Hi everybody, im new here .
I had a problem with a new trojan variant last month.
A new version of the GPCode ransomware that infects users' machines and then encrypts files (.doc, xls, jpg, etc.).
there is a txt in desktop that say:
"Attention!!! All your personal files (photo,documents, texts, databases, certificates, video) have been encrypted by a verystrong cypher RSA-1024. The original files were deleted. You can check - justlook for files in all folders. There is no possibility to decrypt these fileswithout a special decrypt program! Nobody can help you - even don’t try to findanother method or tell anobody. Also after n days all encrypted files will becompletely deleted and you will have no chance to get it back.
We can help to solve this task for 125$ viaukash/psc pre-paid cards. And remember, any harmful or bad words to our sidewill be reason for ignoring your message and nothing will be done. For detailsyou have to send your requests on this email (attach to message a full serialkey shown below in this ‘ how to..’ file on desktop."
This Trojan is new, appears on march this year, Kaspersky labs knows about it. but my question is, McAfee Labs know about it already? Did someone have a similar problem? Does Mcafee VirusScan detect this new variant? I can´t know because the PC was formated. But im worried about it, i had Mcafee installed but trojan infected the machine anyway. I wasn`t able to get a sample, beacuse user formated the machine but there is a problem in file server.
I must apologise for missing this post when it first appeared. This question deserves an answer, so :-
Trojan-Ransom.Win32.Gpcode.bn (Kaspersky) is detected by McAfee as GPcoder.j!B14C45C17920.
According to this document it will be detected by McAfee (it has been on the list since December 2010) and can be removed if you follow the instructions given in the Removal section of the document.
Message was edited by: Hayton on 03/05/11 05:37:29 IST