D
D
Dmitry Aitkulov2014-07-04 10:08:01
Malware
Dmitry Aitkulov, 2014-07-04 10:08:01

How to recover files after Trojan-Ransom.Win32.Rector?

Good afternoon. I had a servacheg under 1c 7.7 with a static IP and everything was fine until yesterday evening. They broke the server and brought in the Trojan-Ransom.Win32.Rector Trojan (this name was given by RectorDecryptor from Kaspersky). It hangs in quarantine with the following name. In quarantine, the Trojan HEUR:Trojan.Win32.Generic (modification) After that, long names appeared for the files "id-{TFPBOYJUFQAKWGRBOXHSCNYJUEQAMWHRCNXI-07/04/2014 [email protected]@541656009}[email protected] ru.cbf". The server is running Kaspersky Antivirus 6 with an expired license for the server and Windows 2008 SP2. The antivirus itself quarantined the harmful exe file, but still it managed to damage something. I can’t write to DRWeb technical support because I don’t have a corporate license. There was a similar problem herebut it was successfully resolved. Guys who faced this problem share the solution? Maybe someone knows the thread keys to run the decryptor from other web? Or does anyone have a corp license to create a request for those support? I will be glad for any help. Thank you all in advance.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
G
glGizma, 2015-06-10
@glgizmawin32

Send me a file that is encoded, I'll try to make a cheat! [email protected]

D
Dmitry Aitkulov, 2014-07-05
@Scarfase1989

updated files Here are infected files in the archive and files that one good person could decrypt, but you need a script, otherwise it’s a shame to ask to decrypt all files

S
slavatsoy3, 2014-07-09
@slavatsoy3

The same trouble.
1C files were restored by the getdata back program.
But I haven't found a decryption yet. Utilities from Kaspersky and dr Web do not help.
tell me how you decrypted the data?
At least part of the files would be opened manually.

M
mamudputin, 2014-07-09
@mamudputin

in general, so other web treatment is! how to use it???? just asks files broken \ not broken and they have a different size and that's it - they know something but are silent and .............. tell me how these workers differ from extortionists? there is an assumption that they themselves are! prog 567 is called from them to ask for no sense and others are forbidden to help those who have been helped ???

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question