PSA: Nasty Trojan Virus (Ransom)

GTaudiophile · Dec 7, 2010

Our office got his yesterday by a derivative of the "Troj/Ransom-U" virus. We think it came through a legit-looking PDF from a legit sender. It began "encoding" our files, giving them the ".Encoded" file extension. The virus also puts a text file on the desktop, asking for a $120.00 USD ransom.

More information here.

If anyone has expertise on dealing with this one, I would be happy to entertain your comments.

Note: Did not post this in the Security forum because no one goes there. Sorry.

PokerGuy · Dec 7, 2010

This reinforces the notion that you need to have good backups of your data. With no backups, you'd be up the creek, paying some crook money to restore your files and probably still not getting anything back.

Wyndru · Dec 7, 2010

Thanks for the info. I'll pass this on to our CA rep to be sure they can get a jump on it, since etrust seems to be the last to update their definitions.

GTaudiophile · Dec 7, 2010

PokerGuy said:
This reinforces the notion that you need to have good backups of your data. With no backups, you'd be up the creek, paying some crook money to restore your files and probably still not getting anything back.

We do back-ups on a frequent basis but there is concern that the virus also interferes with Windows System Restore.

MiniDoom · Dec 7, 2010

system restore is not a backup solution.

OILFIELDTRASH · Dec 7, 2010

GTaudiophile said:
We do back-ups on a frequent basis but there is concern that the virus also interferes with Windows System Restore.

Lol. And you're the guy that is in charge of the computers?

techs · Dec 7, 2010

Thanks for the heads up, GTaudiophile:thumbsup:

Aharami · Dec 7, 2010

OILFIELDTRASH said:
Lol. And you're the guy that is in charge of the computers?

just because it is a tech forum doesn't mean only techies post here

ivan2 · Dec 7, 2010

is this PDF trojan an exe looks like PDF or is it an infected PDF file?

Powermoloch · Dec 7, 2010

thanks for the heads up !

skyking · Dec 7, 2010

GTaudiophile said:
We do back-ups on a frequent basis but there is concern that the virus also interferes with Windows System Restore.

Thanks for the heads-up man. Yeah, any virus worth a crap will break system restore, right after it kills your antivirus and breaks regedit.
Good luck with your recovery.

Hey, did it spread like a worm on the LAN as well, or is it in just one computer?

JTsyo · Dec 7, 2010

I'm guessing it's international guys pulling this since I don't see how the FBI can't trace any money transaction.

PSA: Nasty Trojan Virus (Ransom)

GTaudiophile

Lifer

PokerGuy

Lifer

Wyndru

Diamond Member

GTaudiophile

Lifer

MiniDoom

Diamond Member

OILFIELDTRASH

Lifer

techs

Lifer

Aharami

Lifer

ivan2

Diamond Member

Powermoloch

Lifer

skyking

Lifer

JTsyo

Lifer