CurePCSolutions, ads .exe to files

[JjJames]

Nope havent received anything from them. i sent them a mail with the file, and an explenation of the problem.

 

I still have some of the infected files, but offcourse they are still useless.

 

No more problems with the pc, but i havent had problems with it since i deleted that dll and some reg keys.

[Thanos]

hi JjJames

 

Sorry for that Hope Qc001 has some secret weapon to fix the problem

 

wish you a merry Christmas

Modifié le 24 décembre 2006 par charles ingals

[Mark]

Charly, James ;

 

Merry Christmas to you both (and to all)

 

Secret weapon up my sleeve ? Nope..

 

I've been doing some searching on the Dr.Web decoder(s), but most sites that come up are Russian which I do not understand. The variant you have does appear to be new, and possibly not decoded by any publicly released tool so far.

 

I wish I had better news... Best bet is to wait for an official response from Dr.Web

 

I would certainly advise against paying the ransome money to those rogue pushers though..

 

Are you willing to wait a bit more James ? We'll be here anyway

 

Talk to you soon then

[JjJames]

Hi everyone,

and merry xmas to you all.

 

offcourse i am willing to wait. I know i havent had an answer yet, but if they are working on it, it might offcourse take a while before they find something.

 

when i first posted here, typing "curepcsolutions" in google gave 2 pages of results, now, it finds 11 pages. so it is defently spreading, and maybe someone will find some way to decrypt the files. so i'll keep them on backup for now.

 

Thanks for the help so far, and i wish you a happy start to the new year. (and may it be malware free )

 

JjJames

[Mark]

Hi James

 

I've just received your message. Just so that folks following this will understand, I'll review quickly what we've discussed, along with what you did to resolve this infection

 

Dr.Web did not reply to your support request ; too bad.. In the meantime, we had another victim with the same infection ; files were sent for analysis, and some of our experts were able to crack the code, allowing infected files to be cured. My thanks to them

 

After I contacted you yesterday with a brief description of where we stood, you decided to follow instructions from the other topic (given by me). I would have preferred we do it here, in this topic, but I can live with the outcome ! You ran the antivirus tool (Dr.Web CureIt), which repaired the files, and then you manually removed the double extensions (.exe) attached to those infected files. Your files are now usable again

 

You've also told me that AVG Antivirus now detects the infected files ; one problem though... the files are deleted instead of being repaired. I'm guessing they found their way to the Virus Vault (quarantine), so you were able to recover them from there. Thanks for the heads up on that one

===============================

 

Now, in order to bring some closure to this ordeal, could you please post the CureIt report, as well as a new HijackThis! log ? Let us know how things are going with the computer.

 

Thanks..

 

Mark.