Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Filecoder.E is a trojan that encrypts files on local drives. To decrypt files the user is requested to send an SMS message to a specified telephone number in exchange for a password/help.
InstallationWhen executed, the trojan copies itself into the following location:
The trojan creates the following files:
The following Registry entries are created:
- %drive%HOW TO DECRYPT FILES.txt
- %drive%КАК РАСШИФРОВАТЬ ФАЙЛЫ
"(Default)" = "LQWGAQGIVE"
"(Default)" = "CRYPTED!"
Payload informationWin32/Filecoder.E is a trojan that encrypts files on local drives.
The trojan searches local drives for files with the following file extensions:
When the trojan finds a file matching the search criteria, it creates its duplicate.
The file name and extension of the newly created file is derived from the original one. An additional ".crypted" extension is appended.
The trojan encrypts the file content.
The trojan then deletes the original files.
Other informationThe trojan displays the following message:
When the correct password is entered the trojan removes itself from the computer.