|
Audio Asylum Thread Printer Get a view of an entire thread on one page |
For Sale Ads |
74.106.53.24
Although this is no joke. It is a warning to everyone.
Yesterday I made the mistake of opening an e-mail from "FedEx Standard Delivery" with the subject line "Delivery Notification". Not expecting anything via FedEx, I opened the e-mail, which instructed me to click on a button to get details of an attempted delivery now waiting at a FedEx terminal. That turned out to be one of the great disasters of my computing life. Clicking on the button did nothing, but thanks to a program from Mike Lin that notifies me when a program is attempting to load permanently at start up, I was alerted that something had been installed on my computer.
Since yesterday there have been a series of installations. The first one was a file titled "iwpoe.exe". Ever since then it's been a disaster on my computer. The worst thing is that all of my mp3 and PDF files have been reformatted. I cannot open any of them. For example, Windows Media player says that the file with an mp3 extension that I'm attempting to open doesn't match the mp3 format. The same thing happens with Adobe Reader.
The iwpoe.exe file cannot be deleted. It just keeps reappearing when I delete it. The worst part is nothing can be found on the internet. No one seems to be aware of this virus. Running an anti-virus program didn't reveal the iwpoe.exe file.
Does anyone know anything about this problem?
Follow Ups:
I don't get it.
Let's say you send 'em money. It goes somewhere. That somewhere has an ABA # or whatever associated with it. It is TRACEABLE, right?
Isn't the FBI good for finding out who is associated with that account?
A couple mercs would fix the problem in a couple weeks. Repeat a few times and those who would try this form of extortion will think twice.
Too much is never enough
is why warnings about CrytoWall aren't circulating around the internet. One of the references given below says that CryptoWall and CryptoLocker are the most vicious viruses ever. Amen. The only thing worse is something that wipes out your hard drive, but even then data recovery services can usually get back deleted files from a hard drive.
Dang! This was a hard lesson to learn.
Thanks, everyone, for all the information.
good luck
dee
;-D
True terror is to wake up one morning and discover that your high school class is running the country.
quote by Kurt Vonnegut
I'm not sure whether to pay the ransom or not. It's really galling but I have business files that are important. The worst part is the incredible price they're asking. I'd spring for $50 or even $100, but CrytoWall is asking $500. At $300 CryptoLocker was a bargain.
Thanks for the link.
that even if you pay there is not guarantee that you get your files back, actually they will know that you are desperate and ask for more. And they will keep dangling things in front of you. You have no recourse because you have no idea who they are and where they are. I would just cut my losses try to recover the files from other places.
dee
;-D
True terror is to wake up one morning and discover that your high school class is running the country.
quote by Kurt Vonnegut
the encryption of the PDF files. They include business files. The mp3 files I'd forget. Most of them can be recovered or downloaded again. But tax receipts and things such as that in PDF format are a real problem.
I'm not sure what to do. I'm still trying to figure out if the new XP installation on a second hard drive is infected. Some sites say that CryptoWall encrypts files on all drives that appear in My Computer.
Oy, vey!
Thank heavens audio isn't dependent on computer files - if you listen to CDs or vinyl.
Thanks again, Pengie.
that stuff spreads :P...like the plague. look for backups for all the PDFs. I would not under any circumstances pay the ransom. It just encourages them, to extort more, and trust me they will, now they have your files hostage, if you pay they will want more.
dee
;-D
True terror is to wake up one morning and discover that your high school class is running the country.
quote by Kurt Vonnegut
The only way I would pay is if every single file on the infected hard drive is encrypted. Fortunately, that doesn't seem to be the case. I'm still working on finding out the extent of the damage. Probably most of the PDF files that weren't generated by me can be downloaded again from the internet. It will mean a lot of searches, but $500 is a significant bit of change, plus as you say, I really don't want to encourage these criminals.
