Home » Blogs » roemasa's blog

How to Recover Files Attacked by the Gpcode.ak Virus

  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function ereg() is deprecated in /home/dhuha/public_html/includes/file.inc on line 646.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
  • : Function split() is deprecated in /home/dhuha/public_html/modules/filter/filter.module on line 1206.
Posted June 18th, 2008 by roemasa

Good news for you who got infected by new GPcode virus, Kaspersky Lab now able to provide infected users with instruction on how to recover files attacked by the GPcode.ak virus. It give a new hope although they are not able yet to cure your system 100%.

As reported earlier, it's impossible , until right now, to decrypted file encrypted by GPcode.ak without private key, but recently Kaspersky Lab has identified a method for recovering encrypted files. How?

They know the fact that before encrypting a file, Gpcode.ak creates a new file (which contains encrypted data from the original file) ‘next to’ the file it encrypts. Once encryption of a file is complete, the virus deletes the original file. It is well-known that deleted files can be recovered if the data on the hard drive has not been significantly modified.  And finally they find an utility that will recover your infected file. Its free and powerfull too.


The free PhotoRec utility, developed by Christophe Grenier and distributed under a GPL license, turned out to be just such a solution.

Originally, the utility was developed for the recovery of graphics files (hence its name, PhotoRec, which is short for Photo Recovery). Later, its functionality was extended and it can now be used to recover Microsoft Office documents, executable files, PDF and TXT documents, as well as file archives in a variety of formats (view list of formats).

The PhotoRec utility is supplied with the latest version of the TestDisk package (ZIP file, 1.43 MB).

The PhotoRec utility performs the function of recovering files on a selected partition remarkably well. However, restoring the exact file names and paths remains a problem. To address this issue, Kaspersky Lab has developed a small free utility, StopGpcode (ZIP file, 71.2 KB), which restores original file names and the full paths of the files recovered


Note:

If you got infected by this virus :

1. Don't rebooting the computer if you are suspecting your computer got infected by this virus

2. Don't contact the author of GPcode virus for buying a decryptor

3. Use this utility to recover your infected files




Bookmark/Search this post with: