Overclock.net › Forums › Industry News › Hardware News › [KL]releases recover files from Gpcode.ak virus
New Posts  All Forums:Forum Nav:

[KL]releases recover files from Gpcode.ak virus

post #1 of 3
Thread Starter 
Quote:
Kaspersky Lab, a leading developer of secure content management systems, is now able to provide users with instruction on how to recover files attacked by the Gpcode.ak virus. As reported earlier, decrypting files encrypted by Gpcode.ak without the private key is not, as yet, possible. However, a method for recovering encrypted files has been identified.

The method makes use of the fact that before encrypting a file, Gpcode.ak creates a new file (which contains encrypted data from the original file) ‘next to’ the file it encrypts. Once encryption of a file is complete, the virus deletes the original file.

It is well-known that deleted files can be recovered if the data on the hard drive has not been significantly modified. This is why, from the start, Kaspersky Lab's advice to users whose computers were attacked by Gpcode.ak has been to contact the company’s virus experts without rebooting the infected computer. Users who have contacted us have been advised to use various file recovery utilities. Unfortunately, most such utilities are distributed under shareware licenses. Kaspersky Lab analysts have searched for the most effective and accessible of such utilities to help users recover the files deleted by Gpcode.ak. The free PhotoRec utility, developed by Christophe Grenier and distributed under a GPL license, turned out to be just such a solution.

Originally, the utility was developed for the recovery of graphics files (hence its name, PhotoRec, which is short for Photo Recovery). Later, its functionality was extended and it can now be used to recover Microsoft Office documents, executable files, PDF and TXT documents, as well as file archives in a variety of formats (view list of formats).

The PhotoRec utility is supplied with the latest version of the TestDisk package (ZIP file, 1.43 MB).

The PhotoRec utility performs the function of recovering files on a selected partition remarkably well. However, restoring the exact file names and paths remains a problem. To address this issue, Kaspersky Lab has developed a small free utility, StopGpcode (ZIP file, 71.2 KB), which restores original file names and the full paths of the files recovered.

Kaspersky Lab suggests that users who have suffered from the Gpcode.ak virus donate to the author of the PhotoRec utility rather than pay cybercriminals.

Detailed instructions on manually recovering files with the help of PhotoRec and StopGpcode utilities have been added to the Gpcode.ak description.
http://www.kaspersky.com/news?id=207575654
post #2 of 3
Kaspersky FTW. I might either renew with them or upgrade to internet security package and put it on 3 pcs
    
CPUMotherboardGraphicsRAM
Q6700 Intel DP45SG Visiontek HD 4870 2x2GB DDR3 1066 
Hard DriveOptical DriveOSMonitor
320 Western Digital + 1TB Black Caviar WD Samsung Sata vista ultimate x64/Windows 7 Ultimate 64x Samsung T220 22 inch 
KeyboardPowerCaseMouse
Dynex(Temp until G15) BFG 800 Watt Antec 900 Logitech G5 Gaming mouse 
Mouse Pad
Commando(none) 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Q6700 Intel DP45SG Visiontek HD 4870 2x2GB DDR3 1066 
Hard DriveOptical DriveOSMonitor
320 Western Digital + 1TB Black Caviar WD Samsung Sata vista ultimate x64/Windows 7 Ultimate 64x Samsung T220 22 inch 
KeyboardPowerCaseMouse
Dynex(Temp until G15) BFG 800 Watt Antec 900 Logitech G5 Gaming mouse 
Mouse Pad
Commando(none) 
  hide details  
Reply
post #3 of 3
nice job. i wondered how they would get around this.
now the hijacker just needs to have a more secure file deletion method...
    
CPUMotherboardGraphicsRAM
X2 5000+ Black Edition Asus M2N-SLI Deluxe DIAMOND ATI Radeon HD3850 256Mb G-SKILL 2GB (2 x 1GB) DDR2 800MHz Dual Channel 
Hard DriveOptical DriveOSMonitor
Seagate Barracuda 7200.10 250MB SATA 3.0Gb/s SAMSUNG 20X DVD±R DVD Burner SATA Model SH-S Windows XP Pro SP2 Dual 17" CRT Monitors 
KeyboardPowerCaseMouse
Standard USB Media Keyboard Ultra X2 750W Modular Ultra Aluminus Mid-Tower HP 5-Button Optical 
Mouse Pad
Standard Optical 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X2 5000+ Black Edition Asus M2N-SLI Deluxe DIAMOND ATI Radeon HD3850 256Mb G-SKILL 2GB (2 x 1GB) DDR2 800MHz Dual Channel 
Hard DriveOptical DriveOSMonitor
Seagate Barracuda 7200.10 250MB SATA 3.0Gb/s SAMSUNG 20X DVD±R DVD Burner SATA Model SH-S Windows XP Pro SP2 Dual 17" CRT Monitors 
KeyboardPowerCaseMouse
Standard USB Media Keyboard Ultra X2 750W Modular Ultra Aluminus Mid-Tower HP 5-Button Optical 
Mouse Pad
Standard Optical 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
Overclock.net › Forums › Industry News › Hardware News › [KL]releases recover files from Gpcode.ak virus