Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Aitkulov2014-02-03 11:21:28
Malware
Dmitry Aitkulov, 2014-02-03 11:21:28

How to recover from covsssss.exe virus?

There was a virus attack covsssss.exe and covsssss.exe//UPX. Windows server 2003 R2 enterprise x64. This virus damaged all Word and Excel files, as well as all 1s 8 bases and sevens .MD and .DBF files. I added the .cov extension and created a text file "HOW TO DECRYPTION FILES.txt" and in it such text.
Attention! All your files are encrypted!
To restore your files and get access to them,
contact us by email: [email protected]
You have 5 attempts to enter the code. If this amount is exceeded
, all data will be irreversibly damaged. Be
careful when entering the code!
Kaspersky Anti-Virus for server version 6. Of course, it strangled the virus, but the files could not be restored. When the .COV extension is removed, it says that the file is destroyed anyway. Of course, you can restore the virus files from the repository, but it's scary that the virus will be active again.
I decided to write to this person by mail and received this answer:
"no guarantees, except for my word, and the program was / is already on your PC - it is used for encryption and decryption, but I send it because 95% of it is deleted by antiviruses
and decryption only possible with the help of a program + code.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dmitry Aitkulov, 2014-02-05
@Scarfase1989

Here is Drweb's instruction:
Files are encrypted by a Trojan of the Trojan.Encoder.94 family
. Decryption is possible.
For decryption, the latest version of our te94decrypt utility is required
(in any case, not lower than v.1.7.27) Download the
current version of te94decrypt from the link
HERE
like this:
te94decrypt.exe -k 415
// decrypt files on all drives
or like this:
te94decrypt.exe -k 415 -path D:\Path
// decrypt files only in directory D:\Path
Decryption goes to new files; by principle:
"document.doc.cov" (encrypted) => "document.doc" (decrypted)
On the disk, accordingly, free space will be required equal to the total volume of encrypted files.

Report
Q
q-zar, 2014-02-21
@q-zar

Cryptographer. Asks for money. Contact [email protected]
After payment, they gave the password oPS9F7Urpqlp5ufyf4B95Lg3M4UPU.
When launched, it copies itself to the tempo under the name S3Rf5cWJf0B87Tq.exe and sets it to autoload in the registry, it also encrypts all available files both on the local drive and on the network. Appends the .Zew extension to encrypted files. On subsequent launches, it checks for itself in tempo, after which it prompts you to enter a password. After entering the password everything decrypts and removes itself from the pace!

Report
T
trall, 2014-02-03
@sashablashenkov

Look here , it might help

Similar questions
Y
yupic2014-02-01 12:24:38
Why do new followers appear on twitter without my knowledge? 6Reply
S
Sergey2014-02-02 23:02:29
Where do antiviruses get signatures? 1Reply
A
Alistair O2018-09-14 10:13:36
How to use hash function in yara64.exe? 0Reply
D
Daniel2018-09-16 10:07:03
How to detect a vulnerability on a website? 2Reply
E
Egor Petrov2016-04-25 11:47:30
What overloads the central processor and how to check it? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question