2 Replies Latest reply: May 2, 2011 11:37 PM by Hayton RSS

    New Variant of GPcode ransomware?

      Hi everybody, im new here .


      I had a problem with a new trojan variant last month.


      A new version of the GPCode ransomware that infects users' machines and then encrypts files (.doc, xls, jpg, etc.).



      there is a txt in desktop that say:

      "Attention!!! All your personal files (photo,documents, texts, databases, certificates, video) have been encrypted by a verystrong cypher RSA-1024. The original files were deleted. You can check - justlook for files in all folders. There is no possibility to decrypt these fileswithout a special decrypt program! Nobody can help you - even don’t try to findanother method or tell anobody. Also after n days all encrypted files will becompletely deleted and you will have no chance to get it back.

      We can help to solve this task for 125$ viaukash/psc pre-paid cards. And remember, any harmful or bad words to our sidewill be reason for ignoring your message and nothing will be done. For detailsyou have to send your requests on this email (attach to message a full serialkey shown below in this ‘ how to..’ file on desktop."


      This Trojan is new, appears on march this year, Kaspersky labs knows about it. but my question is, McAfee Labs know about it already? Did someone have a similar problem? Does Mcafee VirusScan detect this new variant? I can´t know because the PC was formated. But im worried about it, i had Mcafee installed but trojan infected the machine anyway. I wasn`t able to get a sample, beacuse user formated the machine but there is a problem in file server.