Full
Name: |
Arhiveus |
Type: |
Trojan |
Also Known As: |
MayArchive.b (F-Secure), Trojan.Archiveus (Symantec) |
Danger Level: |
4 |
Category Description: |
Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software. |
Official Description: |
Archiveus bundle randomly selected files (mostly data files) from your computer into a password-protected archive and deletes the original files. It then asks you to buy any product from a specific site to get your files back.
Presence of one or all of the following files may indicate that Archiveus has affected you computer.
%SystemDrive%\EncryptedFiles.als
%UserProfile%\My Documents\Demo.als
%UserProfile%\My Documents\EncryptedFiles.als
%UserProfile%\INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt
The files 'EncryptedFiles.als' and 'Demo.als' contain the original files in archived form.
File 'INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt' has the instructions you must follow in order to get your files back. The content of 'INSTRUCTIONS HOW TO GET YOUR FILES BACK.txt' is shown below.
====================================================================================
INSTRUCTIONS HOW TO GET YOUR FILES BACK
READ CAREFULLY
This is automated report generated by auto archiving software.
All your documents, text files and databases was archived
with the long password.
You can not guess the password for your archived files - password
length is more than 30 symbols that makes all password recovery
programs fail to bruteforce it (guess password by trying all
possible combinations).
Do not try to search for a program that encrypted your information - it
simply does not exist in your hard disk anymore.
System backup will not help you to restore files.
Reporting to police about a case will not help you, they do not know the
password. Reporting somewhere about our email account will not help
you to restore files. Moreover, you and other people will lose contact
with us, and consequently, all the encrypted information.
WE DO NOT ASK YOU FOR ANY MONEY! We only want to do business with you.
You can even EARN extra money with us.
If you really care about the documents and information in encrypted files,
you should send an email to restoring@[blocked].net or restoringfiles@[blocked].com
This is your only way to get your files back and save your time.
We do not want to do you any harm, we do not ask you for money, we only
want to do business with you.
##########################################################################
Remember you are just one step away from your files
##########################################################################
=======================================================================================
Once you replied back to the given email id, you will get a reply mail like the one shown below.
=======================================================================================
------------------------------
How to get your information back.
1. Follow the link below
http://[blocked].info/?570b5653aF03c0e3d6Adfc029aTdca79
and enter our online pharmacy. Our online pharmacy is the world leader in
FDA approved medications.
2. Choose any product you like and buy it.
3. Send an email with your order id to our email address restoring@[blocked].net or restoringfiles@[blocked].com
The password will be sent to your email address as soon as we verify your
order id (usually 3-4 hours or shorter) and you will get your information
in encrypted file back. All the emails with invalid order ids will be ignored.
------------------------------
We do not ask you for any money! We guarantee that you will receive the product
you buy! You can use it by yourself or even sell and earn extra money because
all the products in our online pharmacy are discounted!
We guarantee that you will receive the password for encrypted file as soon as you buy
any product in our online pharmacy.
We guarantee that you will be able to restore all the encrypted information and we can
prove it. Doubleclick on the file Demo.als and enter the following password:
kfnr3kseo2uurnn33xxss883hd731bdjaebq
The encrypted information will be restored in several seconds.
The file EncryptedFiles.als is encrypted with another password which you will receive
in the email from us.
We guarantee that you will never be asked to buy anything in our online pharmacy again.
We do not want to do you any harm, we do not ask you for money, we only want to do business with you.
=========================================================================================
|
|
|
Manual Removal: |
Note: Do not remove this trojan until you restore your files back, as removing the trojan before getting your files back will leads to permanent loss of your files.
To restore your files back, follow the instructions given below.
1. Open 'EncryptedFiles.ALS'.
2. Click OK for the popup window shown that has the 'Read INSTRUCTIONS to get your files back' message.
3. Click Extract in the window shown.
4. Type 'AssociateFileExtension' (without quotes) into the window prompting to enter password. And click OK.
5. Close the window once all the files are unpacked.
6. Run X-Cleaner to remove the trojan safely.
|
Back to the list of products removed by X-Cleaner
|