A forum for reverse engineering, OS internals and malware analysis
Your personal files are encrypted.%f0%%c0%
Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.
If you see the main locker window, follow the instructions on the locker. Overwise, it's seems that you or your antivirus deleted the locker program. Now you have the last chance to decrypt your files.
1. Type the address %c1%http://torproject.org%c0% in your Internet browser. It opens the Tor site.
2. Press 'Download Tor', then press 'DOWNLOAD Tor Browser Bundle', install and run it.
3. Now you have Tor Browser. In the Tor Browser open the %c1%http://%onion%/%c0%
Note that this server is available via Tor Browser only
Retry in 1 hour if site is not reachable.
4. Write in the following public key in the input form on server. Avoid missprints.
%f1%%c1%%key%%f0%%c0%
5. Follow the instructions on the server.
These instructions are also saved to file named DecryptAllFiles.txt in Documents folder. You can open it and use copy-paste for address and key.Cody Johnston wrote:Recent sample from a few days ago. Marks files now as .ctb2Probably you mean PIC, position-independent code.
Interesting that the original packed exe is written using pcode (http://en.wikipedia.org/wiki/P-code_machine)
EP_X0FF wrote:Probably you mean PIC, position-independent code.I meant P-Code, but gave the wrong link initially. Here is a PDF that explains a little better what I am talking about: http://www.decompiler-vb.net/documentat ... 0PCode.pdf
