Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1805 Views 2 Replies Latest reply: May 2, 2011 11:36 PM by Hayton RSS
rporta Newcomer 2 posts since
Apr 7, 2011
Currently Being Moderated

Apr 7, 2011 10:41 AM

New Variant of GPcode ransomware?

Hi everybody, im new here .


I had a problem with a new trojan variant last month.


A new version of the GPCode ransomware that infects users' machines and then encrypts files (.doc, xls, jpg, etc.).



there is a txt in desktop that say:

"Attention!!! All your personal files (photo,documents, texts, databases, certificates, video) have been encrypted by a verystrong cypher RSA-1024. The original files were deleted. You can check - justlook for files in all folders. There is no possibility to decrypt these fileswithout a special decrypt program! Nobody can help you - even don’t try to findanother method or tell anobody. Also after n days all encrypted files will becompletely deleted and you will have no chance to get it back.

We can help to solve this task for 125$ viaukash/psc pre-paid cards. And remember, any harmful or bad words to our sidewill be reason for ignoring your message and nothing will be done. For detailsyou have to send your requests on this email (attach to message a full serialkey shown below in this ‘ how to..’ file on desktop."


This Trojan is new, appears on march this year, Kaspersky labs knows about it. but my question is, McAfee Labs know about it already? Did someone have a similar problem? Does Mcafee VirusScan detect this new variant? I can´t know because the PC was formated. But im worried about it, i had Mcafee installed but trojan infected the machine anyway. I wasn`t able to get a sample, beacuse user formated the machine but there is a problem in file server.



  • Hayton Volunteer Moderator 4,596 posts since
    Sep 27, 2010
    Currently Being Moderated
    2. May 2, 2011 11:37 PM (in response to rporta)
    Re: New Variant of GPcode ransomware?

    I must apologise for missing this post when it first appeared. This question deserves an answer, so :-

  (Kaspersky) is detected by McAfee as GPcoder.j!B14C45C17920.


    According to this document it will be detected by McAfee (it has been on the list since December 2010) and can be removed if you follow the instructions given in the Removal section of the document.


    Message was edited by: Hayton on 03/05/11 05:37:29 IST

    Volunteer Moderator  Leeds, UK
    No PM's please

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points