GpCode virus is present in the Internet since 2004. New versions of this worm appeared regularly until 2008, when the author GpCode \\ 's silent.
silence lasted until November 2010, the latest discoveries ekspertówz Kaspersky Lab prove one thing - back GpCode and is more serious than ever before.
Unlike earlier variants, the new GpCode does not delete files after encryption. Instead, it overwrites the data in the files, so you can not use data recovery software to prove itself very well in removing any infection from previous versions of this virus. Preliminary analysis showed that GpCode.ax encrypts files using algorithms RSA-1024 and AES-256. Trojan encrypts only a portion of the file from the first byte.
Users who suspect that their computers were infected, they should not change anything in the system - it can completely prevent recovery of data when it is no longer such a method. If your computer has valuable data on which recovery depends on a user, preferably off the infected computer and wait for the solution to restoring encrypted data. Although the creator of GpCode \\ 's claims that the encrypted files will be removed after a few days, the previous analysis by ekspertówz Kaspersky Lab has revealed the mechanism of destruction of data after a specified time.
first symptom of infection is the appearance of the Notepad window on the screen with the message informing of encrypted data. At this point, there is still a chance to save them - as soon as possible without hesitation, turn off your computer, and even pull the plug, if it will be faster!
Another sign of infection is a sudden change in the desktop. The screen can be seen in the attached picture.
0 comments:
Post a Comment