Jump to content

ppyjpoh extension


Recommended Posts

Hello, i posted this in another forum and was told to post here.

 

We are experiencing an issue where files on 2 file servers are ending up with a file extension of *.ppyjpoh. We have scanned with Symantec Endpoint 12 and Malwarebytes using the latest updates and nothing has been found. Google and forum searches do not find anything on that file extension. The weird part about it is that not all the files are getting renamed with this extension. No individual PC's have turned up with any cryptolocker messages or pop ups. Any ideas? Thank you. 

Link to post
Share on other sites

You've been hit with the latest variant of CTB Locker (otherwise known as Critroni).

Infection vectors vary as this infection is widely distributed by many groups.

It is quite possible the infection was disrupted during its routine, and not all files have been encrypted. Is there any sign of the following ransom notes? DecryptAllFiles <user_id>.txt, %MyDocuments%\<random>.html & AllFilesAreLocked <userid>.bmp

http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

http://malware.dontneedcoffee.com/2014/07/ctb-locker.html

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.