Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Short description
Win32/Filecoder.C is a trojan that encrypts files on local drives. To decrypt files the user is requested to send an SMS message to a specified telephone number in exchange for a password/help.
Installation
The trojan does not create any copies of itself.

The following file is dropped into the %windir% folder:
  • CryptLogFile.txt
Payload information
Win32/Filecoder.C is a trojan that encrypts files on local drives.

The trojan searches local drives for files with the following file extensions:
  • .ace
  • .bmp
  • .cdr
  • .djvu
  • .doc
The trojan encrypts the file content.

The trojan creates the following file:
  • %systemdrive%\Прочти Меня - как расшифровать файлы.txt
It contains the following text:
  • Внимание!
  • Файлы заблокированы!
  • Чтобы разблокировать, отправь SMS на номер 8385 с текстом "cwm545" (без кавычек).
The encrypted files can be returned to their original state using the following command:
  • %malwarepath% 112211