Safe-data.ru - New virus with no solution?

November 30, 2010 at 03:55:29
Specs: Windows XP
Recently my personal computer has been infected with what appears to be a relatively new virus.

The computer boots to a DOS screen that says

Your PC is blocked.
All the hard drives were encrypted.
Browse www. safe-data. ru to get an access to your system and files.
Any attempt to restore the drives using other way will lead to inevitable data loss.
Please remember: Your ID: 773923
with its help your sign-on password will be generated.
Enter password:

On visiting the website it asks that I pay USD 100 to decrypt my hard drives and any other methods will result in complete data loss.

I have done google searches on my problem with no avail. I have considered reformatting but I am against this because my computer has important files both personal and professional.

Any help on this matter?


See More: Safe-data.ru - New virus with no solution?

Report •


#1
November 30, 2010 at 04:07:39
First thing I'd try is to boot the system from a Live Linux CD (Ubuntu or Kaspersky's Rescue Disk, for example) and see if your data is actually encrypted, if it isn't then back it up straight away before doing anything else.

If it is encrypted (you may find that the original filenames have a .crypt suffix) then you have real problems because the system uses part of Windows' own legitimate encryption system and a key is often the only answer.

You can read more about a previous version HERE

"I've always been mad, I know I've been mad, like the most of us..."


Report •

#2
November 30, 2010 at 11:56:26
lesson number ONE for you....NEVER click anywhere on any of those alerts. Just depress the power button and shut down the PC and then reboot...the problem will be gone. That is all water under the bridge now so it's time to attempt removing the booger from the registry.

Tap f8, and try safemode with networking, then download the following to your desktop
1- rkill.exe
2- tdss killer
3- Malwarebytes
4- Trojan Remover
5- Hitman pro.
Then reboot and start with rkill.exe and then run all the others (don't reboot inbetween them as the rkill will stop working) and remove all they find.
Then reboot.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
November 30, 2010 at 13:04:12
I've the same virus and also the same ID! so, i've tryed to recovery the data with r-studio (http://www.data-recovery-software.net/), and it work.. there is'n a real encryption but the virus delete only the mbr sector and start with this screen..
http://img541.imageshack.us/img541/...

Report •

Related Solutions

#4
December 1, 2010 at 04:09:20
@ghostolo90 How did you run r-studio if you can't get into windows?

Report •

#5
December 1, 2010 at 05:53:24
@Alex25 i've used an external box..
The step to restore the disk and have it working like before are:
- recover the MBR sector (i used Active@ Partition Recovery http://www.partition-recovery.com/ throught the bootable cd)
- boot with an xp installation disk, enter in the recovery console
- make a "fixmbr"
- make a "fixboot"
- restart PC
this worked successfully for me!
Windows load correctly.. but the virus aren't disappeared.. i've removed them manually..

Report •

#6
December 1, 2010 at 14:28:06

Report •

#7
December 1, 2010 at 21:58:59
@TrojanCentaur THANK YOU! You're a life saver!!
This recovered my system! But how do I remove the virus all together?

Report •

#8
December 4, 2010 at 08:36:52
I have the same problem. Can someone provide the step by step for dummies? SHould a restart my PC? etc. I'm really lost here and stuck with the need for my PC! Thanks for any help provided!

Report •

#9
January 28, 2011 at 04:17:10
Go to http://www.bleepingcomputer.com/ and search for article "New infection ransoms your computer with fake encryption message" click on the link am I infected for help. It's on their main page today 1/28/11.

Report •

#10
January 28, 2011 at 06:33:14
TechoMom, Actually that link doesn't offer a solution for the problem, it just takes you to their virus forum.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question