All my life files have been .crypt Please help!

[jbeltran06]

Hello,

Thank you for taking the time to read this. My computer has recently been infected with some sort of malware on my business computer. I have windows 7 ultimate and all my word, docs, and pdf files have had an .crypt extension added. I cannot open any of these files and my anti-virus cannot help me. Please help, I would greatly appreciate this!

A WARNING.txt file was placed on my desktop stating the following:

WARNING! YOU WCAP ID: 5291

If you see this screen or read warning.txt.

It means you IP address: 67.164.131.123 was included in WCAP Black List.

From your PC was infringement one or more of the following items:

1. Viewing, listening, downloading or distributing audio or video files protected Copyright Law.

2. Spam or Ddos attack.

3. Downloading or distributing illegal content (child porno, phishing, etc.)

4. Downloading or distributing Software protected Copyright Law.

The result of these infringement you PC and file was blocked. The decision was made about blocking on the basis of Digital Millennium Copyright Act (DMCA) amendment 1272 of 06/10/2011

You can remove you IP from black list and unblock PC and files paying money penalty 100$.

STEP 1: Buy a MoneyPak in amount of $100 at the nearest store.

STEP 2: Fill in the fields on the screen, and click Make Payment. Alternate send as an e-mail at WCAPLLC@yahoo.com . Indicate your WCAP ID in the message title and provide MoneyPak number.

STEP 3: Check your e-mail. We will send you Unblock code once payment is verified. Your computer will roll back to the ordinary state.

Q: Where can I purchase MoneyPak?

A: MonekPak can be purchased at thousands of stores nationwide, including major retailers such as Wal-Mart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer. Click here to find a store near.

Q: How do I buy a MoneyPak at the store?

A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.

Q: How I can make sure that you can really decipher my files?

A: You can send ONE any ciphered file on email WCAPLLC@yahoo.com (Indicate your IS and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file.

WARNING!!!: If you don't pay money penalty 100$ within 72 HOURS, all your computer data will be deleted.

WARNING!!! Dont remove this screen this may complicate or make impossible the decryption. Even after removing the screen, files will remain encrypted. You can confirm this moving crypt file to another PC.

MONEYPAK _______________ EMAIL _______________ [Make Payment]

Please contact us if you have any questions wcapllc@yahoo.com.

I don't know what to do and really need these files. Is there anything I can do to save my files? Thank you so much in advance.

[Maurice Naggar]

Hello jbeltran06,

See this advisory on the Internet Crime Complaint Center regarding Citadel malware & Reveton ransomware

http://www.ic3.gov/m...012/120530.aspx

Advise me if you have access to a clean computer system. You need to change all your online passwords (especially banking & CC ones) but only using a clean pc.

This system has some serious backdoor trojans, spyware, and possibly, a rookit.

This is a point where you need to decide about whether to make a clean start.

A backdoor trojan allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.

Let me know what you decide.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!