Avast WEBforum
Non-English Zone => Italiano => Topic started by: REDACTED on February 14, 2016, 06:13:49 PM
-
Con mia grande sorpresa AVAST non ha protetto i miei files quando ho cercato di aprire i files .zip allegati. (attenzione: negli allegati ho cambiato l'estensione .zip in .txt)
Uso XPSP3
Posso sperare che in futuro AVAST sia capace di bloccare questo virus?
Grazie e cordiali saluti.
Allego lettera di riscatto ricevuta:
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your
computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program,
which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start
obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way
to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different
addresses pointing to your page below:
1. http://g3mdmn4n5.goomasap.com/C1FD2249FDBA7897
2. http://hawdahbmfsm4sdf.brinystylo.com/C1FD2249FDBA7897
3. http://i4sdmjn4fsdsdqfhu12l.orbyscabz.com/C1FD2249FDBA7897
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: wbozgklno6x2vfrk.onion/C1FD2249FDBA7897
4. Follow the instructions on the site.
!!! IMPORTANT INFORMATION:
!!! Your personal pages:
http://g3mdmn4n5.goomasap.com/C1FD2249FDBA7897
http://hawdahbmfsm4sdf.brinystylo.com/C1FD2249FDBA7897
http://i4sdmjn4fsdsdqfhu12l.orbyscabz.com/C1FD2249FDBA7897
!!! Your personal page Tor-Browser: wbozgklno6x2vfrk.onion/C1FD2249FDBA7897
!!! Your personal identification ID: C1FD2249FDBA7897
-
Ciao,
Mi spiace per l'accaduto, purtroppo tutti i giorni escono nuove varianti di questi cryptolocker.
In effetti sembrano nuovi
https://www.virustotal.com/it/file/2521b6cc254548d39758a1fa6ab9a8b8d723d6ec4e2533e225ff7464731342e4/analysis/1455472173/
https://www.virustotal.com/it/file/c8804f7cf709d5f6bf36b39139835c266bc98fe1c684f3acbf7d5bac3667cbe1/analysis/1455472231/
https://www.virustotal.com/it/file/cde913bd503d5c0240131b17ce636c721958590abdc9d770aa1184318394bc5c/analysis/1455472251/
https://www.virustotal.com/it/file/c5b34995e3b8746914ce933c5cce9611aabbab11b815974ac0fb76a9776ad73c/analysis/1455472287/
Solo 3/4 antivirus su 54 rilevano il virus ora
Prima di tutto ti suggerisco di mandare i virus all'avast virus lab usando questo form
https://support.avast.com/support/tickets/new?form=3
Ti consiglio inoltre di scaricare cryptoprevent
https://www.foolishit.com/cryptoprevent-malware-prevention/
Altra cosa molto più importante è tenere copia dei dati importanti su hdd esterno e scollegarlo al termine del backup.
Avast era aggiornato e con l'ultima versione 11.1.2253?
-
Detection for those files have been already created. Will be fixed in next VPS
-
Detection for those files have been already created. Will be fixed in next VPS
Thanks savcin