0 Replies Latest reply on Mar 20, 2009 1:11 PM by paullotion

    Antivirus2009- Ransomware

      Security experts are warning that some new "scareware" programs, software that tries to frighten consumers into purchasing bogus security products, also encrypt the victim's digital documents until he or she agrees to pay a $50 ransom demand.

      Newer versions of scareware family Antivirus2009 warn users in a fake Windows alert that files in the "My Documents" folder are corrupt. The program them directs the victim to download a program called "FileFixerPro" to fix the supposedly corrupt files.

      In fact, this version of Antivirus2009 encrypts or scrambles contents of documents in that folder, so that only users who pay $50 for a FileFixerPro license can get the decryption key needed to regain access to the files in their My Documents folder.

      A number of security forums have chronicled the rise of this nasty development in scareware evolution. This thread, over at the "devshed" Web development forum, includes cries for help from a number of people who have apparently had their documents scrambled by this threat.

      There is good and bad news here. The good news is the nice folks over at BleepingComputer.com, a very active computer-help forum, have posted detailed instructions on how to remove FileFixerPro. The bad news is that these instructions won't help get a victim's documents back.
      http://voices.washingtonpost.com/securityfix/2009/03/antivirus2009_holds_victims _do.html

      Bleeping Computer Fix:
      http://www.bleepingcomputer.com/forums/topic212357.html