shajuthomas 0 Posted January 24, 2015 Share Posted January 24, 2015 Dear All, An email is received with the attachment cyclized.zip; after opening this file all the files (word, excel, jpg, pdf) extensions were renamed to .iktguub at the end of original file name extension (eg. test.doc.iktguub). Even after renaming the file to its original name; the file is not opening and a message says the file type is not supported or corrupted. The entire system is affected except the .pst outlook files. Antimalware, spybot, eset, Win32/Dorkbot, Microsoft Safety Scanner, Malicious Software Removal Tool ---all tools used but still the files are unable to open. Word files are opening with a non-readable format. (extension renamed files are uploaded as the .iktguub extensions are not supported while uploading to this site) Pls help Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted January 24, 2015 Administrators Share Posted January 24, 2015 Probably you didn't have ESET fully updated or functional as the mentioned detection is several days old. ESET was one of very few vendors to detect this CTB Cryptolocker / Filecoder (Win32/Filecoder.DA). If that's the case case, affected files cannot be decrypted and you'll need to restore them from a backup. Suggestions: - make sure you have the latest version of an ESET product installed (v8) - make sure you have a valid license and ESET updates properly - make sure you use default settings for real-time protection and have Live Grid enabled. Link to comment Share on other sites More sharing options...
shajuthomas 0 Posted January 25, 2015 Author Share Posted January 25, 2015 Is there any possibility of getting a tool from eset to decrypt the files. Link to comment Share on other sites More sharing options...
rugk 397 Posted January 25, 2015 Share Posted January 25, 2015 (edited) Here a link to Win32/Filecoder.CA: hxxp://www.virusradar.com/en/Win32_Filecoder.DA/description If you see that the description fits to your system then you are surely affected by it. There is even a full article on WeLiveSecurity about this threat: CTB-Locker: Multilingual Malware Demands Ransom Future news about this threat you may find with the tag CTB. There you can also find the information that you can't encrypt the files. But there they have also listed some tips - some of them Marcos already listed above. Edited January 25, 2015 by rugk Link to comment Share on other sites More sharing options...
khairulaizat92 9 Posted February 4, 2015 Share Posted February 4, 2015 Is there any possibility of getting a tool from eset to decrypt the files. Nope, eset or any AV vendor didnot provide any tool to decrypt the file, and i did found some soft on Mr Google claiming it can decrypt file encrypt by CTB and put a test on some of infected PC, but it seems not successfully decrypt. The only way is to prevent, once its effected, the chances to recover is as low as 1%. Link to comment Share on other sites More sharing options...
Recommended Posts