Jump to content

iktguub file name extension / cyclized.zip - a variant of Win32/Kryptik.CVRX trojan


Recommended Posts

Dear All,

An email is received with the attachment cyclized.zip; after opening this file all the files (word, excel, jpg, pdf) extensions were renamed to .iktguub at the end of original file name extension (eg. test.doc.iktguub).

Even after renaming the file to its original name; the file is not opening and a message says the file type is not supported or corrupted.

The entire system is affected except the .pst outlook files.

Antimalware, spybot, eset, Win32/Dorkbot, Microsoft Safety Scanner, Malicious Software Removal Tool ---all tools used but still the files are unable to open.

 

Word files are opening with a non-readable format. (extension renamed files are uploaded as the .iktguub extensions are not supported while uploading to this site)

 

Pls help

Link to comment
Share on other sites

  • Administrators

Probably you didn't have ESET fully updated or functional as the mentioned detection is several days old. ESET was one of very few vendors to detect this CTB Cryptolocker / Filecoder (Win32/Filecoder.DA). If that's the case case, affected files cannot be decrypted and you'll need to restore them from a backup.

 

Suggestions:

- make sure you have the latest version of an ESET product installed (v8)

- make sure you have a valid license and ESET updates properly

- make sure you use default settings for real-time protection and have Live Grid enabled.

Link to comment
Share on other sites

Here a link to Win32/Filecoder.CA: hxxp://www.virusradar.com/en/Win32_Filecoder.DA/description

If you see that the description fits to your system then you are surely affected by it.

 

There is even a full article on WeLiveSecurity about this threat: CTB-Locker: Multilingual Malware Demands Ransom

Future news about this threat you may find with the tag CTB.

There you can also find the information that you can't encrypt the files. But there they have also listed some tips - some of them Marcos already listed above.

Edited by rugk
Link to comment
Share on other sites

  • 2 weeks later...

Is there any possibility of getting a tool from eset to decrypt the files.

 

Nope, eset or any AV vendor didnot provide any tool to decrypt the file, and i did found some soft on Mr Google claiming it can decrypt file encrypt by CTB and put a test on some of infected PC, but it seems not successfully decrypt. The only way is to prevent, once its effected, the chances to recover is as low as 1%. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...