Troj/Arhiveus-A

Category: Viruses and Spyware Protection available since:31 May 2006 00:00:00 (GMT)
Type: Trojan Last Updated:31 May 2006 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Arhiveus-A is a Trojan for the Windows platform.

When run, Troj/Arhiveus-A concatenates the contents of the user's 'My Documents' folder into a file named <User>\My Documents\EncryptedFiles.als. The original files are then deleted.

The Trojan then creates the file:

<User>\My Documents\INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt

Every time the user double clicks on the file EncryptedFiles.als, a message box is displayed with the following text:

Read INSTRUCTIONS to get your files back

The user is then displayed an interface that shows the contents of the file, and can click on a button labelled 'Extract' if they wish to try and retrieve them. If so, the user is then presented with a dialog asking for a password.

The password to recover the files is:

mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw

The Trojan should not be deleted before the files are recovered. Once the files have been recovered, the Trojan can safely be removed, along with the following files:

INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt
EncryptedFiles.als

Registry entries are created under:

HKCR\.als\

The contents of the file INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt are as follows:

"INSTRUCTIONS HOW TO GET YOUR FILES BACK
READ CAREFULLY. IF YOU DO NOT UNDERSTAND - READ AGAIN.

This is the automated report generated by auto archiving software.

Your computer caught our software while browsing illegal porn pages, all your documents, text files, databases in the folder My Documents was archived with long password.

You can not guess the password for your archived files - password length is more than 30 symbols that makes all password recovery programs fail to bruteforce it (guess password by trying all possible combinations).

Do not try to search for a program that encrypted your information - it simply does not exist in your hard disk anymore. Reporting to police about a case will not help you, they do not know the password. Reporting somewhere about our email account will not help you to restore files. Moreover, you and other people will lose contact with us, and consequently, all the encrypted information.

WE DO NOT ASK YOU FOR ANY MONEY! We only want to do business with you. You can even EARN extra money with us. If you really care about the documents and information in encrypted file, you should follow the instructions below. This is your only way to get your files back and save your time.

------------------------------

How to get your information back.

1. Follow any link below

<3 URLs are provided>

and enter our online pharmacy. Our online pharmacy is the world leader in FDA approved medications.

2. Choose any product you like and buy it.

3. Send an email with your order id to our email address restoring@safe-mail.net or restoringfiles@yahoo.com
The password will be sent to your email address as soon as we verify your order id (usually 3-4 hours or shorter) and you will get your information in encrypted file back. All the emails with invalid order ids will be ignored.

------------------------------

We do not ask you for any money! We guarantee that you will receive the product you buy! You can use it by yourself or even sell and earn extra money because all the products in our online pharmacy are discounted!

We guarantee that you will receive the password for encrypted file as soon as you buy any product in our online pharmacy.

We guarantee that you will be able to restore all the encrypted information and we can prove it. Doubleclick on the file Demo.als and enter the following password: kw9fjwfielaifuw1u3fw3brue2180w3hfse2
The encrypted information will be restored in several seconds.
The file EncryptedFiles.als is encrypted with another password which you will receive in the email from us.

We guarantee that you will never be asked to buy anything in our online pharmacy again.

We do not want to do you any harm, we do not ask you for money, we only want to do business with you.

##########################################################################
Remember you are just three steps away from your files
##########################################################################"