC. While this may not fix the problems if the files are really encrypted, it may help us learn something. Also AbbySue has found some links that appear like they are describing your problem. See these:

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPGPCODER%2EB&VSect=Sn

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.gpcoder.c.html


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
    .
     
    Last edited: Mar 9, 2006
    chaslang, Mar 9, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Thanks to my friend Halo, here is a program that may be of some use in fixing this:

    Restore_GpcodeB.ZIP

    Extract it and run the executable. See the readme.txt file. This comes from the below site:

    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=43103


    Are your antivirus definitions up to date? If not then update them. It's important to do that. What antivirus program do you use?

    You need to do a full system scan and you MUST MAKE SURE you set it to scan ALL FILES not just executables or typical files.
     
    Last edited: Mar 9, 2006
    chaslang, Mar 9, 2006
    #5
  6. rocksfinders

    rocksfinders Private E-2

    Hi

    Sorry it took so long, but had a home problem needed to attend to first.

    I have completed all the instructions you wanted me to and I have the results from everything except for Panda Active Scan. After running Bitdefender it cleaned out all my files so I was unable to get to Panda. But everything else was done and I will include the attachments, so you might be able to check it out. I will also do as you suggested in this last post. Wish me luck.

    I have never added attachments before so crossing my fingers that is works.

    Do you want to see the Ransom Note that is on my note pad also?

    Well it seems the bdscan1 is too big to post. I am going to find a program that will change the HTML to regular text before I send it.
     

    Attached Files:

    rocksfinders, Mar 12, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! Just do what was in my last message.

    No! Don't convert it. It will not be readable. Just compress it into a ZIP file and attach the ZIP file.

    Your HJT log was not obtained in normal boot mode as requested. And your choice of folders for HijackThis to be installed to is not really a good idea. Please use the suggested folder.

    It also seems that you have not run ALL steps of the READ ME. I do not see MS Windows Defender. Why can't you run PandaActiveScan? ALL steps in the READ ME must be completed before attaching a HijackThis log.
     
    chaslang, Mar 12, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Mar 17, 2006
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds