作者geofrania (过劳鼠)
看板AntiVirus
标题[中毒] 好像中了加密病毒(勒索病毒?)
时间Sun Jul 10 12:13:11 2022
我电脑的好像中了加密病毒
请问该怎麽救?只有重灌能完全清除病毒吗?
有备份档,但若直接放回电脑後会不会再度受感染?
有人知道KARRHZE档这是什麽病毒?
电脑目前所有WORD档、EXCEL档、PDF档副档名都变成了KARRHZE档
如下:
https://imgur.com/98uraS6
然後都不能开
里面出现了一个README文件
文件翻译如下:
您的所有文件照片数据库和其他重要文件都已加密!
====================================================
====================================================
您的文件没有损坏!您的文件仅被修改。这种修改是可逆的。
解密文件的唯一方法是接收私钥和解密程序。
任何使用第三方软件恢复文件的尝试都会对您的文件造成致命影响!
====================================================
====================================================
要接收私钥和解密程序,请遵循以下说明:
1. 从
https://www.torproject.org/ 下载“Tor 浏览器”并安装它。
2. 在“Tor 浏览器”中打开您的个人页面:http:
//da70a6c85c147c1014karrhze.hqi4yxata3v5es3ocbniowfvbzcobro5s5ytk3dxn2rgjerjcjzjceid.onion/karrhze
注意!此页面仅可通过“Tor 浏览器”访问。
====================================================
====================================================
您也可以在您的个人页面上使用临时地址而不使用“Tor 浏览器”: http:
//da70a6c85c147c1014karrhze.sixtest.quest/karrhze
http://da70a6c85c147c1014karrhze.liecut.monster/karrhze
http://da70a6c85c147c1014karrhze.turnis.art/karrhze
http://da70a6c85c147c1014karrhze.diskwar.tech/karrhze注意!有临时地址!它们将
在有限的时间内可用!
原文:
ALL YOUR DOCUMENTS PHOTOS DATABASES AND OTHER IMPORTANT FILES HAVE BEEN
ENCRYPTED!
====================================================================================================
Your files are NOT damaged! Your files are modified only. This modification
is reversible.
The only 1 way to decrypt your files is to receive the private key and
decryption program.
Any attempts to restore your files with the third party software will be
fatal for your files!
====================================================================================================
To receive the private key and decryption program follow the instructions
below:
1. Download 'Tor Browser' from
https://www.torproject.org/ and install it.
2. In the 'Tor Browser' open your personal page here:
http://da70a6c85c147c1014karrhze.hqi4yxata3v5es3ocbniowfvbzcobro5s5ytk3dxn2rgjerjcjzjceid.onion/karrhze
Note! This page is available via 'Tor Browser' only.
====================================================================================================
Also you can use temporary addresses on your personal page without using 'Tor
Browser':
http://da70a6c85c147c1014karrhze.sixtest.quest/karrhze
http://da70a6c85c147c1014karrhze.liecut.monster/karrhze
http://da70a6c85c147c1014karrhze.turnis.art/karrhze
http://da70a6c85c147c1014karrhze.diskwar.tech/karrhze
Note! There are temporary addresses! They will be available for a limited
amount of time!
--
Now that I ask you earnestly and sincerely,
Now you answer me mercifully:
"To prevent the world from being destroyed,
To protect the peace of the world..."
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 114.43.194.128 (台湾)
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/AntiVirus/M.1657426402.A.198.html
1F:→ skycat2216: 对 07/10 18:17
2F:→ geofrania: 那是哪一款勒索病毒? 07/10 22:50
3F:→ Klauhal: 没人会知道随机乱码副档名是是那支... 07/11 09:22
4F:→ TroutMVP: 请问原PO的作业系统跟防毒软体? 07/11 18:07
5F:推 amalia82453: 重灌吧!!下次记得东西不要乱载,片片不要乱看,重灌 07/11 20:15
6F:→ amalia82453: 完看你要不要装个趋势科技的防毒给它扫一下,它有勒 07/11 20:15
7F:→ amalia82453: 索克星的功能开启後可以保护指定资料夹内的档案不被 07/11 20:15
8F:→ amalia82453: 恶意加密 07/11 20:15
9F:推 horng31208: 请问有无经过分享器?分享器upnp、DMZ有无关闭? 07/12 12:30
10F:推 z22771187: 就是中了不用怀疑 07/12 21:30
11F:推 kklighter: 大同小异,就是中了 07/15 09:04
12F:推 arhuro: 没救了 众多勒索软体 到目前也才一款骇客佛心开解锁 07/16 19:13
13F:→ arhuro: 其他大概不到三款 防毒公司在罪犯被抓後破解加密 07/16 19:14
14F:推 omolando: 作业系统和防毒软体都不说啊?该不会是内建派MD的信徒 07/20 00:15
15F:→ omolando: 吧 07/20 00:15