Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help removing Com Surrogate virus
Message
<blockquote data-quote="Lemmiwinks" data-source="post: 292440" data-attributes="member: 29869"><p>Ok it seems i have another problem. I noticed after removing this virus i couldn't open a text file. Well it did open, but it was just symbols and letters in foreign languages. I thought it was just that one file so i didn't really think about it. But today I found something really concerning on another folder that had word and normal text files that also opened to unreadable text. It is 3 files </p><p></p><p>DECRYPT_INSTRUCTION.TXT </p><p></p><p>INSTALL_TOR.URL</p><p></p><p>DECRYPT_INSTRUCTION.HTML</p><p></p><p></p><p>DECRYPT_INSTRUCTION.TXT has the following inside:</p><p><strong></strong></p><p><strong><em>What happened to your files ?</em></strong></p><p><strong><em>All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.</em></strong></p><p><strong><em>More information about the encryption keys using RSA-2048 can be found here: <a href="http://en.wikipedia.org/wiki/RSA_(cryptosystem)" target="_blank">http://en.wikipedia.org/wiki/RSA_(cryptosystem)</a></em></strong></p><p><strong><em></em></strong></p><p><strong><em></em></strong></p><p><strong><em>What does this mean ?</em></strong></p><p><strong><em>This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,</em></strong></p><p><strong><em>it is the same thing as losing them forever, but with our help, you can restore them.</em></strong></p><p><strong><em></em></strong></p><p><strong><em></em></strong></p><p><strong><em>How did this happen ?</em></strong></p><p><strong><em>Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.</em></strong></p><p><strong><em>All your files were encrypted with the public key, which has been transferred to your computer via the Internet.</em></strong></p><p><strong><em>Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.</em></strong></p><p><strong><em></em></strong></p><p><strong><em></em></strong></p><p><strong><em>What do I do ?</em></strong></p><p><strong><em>Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.</em></strong></p><p><strong><em>If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.</em></strong></p><p><strong><em></em></strong></p><p><strong><em></em></strong></p><p><strong><em>For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:</em></strong></p><p><strong><em>1.<a href="https://paytordmbdekmizq.torsona.com/4N9z3a" target="_blank">https://paytordmbdekmizq.torsona.com/4N9z3a</a></em></strong></p><p><strong><em>2.<a href="https://paytordmbdekmizq.poltornik.com/4N9z3a" target="_blank">https://paytordmbdekmizq.poltornik.com/4N9z3a</a></em></strong></p><p><strong><em>3.<a href="https://paytordmbdekmizq.dogotor.com/4N9z3a" target="_blank">https://paytordmbdekmizq.dogotor.com/4N9z3a</a></em></strong></p><p><strong><em>4.<a href="https://paytordmbdekmizq.torforlove.com/4N9z3a" target="_blank">https://paytordmbdekmizq.torforlove.com/4N9z3a</a></em></strong></p><p><strong><em></em></strong></p><p><strong><em>If for some reasons the addresses are not available, follow these steps:</em></strong></p><p><strong><em>1.Download and install tor-browser: <a href="http://www.torproject.org/projects/torbrowser.html.en" target="_blank">http://www.torproject.org/projects/torbrowser.html.en</a> </em></strong></p><p><strong><em>2.After a successful installation, run the browser and wait for initialization.</em></strong></p><p><strong><em>3.Type in the address bar: paytordmbdekmizq.onion/4N9z3a</em></strong></p><p><strong><em>4.Follow the instructions on the site.</em></strong></p><p><strong><em></em></strong></p><p><strong><em></em></strong></p><p><strong><em>IMPORTANT INFORMATION:</em></strong></p><p><strong><em>Your personal page: <a href="https://paytordmbdekmizq.torsona.com/4N9z3a" target="_blank">https://paytordmbdekmizq.torsona.com/4N9z3a</a></em></strong></p><p><strong><em>Your personal page (using TOR): paytordmbdekmizq.onion/4N9z3a</em></strong></p><p><strong><em>Your personal identification number (if you open the site (or TOR 's) directly): 4N9z3a</em></strong></p><p></p><p>I have not visited any of those sites and am not using my windows partition for the time; I am on Ubuntu at the moment of posting this. I noticed it has affected only my desktop folder and all its sub folders with text files and ms word files. Also, even in Ubuntu the files will open to unreadable text.<em></em></p><p><em></em></p></blockquote><p></p>
[QUOTE="Lemmiwinks, post: 292440, member: 29869"] Ok it seems i have another problem. I noticed after removing this virus i couldn't open a text file. Well it did open, but it was just symbols and letters in foreign languages. I thought it was just that one file so i didn't really think about it. But today I found something really concerning on another folder that had word and normal text files that also opened to unreadable text. It is 3 files DECRYPT_INSTRUCTION.TXT INSTALL_TOR.URL DECRYPT_INSTRUCTION.HTML DECRYPT_INSTRUCTION.TXT has the following inside: [B] [I]What happened to your files ? All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0. More information about the encryption keys using RSA-2048 can be found here: [url]http://en.wikipedia.org/wiki/RSA_(cryptosystem)[/url] What does this mean ? This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. How did this happen ? Especially for you, on our server was generated the secret key pair RSA-2048 - public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. What do I do ? Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1.[url]https://paytordmbdekmizq.torsona.com/4N9z3a[/url] 2.[url]https://paytordmbdekmizq.poltornik.com/4N9z3a[/url] 3.[url]https://paytordmbdekmizq.dogotor.com/4N9z3a[/url] 4.[url]https://paytordmbdekmizq.torforlove.com/4N9z3a[/url] If for some reasons the addresses are not available, follow these steps: 1.Download and install tor-browser: [url]http://www.torproject.org/projects/torbrowser.html.en[/url] 2.After a successful installation, run the browser and wait for initialization. 3.Type in the address bar: paytordmbdekmizq.onion/4N9z3a 4.Follow the instructions on the site. IMPORTANT INFORMATION: Your personal page: [url]https://paytordmbdekmizq.torsona.com/4N9z3a[/url] Your personal page (using TOR): paytordmbdekmizq.onion/4N9z3a Your personal identification number (if you open the site (or TOR 's) directly): 4N9z3a[/I][/B] I have not visited any of those sites and am not using my windows partition for the time; I am on Ubuntu at the moment of posting this. I noticed it has affected only my desktop folder and all its sub folders with text files and ms word files. Also, even in Ubuntu the files will open to unreadable text.[I] [/I] [/QUOTE]
Insert quotes…
Verification
Post reply
Top