06.27.05 11:58 GMT
| comment
Status : informational
Kaspersky Lab has detected several infections caused by new modifications of Virus.Win32.GPCode. So far, information has only been received from Russian users. Four new modifications have been added to Kaspersky Anti-Virus databases.
This program can encrypt data files with extensions such as .txt, xls, rar, doc, html, pdf etc). Encrypted files contain the words 'PGPCoder' at the beginning of the file. Folders which contain encrypted files will also contain a file named readme.txt. The contents of readme.txt are given below, although the email address may differ:
Some files are coded.
To buy decoder mail: md731@yandex.ru
with subject: PGPcoder md73
If the user sends a message to the address contained in the text file, they will receive an answer saying that files can be decrypted for payment, and a sum will be named.
Kaspersky Lab strongly recommends that users should not attempt to make contact or pay any money for the 'decoder', as this is effectively blackmail. All the newest modifications of Virus.Win32.GPCode are detected by the latest Kaspersky Anti-Virus databases. Users simply need to update antivirus databases and run a full scan of the computer's hard disk in order to decrypt encrypted files.
