Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: New Trojan Malware Encrypts All Files, Demands Ransom

17 Mar 2013   #1
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
New Trojan Malware Encrypts All Files, Demands Ransom

Russian anti-virus company Doctor Web is warning users of an active ransomware campaign executed through brute force attack via the RDP protocol on target machines.

Once connected to the attacked PC, cyber-criminals launch a variant of the ArchiveLock Trojan, which uses the archiver WinRAR to encrypt files.

A Guy

My System SpecsSystem Spec

17 Mar 2013   #2
Yard Dog

Win 7 Home Premium SP1 32 bit

Thanks for posting..
My System SpecsSystem Spec
20 Mar 2013   #3

Windows 7 Home Premium 64-bit SP1

Now that's new, thanks for posting.
My System SpecsSystem Spec

20 Mar 2013   #4
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit

Dr Web found this in Aug 2012 but now it is showing up a lot more. I assume that not allowing Remote Desktop connections they can't get in and by now I would think that AV software would pick this up. But the article doesn't say much about it.

New Trojan Malware Encrypts All Files, Demands Ransom-rdp.png


My System SpecsSystem Spec
20 Mar 2013   #5

Linux CENTOS 7 / various Windows OS'es and servers

Hi there
This isn't anything new -- we've all seen this stuff "Ad Nauseam".

If you take basic precautions and use things like MSE (or whatever decent A/V stuff you want) you really should NEVER get a virus --and even if you do provided you have proper backups and archives just re-format the disk (via a bootable read only program so it cannot be infected itself), and then restore your clean system and data.

In any case you should always regularly backup your OS and archive your data.

Sometimes I think that a lot of these viruses are actually CREATED by some A/V companies into scaremongering people to buy their products or at least pay for an upgrade. Knowing how some often seemingly quite legitimate businesses work these days it wouldn't surprise me in the least if they did this.


1) SEPARATE OS FROM USER DATA (User data - music, photos, video, documents etc).
2) Backup OS Daily (use a program which allows BOOTABLE restore).
3) Archive User data regularly -- it doesn't change hugely so archive the static parts first (music files for example - once archived you don't have to back up the same files again -- only new ones).
4) Don't even THINK of opening email from unknown recipients.
5) Don't open email attachments unless you know exactly who sent them and what they are about.
6) Don't download dubious software from torrents etc -- especially things like Key gens, KMS activators etc.
7) Don't give away data about yourself -- amazing how people put confidential data on public sites like facebook -- that's the best way of "Identity theft, Internet Fraud etc.

WEB stuff : Avoid simple scams like "FREE this ---" then you have to give a Credit card number.
When downloading open source software click on the PROPER LINK -- a lot of sites are so confusing (deliberately) so you click on what you think is the program and then it's either something like "Managed download" or a particularly annoying one is the AVS video converter (pay for) rather than the program you are actually trying to download.

NEVER use those online "Fix your registry" or "find drivers for you" programs. The Driver one is a particularly nasty piece of Sneakware as it might find a driver but then will ask you to PAY to access the site. Drivers these days are all in PUBLIC DOMAIN especially if you HAVE the hardware so should be free.

If you can test software in a VM before installing on your main machine so if it doesn't work you haven't lost any time etc - just delete the VM.

Be careful also of Websites that LOOK like legit Bank sites etc etc. Also when buying online choose reputable suppliers.

Internet FRAUD / Identity theft is FAR FAR more a problem than Viruses on individual users machines --these days hackers are more likely to attempt cyber crime against institutions like FBI, NYSE, NASDAQ,BANKS and large global multi-nationals.

My System SpecsSystem Spec
20 Mar 2013   #6

Windows 7 Ultimate SP1 (64 bit), Linux Mint 17.1 MATE (64 bit)
Backup HDD Image

Another reason to create HDD images (often) and have external backup copies.

A lot of good suggestions jimbo45.
My System SpecsSystem Spec
20 Mar 2013   #7
x BlueRobot


Every good post jimbo, I've seen many OP's use driver programs and registry cleaners, and my first response is: Remove program(s), scan for malware and then scan for corrupted system files.
My System SpecsSystem Spec
20 Mar 2013   #8

Windows 7 Pro-x64

Another good reason to turn off SNMP.
My System SpecsSystem Spec
20 Mar 2013   #9

Win7 Pro SP1 64

Thanks for posting this.
My System SpecsSystem Spec
20 Mar 2013   #10

Windows 7 Home Premium 64x

Good to know, thanks
My System SpecsSystem Spec

 New Trojan Malware Encrypts All Files, Demands Ransom

Thread Tools

Similar help and support threads
Thread Forum
TorrentLocker ransom rampage encrypts 285 million files and counting
Source A Guy
Security News ransom malware not found by MSSE
Stepped in something yesterday or this morning. When I click links within any page I get a barrage of pop ups with this: (link removed) plus a string of numbers and letter paralyze Firefox and kill Chrome with a red screen demanding I hit a dialog box. Ad blocker works to blank out all but the red...
System Security
Cryptolocker lowers ransom demands as Bitcoin price surges
Source A Guy
Security News
Continuous Bluescreens after removal of Ransom Malware
I appologise, I am not very good at these kinds of things, introductions aside. After I removed a Ransom Malware via Malware Bytes I continue to get bluescreens reading that a change in the critical system code or data was detected, after multiple programs trying to find a virus or something that...
BSOD Help and Support
Dorifel Malware Encrypts Files, Steals Financial Data...
Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel Source A Guy
Security News
Windows Backup Not Working + Ransom Malware problem
Hi fellas... Two related questions I'd appreciate help on. I'm running Win7 Home Premium (64-bit), 8Gb RAM, which has been running perfectly for nearly a year. Firefox has always been my browser of choice. I use the add-on 'AdBlock Plus' among others in FF. This blocks out ads on sites. I...
Backup and Restore

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:30.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App