Answer the question
In order to leave comments, you need to log in
How to recover from covsssss.exe virus?
There was a virus attack covsssss.exe and covsssss.exe//UPX. Windows server 2003 R2 enterprise x64. This virus damaged all Word and Excel files, as well as all 1s 8 bases and sevens .MD and .DBF files. I added the .cov extension and created a text file "HOW TO DECRYPTION FILES.txt" and in it such text.
Attention! All your files are encrypted!
To restore your files and get access to them,
contact us by email: [email protected]
You have 5 attempts to enter the code. If this amount is exceeded
, all data will be irreversibly damaged. Be
careful when entering the code!
Kaspersky Anti-Virus for server version 6. Of course, it strangled the virus, but the files could not be restored. When the .COV extension is removed, it says that the file is destroyed anyway. Of course, you can restore the virus files from the repository, but it's scary that the virus will be active again.
I decided to write to this person by mail and received this answer:
"no guarantees, except for my word, and the program was / is already on your PC - it is used for encryption and decryption, but I send it because 95% of it is deleted by antiviruses
and decryption only possible with the help of a program + code.
Answer the question
In order to leave comments, you need to log in
Here is Drweb's instruction:
Files are encrypted by a Trojan of the Trojan.Encoder.94 family
. Decryption is possible.
For decryption, the latest version of our te94decrypt utility is required
(in any case, not lower than v.1.7.27) Download the
current version of te94decrypt from the
link
HERE
like this:
te94decrypt.exe -k 415
// decrypt files on all drives
or like this:
te94decrypt.exe -k 415 -path D:\Path
// decrypt files only in directory D:\Path
Decryption goes to new files; by principle:
"document.doc.cov" (encrypted) => "document.doc" (decrypted)
On the disk, accordingly, free space will be required equal to the total volume of encrypted files.
Cryptographer. Asks for money. Contact [email protected]
After payment, they gave the password oPS9F7Urpqlp5ufyf4B95Lg3M4UPU.
When launched, it copies itself to the tempo under the name S3Rf5cWJf0B87Tq.exe and sets it to autoload in the registry, it also encrypts all available files both on the local drive and on the network. Appends the .Zew extension to encrypted files. On subsequent launches, it checks for itself in tempo, after which it prompts you to enter a password. After entering the password everything decrypts and removes itself from the pace!
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question