|
Description:
This memory-resident Trojan arrives via Internet or copied from disks. Upon execution, it encrypts all files on the system having the following extensions:
- ASC
- DB
- DB1
- DB2
- DBF
- DOC
- HTM
- HTML
- JPG
- PGP
- RAR
- RTF
- TXT
- XLS
- ZIP
As a consequence, the files with the above-mentioned extensions become unreadable after infection.
In order to ensure that only one instance of itself is running in memory at a time, it creates the mutex encoder_v1.0.
It then drops the file ATTENTION!!!.TXT into each folder where the encrypted files are located. The dropped .TXT file contains the following strings:
Some files are coded.
To buy decoder mail: n781567@yahoo.com
with subject: PGPcoder 000000000032
This Trojan also modifies the registry to ensure its automatic execution every Windows system startup.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 21, 2005 11:23:03 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
