Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Trojan Malware Encrypts All Files, Demands Ransom

17 Mar 2013   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
New Trojan Malware Encrypts All Files, Demands Ransom

Russian anti-virus company Doctor Web is warning users of an active ransomware campaign executed through brute force attack via the RDP protocol on target machines.

Once connected to the attacked PC, cyber-criminals launch a variant of the ArchiveLock Trojan, which uses the archiver WinRAR to encrypt files.

A Guy

My System SpecsSystem Spec
17 Mar 2013   #2
Yard Dog

Win 7 Home Premium SP1 32 bit

Thanks for posting..
My System SpecsSystem Spec
20 Mar 2013   #3

Windows 7 Home Premium 64-bit SP1

Now that's new, thanks for posting.
My System SpecsSystem Spec
20 Mar 2013   #4
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit

Dr Web found this in Aug 2012 but now it is showing up a lot more. I assume that not allowing Remote Desktop connections they can't get in and by now I would think that AV software would pick this up. But the article doesn't say much about it.

Name:  RDP.PNG
Views: 12
Size:  21.0 KB


My System SpecsSystem Spec
20 Mar 2013   #5

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server

Hi there
This isn't anything new -- we've all seen this stuff "Ad Nauseam".

If you take basic precautions and use things like MSE (or whatever decent A/V stuff you want) you really should NEVER get a virus --and even if you do provided you have proper backups and archives just re-format the disk (via a bootable read only program so it cannot be infected itself), and then restore your clean system and data.

In any case you should always regularly backup your OS and archive your data.

Sometimes I think that a lot of these viruses are actually CREATED by some A/V companies into scaremongering people to buy their products or at least pay for an upgrade. Knowing how some often seemingly quite legitimate businesses work these days it wouldn't surprise me in the least if they did this.


1) SEPARATE OS FROM USER DATA (User data - music, photos, video, documents etc).
2) Backup OS Daily (use a program which allows BOOTABLE restore).
3) Archive User data regularly -- it doesn't change hugely so archive the static parts first (music files for example - once archived you don't have to back up the same files again -- only new ones).
4) Don't even THINK of opening email from unknown recipients.
5) Don't open email attachments unless you know exactly who sent them and what they are about.
6) Don't download dubious software from torrents etc -- especially things like Key gens, KMS activators etc.
7) Don't give away data about yourself -- amazing how people put confidential data on public sites like facebook -- that's the best way of "Identity theft, Internet Fraud etc.

WEB stuff : Avoid simple scams like "FREE this ---" then you have to give a Credit card number.
When downloading open source software click on the PROPER LINK -- a lot of sites are so confusing (deliberately) so you click on what you think is the program and then it's either something like "Managed download" or a particularly annoying one is the AVS video converter (pay for) rather than the program you are actually trying to download.

NEVER use those online "Fix your registry" or "find drivers for you" programs. The Driver one is a particularly nasty piece of Sneakware as it might find a driver but then will ask you to PAY to access the site. Drivers these days are all in PUBLIC DOMAIN especially if you HAVE the hardware so should be free.

If you can test software in a VM before installing on your main machine so if it doesn't work you haven't lost any time etc - just delete the VM.

Be careful also of Websites that LOOK like legit Bank sites etc etc. Also when buying online choose reputable suppliers.

Internet FRAUD / Identity theft is FAR FAR more a problem than Viruses on individual users machines --these days hackers are more likely to attempt cyber crime against institutions like FBI, NYSE, NASDAQ,BANKS and large global multi-nationals.

My System SpecsSystem Spec
20 Mar 2013   #6

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
Backup HDD Image

Another reason to create HDD images (often) and have external backup copies.

A lot of good suggestions jimbo45.
My System SpecsSystem Spec
20 Mar 2013   #7
x BlueRobot

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x86 Service Pack 1 - Linux Mint Mate 14 x64

Every good post jimbo, I've seen many OP's use driver programs and registry cleaners, and my first response is: Remove program(s), scan for malware and then scan for corrupted system files.
My System SpecsSystem Spec
20 Mar 2013   #8

Windows 7 Pro-x64

Another good reason to turn off SNMP.
My System SpecsSystem Spec
20 Mar 2013   #9

Win7 Pro SP1 64

Thanks for posting this.
My System SpecsSystem Spec
20 Mar 2013   #10

Windows 7 Home Premium 64x

Good to know, thanks
My System SpecsSystem Spec

 New Trojan Malware Encrypts All Files, Demands Ransom

Thread Tools

Similar help and support threads for2: New Trojan Malware Encrypts All Files, Demands Ransom
Thread Forum
Continuous Bluescreens after removal of Ransom Malware BSOD Help and Support
Ransomware encrypts files claiming SOPA piracy charges Security News
Dorifel Malware Encrypts Files, Steals Financial Data... Security News
Windows Backup Not Working + Ransom Malware problem Backup and Restore
Conan demands: You must air my show in Finland! Chillout Room
Virus/malware/trojan info System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:30 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App