Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Virus or What?

Netsanet
Occasional Visitor

Virus or What?

This is what I found to be contents of my files with a 1 KB size:

"Sorry I am really sorry. I don't want to do it again. This is my first and may be the last if you agree to help me.

Do you want to get your files back? That is so easy just do this. I want you to write a mail to
Zlovel_4evr@yahoo.com
stating how much I loved her.

You knowâ ¦ I gave her everything I had, my heart my phaseâ ¦. all what I can and had but she gave me nothing
except pain. Now she leaves me alone and I am felling now empty inside. I can't to live without her. That is why I
burnt your files. I know may be this file is vital for you as your mail is for me. Be sure I will give your files back with
out any damage. Be sure and trust me.

Take a minute from your busy time and write a nice message to her. Then you will get all your files as befor.

Thank you for your cooperation. And I hope you will give me a pardon for my miss use of knowledge. I did it
because I left with no other option."

All my files, office files specially, are changed to such a content.

What is this? A virus? Or what? And what can I do? Please Please...?

I have attached a file changed to such a content.

Netsanet
2 REPLIES
Steven Schweda
Honored Contributor

Re: Virus or What?

You posted this in a Linux forum. What is
your operating system?

> All my files, office files specially [...]

Where are these files?
Matti_Kurkela
Honored Contributor

Re: Virus or What?

Based on a bit of Googling, this seems to be caused by some piece of malware which has not been thoroughly identified so far. The OS is apparently Microsoft Windows.

Some people seem to have found out that the malware has hidden the real files by prepending the filename with "Hid_" and setting the "hidden" attribute.

By looking at the Google results, it seems that Yahoo.com may have deleted any mention of this act of ransom from their pages, so it's more than likely that they're already aware of it.

This is not a very professional discussion, but it seems to offer some possible clues:
http://tibebeantonios.wordpress.com/2008/03/10/53wedew-aysiku/

I think the request to send an email is a social engineering attack too. The perpetrator is probably reading the mail coming to that email adress; otherwise how would he know that the victim has done as he asks?

If the clues in the discussion linked above are not enough to help you, I recommend that you have your machine checked by someone who really understands MS-Windows. Show him/her this thread first, so that he/she knows what to look for.

MK
MK