TROJ_GPCODE.AC

概述恶意程序类型:Trojan

别名:No Alias Found

在外流行:无

破坏性:无

语言:English

平台:Windows 98, Me, NT, 2000, XP, Server 2003

加密:无

描述:

This Trojan may arrive as a dropped file or downloaded file of another malware.

This Trojan encrypts all files with certain extension names found on any readable and writable drive.

As a result, the said files become unreadable. It then drops and opens the file ASAP!!!.TXT on the current user's Desktop folder.

解决方案

Identifying the Malware Files

1.Scan your computer with your Trend Micro antivirus product.

2.Note the path and file name of all files detected asTROJ_GPCODE.AC.

Trend Micro customers need to download the latest virus pattern file before scanning their computer. Other users can use Housecall, the Trend Micro online threat scanner.

Terminating the Malware Process

This procedure terminates the running malware process. You will need the name(s) of the file(s) detected earlier.

1.Open Windows Task Manager.

• On Windows 98 and ME, press

CTRL+ALT+DELETE

• On Windows NT, 2000, XP, and Server 2003, press

CTRL+SHIFT+ESC, then click the Processes tab.

2.In the list of running programs*, locate the malware file(s) detected earlier.

3.Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.

4.Do the same for all detected malware files in the list of running processes.

5.To check if the malware process has been terminated, close Task Manager, and then open it again.

6.Close Task Manager.

--------------------------------------------------------------------------------

*NOTE: On computers running Windows 98 and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process.

If the process you are looking for is not in the list displayed by Task Manager or Process Explorer, continue with the next solution procedure. If the malware process is in the list displayed by either Task Manager or Process Explorer, but you are unable to terminate it, restart your computer in safe mode.

Deleting the Malware File(s)

1.Right-click Start then click Search... or Find..., depending on the version of Windows you are running.

2.In the Named input box, type:

ASAP!!!.txt

3.In the Look In drop-down list, select My Computer, then press Enter.

4.Once located, select the file then press SHIFT+DELETE.

Restoring Deleted or Overwritten Files

Files which have been deleted or overwritten by the malware, can be restored from backup or using installers.

Important Windows ME/XP Cleaning Instructions

Users running Windows ME and XP mustdisable System Restoreto allow full scanning of infected computers.

Users running other Windows versions can proceed with the succeeding solution set(s).

Running Trend Micro Antivirus

If you are currently running in safe mode, please restart your computer normally before performing the following solution.

Scan your computer with Trend Micro antivirus and delete files detected asTROJ_GPCODE.AC. To do this, Trend Micro customers must download the latest virus pattern file and scan their computers. Other Internet users can use HouseCall, the Trend Micro online threat scanner.

细节:常驻内存: 是

恶意程序大小: 53,760 Bytes

--------------------------------------------------------------------------------

发作形态 1: Encrypts files with certain extension names

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

This Trojan may arrive as a dropped file or downloaded file of another malware.

This Trojan encrypts all files with the following extension names found on any readable and writable drive:

txt

xls

doc

pps

ppt

docx

xlsx

pptx

rtf

mdb

vsd

vst

csv

mpl

zip

rar

As a result, the said files become unreadable. It then drops and opens ASAP!!!.TXT on the current user's Desktop folder. The text file contains the following message.

Dear User,

Thank you for using our service. We've recently inspected your system and found out many critical security holes. It's not a joke, and it bring out clearly that we were able to crypt all of your text files, documents, archives and data files. For your security we did it before than someone else: hacker, virus or just stupid vandal. In world, hijackers are hunting for your bank account, credit card information, or something valuable. Now, even if they'll hack your computer they steal nothing, because all of your important files are now crypted and secured. There is no technology or scientific method to crack this kind of encrypting in near future Unfortunatelly as like other job, our services cost money. Just only 150$ US dollars. It is worth much less than if you loose all your files. We accept only Western Union, and we garantee that your'll receive decrypting program with detailed manual in less than hour after we'd received your payment. If you need your information back, just send an email to:

xxxxxxxx

and we'll send you further instructions in 5 minutes.

Do not worry, you'll get all back in hour after we get Western Union Transfer details. ONLY IN ONE HOUR!!!

We are sorry for your inconvenience, but better we and less, than somebody and more.

Q. I didn't order your service and dont want to pay! I'll go to police!

A. It's up to you. If you belive they do it better, then do it.

Q. I am poor studentankrupthousewife. I dont have money.

A. It'a sad to hear.

Q. I've sent an email to you for a discount.

A. Sorry, but we can't answer to all our correspondents due to high load.

Q. I need my information ASAP!

A. Dont worry! You will get it in one hour after we receive your MTSN. (western union control number)

Q. How i can trust you? Maybe you'll rip me?

A. We understand if you send money for our work-your info important for you.And we don't want make your life worse.You'll certanly get the Decription Program.

Thank you ,

Network Security Audit Plus.

This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003.

统计

自 August 17, 2007 感染计算机病毒

North America 3

Africa 0

South America 0

Asia 0

Europe 0

Australia and New Zealand 0

总计 3

前 10 名国家或地区

United States 3

感染率

Africa 0.0%

South America 0.0%

Asia 0.0%

Europe 0.0%

Australia and New Zealand 0.0%

North America 0.0%

• ·政策可信
• ·玩的就是心跳
• ·GK1C
• ·资本控制
• ·方于鲁文彩双鸳鸯墨
• ·资产组合分析法
• ·最优货币区
• ·歌姫
• ·明嘉靖江正玄玉墨
• ·张善孖