diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Jun182008

Recover from Gpcode.ak (1.024 Bit encrypting) virus with Kaspersky PhotoRec

An unbreakable piece of malware which is designed to encrypt files on compromised computers with a RSA 1.024 bits algorithm, and hold them captive until the user agrees to pay the attacker for the decrypting tool. Detected as Win32/
Gpcode.G by Microsoft, Trojan.Gpcoder by Symantec and Gpcode.ak by Kaspersky, the malicious code is a ransom-ware Trojan.

“The trojan encrypts all user files (for example, with extensions .txt, .doc, .jpg, .pdf, .chm, .htm, .cpp, .h amongst others) on the infected computer. The encrypted files are saved by appending ‘_crypt’ to the original file name whilst the original files are permanently deleted,” informed Dan Nicolescu, from the Microsoft Malware Protection Center.

Kaspersky Lab, now able to provide users with instruction on how to recover files attacked by the Gpcode.ak virus. As reported earlier, decrypting files encrypted by Gpcode.ak without the private key is not, as yet, possible. However, a method for recovering encrypted files has been identified.

The method makes use of the fact that before encrypting a file, Gpcode.ak creates a new file (which contains encrypted data from the original file) ‘next to’ the file it encrypts. Once encryption of a file is complete, the virus deletes the original file.

The free PhotoRec utility, developed by Christophe Grenier, performs the function of recovering files on a selected partition remarkably well. However, restoring the exact file names and paths remains a problem. To address this issue, Kaspersky Lab has developed a small free utility, StopGpcode (ZIP file, 71.2 KB), which restores original file names and the full paths of the files recovered.

Source:→ Softpedia

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...