There is a chance that in the future they will find out break this encryption.. That I would pay for. So if I can get by for now, I will isolate and store the infected files with the hope that they can someday be restored.
I have learned my lesson, I hope. In the future my middle name will be Backup.
Scum they may be, but they are smart and devious. They are a very good reason to backup everything on an external drive. Despite anti-virus it has been necessary to wipe my hard drive and reinstall Windows a couple times. I've become paranoid and never open an email from an unknown source.
But one mistake and they can get you. I never open attachments unless I know they are from trusted sources. This, however, had no attachment, merely a button I clicked on, which didn't take me to an internet site.
and one I waswarned about some time ago. My advice - take it to a competent tech
"Man is the only animal that blushes - or needs to" Mark Twain
--------------------------
"E burres stigano"
That is exactly what has happened. I thought extortion was illegal. Why haven't any authorities investigated this? $500 is a lot of money to recover data.
When I clicked on that link, it sent me to this addess: http://Ouch!!%20Ransom%20starts%20at%20$500
And the page was blank.
So, what was it?
___
"If you are the owner of a new stereophonic system, this record will play with even more brilliant true-to-life fidelity. In short, you can purchase this record with no fear of its becoming obsolete in the future."
in the "Optional Link URL" box. Grrrrrrrr
--------------------------
"E burres stigano"
OK. You have to watch your front. Anti virus got your back. Wipe out and format your computer with a clean windows install all I recommend in your situation.
I managed to get rid of the iwpoe.exe file by using a fresh installation of Windows XP on a second hard drive in my computer. The iwpoe file can't be deleted when it's in use and it starts with Windows. Getting rid of that file has helped a good deal.
I'm still trying to get rid of other files that have been installed. The bad news is that I still can't open mp3 or PDF files.
In each folder where mp3 and PDF files are kept there is a notepad message that reads DECRIPT_INSTRUCTION. Basically, it's a ransom note. Its instructions tell the user to go to install the TOR browser and then got to a website.
Here is the entire text of that document:
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/gdc6cb
2.https://paytordmbdekmizq.pay2tor.com/gdc6cb
3.https://paytordmbdekmizq.tor2pay.com/gdc6cb
4.https://paytordmbdekmizq.pay4tor.com/gdc6cb
If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/gdc6cb
4.Follow the instructions on the site.
IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/gdc6cb
Your personal page (using TOR): paytordmbdekmizq.onion/gdc6cb
Your personal identification number (if you open the site (or TOR 's) directly): gdc6cb
Cryptolocker
True terror is to wake up one morning and discover that your high school class is running the country.
quote by Kurt Vonnegut
it is something very similar. $300 to restore files? I don't think so. Dang! Thanks for the link. It has given me valuable information.
In other words, your files are being held for ransom. This is really nasty. Sorry this happened to you. I know this doesn't help your situation but it's just one more reason to do regular backups. Good luck with this.
It is robbery by remote control.
Thanks for the sympathy. It's not like I never do backup, but just when you've forgotten to do it for a while . . .
That said, this virus is supposed to infect any active drive on the computer. So if you keep an external hard drive on while your hard drive is active, those files will be encrypted too. I'm trying to figure all this out. I managed to backup up a few mp3 files once the damage was discovered, but I'm afraid to turn on the backup drive while the computer is on.
More research has to be done. Oh, well. I'd certainly rather be dinking around rescuing my computer than listening to my system.
I will definitely keep an eye out for such a missive, to be deleted ASAP.
This is the most vicious virus I've ever encountered. What a rotten thing to do to people.
See if the link describes the issues you are having...
The big thing is how it has encrypted mp3 and PDF files. I've never seen that before.
I'm posting a follow up above with a few more details.
I checked the link but nothing on the site seems to mention this virus.
Thanks for the tip, though. The site might come in handy in the future.
Post a Followup:
FAQ |
Post a Message! |
Forgot Password? |
|
||||||||||||||
|
This post is made possible by the generous support of people like you and our sponsors: