HPE Community
Operating System - Linux
1753934 Members
9905 Online
108810 Solutions
New Discussion юеВ

Virus or What?

 
Netsanet
New Member

тАО07-24-2008 06:13 AM

тАО07-24-2008 06:13 AM

Virus or What?

This is what I found to be contents of my files with a 1 KB size:

"Sorry I am really sorry. I don't want to do it again. This is my first and may be the last if you agree to help me.

Do you want to get your files back? That is so easy just do this. I want you to write a mail to
Zlovel_4evr@yahoo.com
stating how much I loved her.

You know├в ┬ж I gave her everything I had, my heart my phase├в ┬ж. all what I can and had but she gave me nothing
except pain. Now she leaves me alone and I am felling now empty inside. I can't to live without her. That is why I
burnt your files. I know may be this file is vital for you as your mail is for me. Be sure I will give your files back with
out any damage. Be sure and trust me.

Take a minute from your busy time and write a nice message to her. Then you will get all your files as befor.

Thank you for your cooperation. And I hope you will give me a pardon for my miss use of knowledge. I did it
because I left with no other option."

All my files, office files specially, are changed to such a content.

What is this? A virus? Or what? And what can I do? Please Please...?

I have attached a file changed to such a content.

Netsanet
0 Kudos
Reply
2 REPLIES 2
Steven Schweda
Honored Contributor

тАО07-24-2008 06:36 AM

тАО07-24-2008 06:36 AM

Re: Virus or What?

You posted this in a Linux forum. What is
your operating system?

> All my files, office files specially [...]

Where are these files?
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО07-25-2008 05:31 AM

тАО07-25-2008 05:31 AM

Re: Virus or What?

Based on a bit of Googling, this seems to be caused by some piece of malware which has not been thoroughly identified so far. The OS is apparently Microsoft Windows.

Some people seem to have found out that the malware has hidden the real files by prepending the filename with "Hid_" and setting the "hidden" attribute.

By looking at the Google results, it seems that Yahoo.com may have deleted any mention of this act of ransom from their pages, so it's more than likely that they're already aware of it.

This is not a very professional discussion, but it seems to offer some possible clues:
http://tibebeantonios.wordpress.com/2008/03/10/53wedew-aysiku/

I think the request to send an email is a social engineering attack too. The perpetrator is probably reading the mail coming to that email adress; otherwise how would he know that the victim has done as he asks?

If the clues in the discussion linked above are not enough to help you, I recommend that you have your machine checked by someone who really understands MS-Windows. Show him/her this thread first, so that he/she knows what to look for.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.