Author Topic: Silent Killer "crypt" (Read 8636 times)

ejwells409 · « **Reply #15 on:** March 29, 2012, 09:44:26 PM »

Thanks! It's running right now. The directions mention that a log will be generated in the root directory, so it appears I will have something to post. I don't know how the scanner actually works. . . .it's been running now for around 25 minutes and has looked at a ton of files with the crypt extension, however it hasn't "Processed, Found or Decrypted" anything at this point. I'm hoping that what it's doing is reading everything, then it'll go back and start actually processing and decrypting the files. If not, then it isn't working, lol. I have to leave right now and won't be back for several hours. I don't have any screensavers that will run or anything else that should interrupt the scan process, so I'll see what the results are when I return. Thanks for the assistance!!

essexboy · « **Reply #16 on:** March 29, 2012, 09:48:41 PM »

Ta I must admit I have never come across one of these before so I will be interested in any data you could give

DonZ63 · « **Reply #17 on:** March 30, 2012, 01:09:17 AM »

Might be a new variant of this:
http://www.net-security.org/malware_news.php?id=945

ejwells409 · « **Reply #18 on:** March 30, 2012, 01:33:25 AM »

Quote from: DonZ63 on March 30, 2012, 01:09:17 AM

Might be a new variant of this:
http://www.net-security.org/malware_news.php?id=945

My Ransom note doesn't read like that, but the files it encrypts are the same. . .add to that the "zip" files. If what I read is what I have to look forward to, then I'll be reformatting this baby very soon. The program that "essexboy" gave me to run has been scanning now for over 4 hours. It hasn't processed anything, it hasn't found anything and it hasn't decrypted anything despite the fact that all it's looking at are files that have been encrypted, lol.

ejwells409 · « **Reply #19 on:** March 30, 2012, 04:25:00 AM »

Ok, I've stopped the scan being done by the decrypting tool. It ran for 6.5 hours, looked at close to a half million files all tagged with the "crypt" extension and never did anything. Lost cause I'm afraid and I have work that needs to be done on the computer so I'll be shutting it down, reformatting both HDD's and starting over. Thanks to "Essexboy" and "Polonus" for their assistance in trying to get this cleared up. I do appreciate it.

Brief Update: I've already formatted and reinstalled Win7. I still have to Wipe the second HDD as that was also infected, but at least for now, the C: drive is clean. Thanks again guys!

Peter_M · « **Reply #20 on:** March 30, 2012, 02:06:28 PM »

Just came across this forum. I am infected with this same virus. On March 27 all my .xls, .pdf, .jpeg, etc. files were encrypted. At statrtup, a process runs that tells you that you have illegal software on your computer and to visit www.sopacrystal.com where they demand $130 for the key and decryption algorithm. In the README file left behind there are the instructions to visit sopacrystal.com and there is also a "key" I don't know if this is enough info but any help to decrypt my files would be aprecciated as I haven't backed up in a few weeks.

Also tried the recommend download from Kapersky but it didn't do any good.

Here is the contents of the README file:

Your files was blocked because of copyright violation, you can't access your files.
Please visit sopacrystal.com for more information and follow step by step instructions.

=== KEY ===
010200000266000000A40000356060E4C2A31E39
5254D548301AC7C6EBBCA548704FE8A3EE53588C
E50BAA43FB1C67D79BFAC8024D9C3A65D113887A
BA2FBF5FF6529D1D51A3A67B6919DF13
=== END ===

ejwells409 · « **Reply #21 on:** March 30, 2012, 07:28:37 PM »

Quote from: Peter_M on March 30, 2012, 02:06:28 PM

Just came across this forum. I am infected with this same virus. On March 27 all my .xls, .pdf, .jpeg, etc. files were encrypted. At statrtup, a process runs that tells you that you have illegal software on your computer and to visit www.sopacrystal.com where they demand $130 for the key and decryption algorithm. In the README file left behind there are the instructions to visit sopacrystal.com and there is also a "key" I don't know if this is enough info but any help to decrypt my files would be aprecciated as I haven't backed up in a few weeks.

Also tried the recommend download from Kapersky but it didn't do any good.

Here is the contents of the README file:

Your files was blocked because of copyright violation, you can't access your files.
Please visit sopacrystal.com for more information and follow step by step instructions.

=== KEY ===
010200000266000000A40000356060E4C2A31E39
5254D548301AC7C6EBBCA548704FE8A3EE53588C
E50BAA43FB1C67D79BFAC8024D9C3A65D113887A
BA2FBF5FF6529D1D51A3A67B6919DF13
=== END ===

If you'll read this thread from the beginning, you'll see that I've already documented what you talk about. The suggestions that essexboy and polonus had did not touch it and it appears to be a new version of an exisiting "Ransom" virus scam. I wish you luck but as you can see if you read my posts, nothing worked and eventually I was forced to start over. You're most likely looking at the same scenario unless someone who hasn't posted yet is sitting back with a magical cure.

essexboy · « **Reply #22 on:** March 30, 2012, 07:47:51 PM »

It was probably for the best as the locking key would be nigh impossible to crack if they used a random generator

Did you manage to upload the dropper to Avast ?

Author Topic: Silent Killer "crypt" (Read 8636 times)

ejwells409

Re: Silent Killer "crypt"

essexboy

Re: Silent Killer "crypt"

DonZ63

Re: Silent Killer "crypt"

ejwells409

Re: Silent Killer "crypt"

ejwells409

Re: Silent Killer "crypt"

Peter_M

Re: Silent Killer "crypt"

ejwells409

Re: Silent Killer "crypt"

essexboy

Re: Silent Killer "crypt"