1. 敘述問題:
Attention!!!
Your BitCrypt ID:
xxx-123-4567890
All necessary files on your PC ( photos, documents, data bases and other) were encoded with a unique RSA-1024 key.
Decoding of your files is only possible by a special programm that is unique for each BitCrypt ID.
Specialists from computer repair services and anti-virus labs won't be able to help you.
In order to receive the program decryptor you need to follow this links.
If current link doesn't work but you need to restore files please follow the directions:
1. Try to open link . If you failed proceed to step 2.
2. Download and install tor browser
3. After installation, start tor browser and put in the following address
Remember, the faster you act the more chances to recover your files undamaged.
在每個資料夾下建立兩個檔案(包含每個磁區)
上面為內容物已去掉網址及修改對方所給的ID
BitCrypt.txt
BitCrypt.txt.bitcrypt
除了.exe沒被改之外大部份的檔案類型都被修改為BitCrypt
請問還有救嗎Orz
2. 系統資料:
使用的作業系統 Windows XP SP 3
使用的防毒軟體 小紅傘
3. 分析報告:
2.13:
啟動的項目全部關了重開機又自己掛上去 發現有檔案會自已掛上去
已送virustotal分析
http://goo.gl/kbjVrL
分析結果 但是不是這隻不清楚...
已先拿掉沒辦法反推回去只好從頭再來了...Orz