File encrypted virus – adding “(to get password email id to brsechvs@gmail.com).exe’ to file name

Hi. This is my first and hopefully the last post on computer security forums. My computer was struck by a file encryption virus. Almost every file on my computer was renamed to something like Document.docx (to get password email id 1267587169 to brsechvs@gmail.com).exe. I am not sure if files are really encrypted or it was just compressed, or both. Some infected files have this .RAR extension.

I have search the web and almost every site I visited have unresolved issued. Every user who got infected with(to get password email id 1267587169 to brsechvs@gmail.com).exe virus are still hunting for solution. Most of the tools on the web with regards to encryption virus did not help. I am certain that each of the threat has certain level of encryption. In this case, maybe there is no decryption tools made for the affected files infected by (to get password email id 1267587169 to brsechvs@gmail.com).exe.

I really need help sooner. All my work files are affected by this malware. Right after I solve this issue, next thing I will do is hunt the cyber criminal who perpetuated this.

Amir

6 Responses

  1. mikered says:

    That sounds to be a new virus. Have you tried using te94decrypt tool? To decrypt it is very simple.

    Just download ftp://ftp.drweb.com/pub/drweb/tools/te94decrypt.exe. Create a test folder and Save the file on that location.

    Then, copy some of the files that has “(password to get email id to brsechvs@gmail.com).exe” extension on the test folder. This will serve as your test file.

    Go to Start, Run, type CMD on the dialog box. Go to the C:\ root by typing ‘CD\’. Then type ‘CD test’ to go to the test folder.

    You can substitute it with drive or folder if you saved the te94decrypt and infected files on other location.

    Now, you run this program with the parameters -k 85. You should type ‘te94decrypt.exe –k 85’

    If doesn’t work, run with another parameter like ‘-k 87’ or ‘-k 88’ or ‘-k 90’

    Lastly, if the above procedure is not helpful, you may ask assistance from Dr. Web by submitting the sample files to https://vms.drweb.com/sendvirus/?lng=en.

    Note: te94decrypt tool is only for .exe file. It will not work on .RAR files.

  2. Mike says:

    One moment… and there is no help at all from Dr.Web now.

  3. Mike says:

    There is all info about this nasty virus – bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection-or-accdfisa/page-20

  4. tom says:

    I did receive a reply from Dr.Web after submitting a “to get password email id to brsechvs@gmail.com” file. However, they just informed me that their decryption tools are not meant for ZIP or RAR files. I guess brute-forcing the password is the only solution.

  5. dave says:

    its not working! anyone i can send him the file ! ‘
    thanks

  6. unblock says:

    if you need help with virus issues contact me