TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_GPCODE.AC
Overview
Solution

Malware type: Trojan

Aliases: Generic.dx (McAfee), Trojan.Randsom.B (Symantec), TR/Gpcode.H (Avira), Mal/Emogen-G (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_GPCODE.AC Behavior Diagram

Malware Overview

This Trojan may arrive as a dropped file or downloaded file of another malware.

It encrypts all files with certain extension names found on any readable and writable drive.

As a result, the said files become unreadable. It then drops and opens the file ASAP!!!.TXT on the current user's Desktop folder. The said text file informs the user that the files have been encrypted, and that special software must be purchased to decrypt the files:

Dear User,

Thank you for using our service. We've recently inspected your system and found out many critical security holes. It's not a joke, and it bring out clearly that we were able to crypt all of your text files, documents, archives and data files. For your security we did it before than someone else: hacker, virus or just stupid vandal. In world, hijackers are hunting for your bank account, credit card information, or something valuable. Now, even if they'll hack your computer they steal nothing, because all of your important files are now crypted and secured. There is no technology or scientific method to crack this kind of encrypting in near future Unfortunatelly as like other job, our services cost money. Just only 150$ US dollars. It is worth much less than if you loose all your files. We accept only Western Union, and we garantee that your'll receive decrypting program with detailed manual in less than hour after we'd received your payment. If you need your information back, just send an email to:

xxxxxxxx

and we'll send you further instructions in 5 minutes.
Do not worry, you'll get all back in hour after we get Western Union Transfer details. ONLY IN ONE HOUR!!!

We are sorry for your inconvenience, but better we and less, than somebody and more.

Q. I didn't order your service and dont want to pay! I'll go to police!
A. It's up to you. If you belive they do it better, then do it.

Q. I am poor student\bankrupt\housewife. I dont have money.
A. It'a sad to hear.

Q. I've sent an email to you for a discount.
A. Sorry, but we can't answer to all our correspondents due to high load.

Q. I need my information ASAP!
A. Dont worry! You will get it in one hour after we receive your MTSN. (western union control number)

Q. How i can trust you? Maybe you'll rip me?
A. We understand if you send money for our work-your info important for you.And we don't want make your life worse.You'll certanly get the Decription Program.

Thank you ,

Network Security Audit Plus.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 17, 2007 2:11:45 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.