Takze uz je aj nan najnovsi cryptolocker decryptor
Tentokrat sa o to postaral Fabian Wosar z EMSISOFTu
Na stiahnutie http://goo.gl/Q0pZ5E
Staci ulozit a spustit ako admin. vsetko prebehne automaticky.
Zoznam zacryptovanych suborov je v
%UserProfile%\enc_files.txt
Malware je v zložke
%AppData%\WinCL\WinCL.exe
WinCL.exe je priamo dany infektor
malware vymaže Shadow Volume Copies na napadnutom PC za použitia príkazu
vssadmin Delete Shadows /All /Quiet
Cryptolocker sa ohlasi nasledovnou hlaskou:
CryptoLockerYour important files encryption produced on this computer: photos, videos, documents, etc.
If you see this text, but do not see the “CryptoLocker” window, then your antivirus deleted “CryptoLocker” from computer.If you need your files, you have to recover “CryptoLocker” from the antivirus quarantine, or find a copy of “CryptoLocker” in the Internet and start it again.
You can download “CryptoLocker from the link given below.hxxp://invisioncorp.com/au/XXXXXXXXXX
Approximate destruction time of your proviate key:
1/5/2015 12:31:45 PM
If the time is finished you are unable to recover files anymore! Simply remove this wallpaper from your desktop.
Zname subory infektoru:
%AppData%\WinCL\WinCL.exe
%AppData%\WinCL\winclwp.jpg
%AppData%\WinCL\temp.vbs
%UserProfile%\enc_files.txt
%UserProfile%\last_change.txt
Známe kluce registru:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wincl %AppData%\WinCL\wincl.exe
HKCU\Control Panel\Desktop\Wallpaper %AppData%\WinCL\winclwp.jpg
RedHawk's space 