1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Decryptor for virus parent.inf (Indahnya kencani Mei.txt)

By BLoodroSE ยท 8 replies
Jan 2, 2010
  1. hello everyone!
    first nice to see and meet you all
    and thanks to open my thread

    beginning of the story
    my computer is infected with a virus called Parent.inf (in my country Indonesia called that),
    first , in all my disk have file with the name Hr Vs M31.txt .exe and Indahnya kencani Mei.txt .exe
    This virus works with rename all files that have extension * jpg * 3gp * mp4 * mp3 and another media file extension,

    example : the file name is a.jpg the virus make this file a.jpg to Parents_a.jpg0.7090379.bmp
    all file media to format extensions Parents****.bmp , if i am rename , this is same , can`t for open

    sample of the virus

    Code:
    http://imzupload.com/pszu96yb85gq/virus.rar.html
    now, the virus is clear from my computer , but i have one dangerous problem
    99% data media in my computer has encrypt by viruses,
    all my work , all my photos , all my videos
    can't open again,

    can someone help me how to dencrypt all my file ,please

    sample for this file being encrypt, real extension is JPG

    Code:
    http://imzupload.com/520606a4k1dv/zz.rar.html
    virus reference
    translate from google indonesia to english languange

    Code:
    http://translate.google.com/translate?hl=en&sl=id&tl=en&u=http%3A%2F%2F74.125.153.132%2Fsearch%3Fq%3Dcache%3AuQH1yYLYOJwJ%3Awww.pcmedia.co.id%2Fdetail.asp%253FId%253D1898%2526Cid%253D20%2526Eid%253D49%2Bindahnya%2Bkencani%2Bmei.txt%26cd%3D4%26hl%3Den%26ct%3Dclnk%26client%3Dfirefox-a

    i am searching in google about this viruses , maybe can help you for helping me :)
    very big thanks im says to all people wanna help me, because all my work and data my study being encrypt for virus
    and the result is :

    Code:
    http://www.threatexpert.com/report.aspx?md5=f51a9fa87bbf2b3a638ab4f27dfb29a3
    who can help for dencrypt this file
    thanks thanks and thanks
    you saved my life thanks
    THanks for anything u help may just posting
    thanks :)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, BLoodroSE. I'll help with the malware.

    Please do this first:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    I'll know which direction to take after seeing that. We usually ask that you follow the steps HERE and leave the three logs for review- but do the viruscan first.
     
  3. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    hy thanks Bobbye for the reply
    ..
    i think now all virus on my pc is clean
    but all my data is same can`t to open
    the virus encrypt data
    please
    all data is very2 important
    i need to dencrypt all my data
    such as mp3 3gp doc jpg and all media format
    the virus make all media data goes to bmp format
    and if i rename it is same can`t to open
    thanks

    best regards
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I gave you instructions on what to do. When I see the log from that, we will continue.
     
  5. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    sorry long reply
    :)

    mmm
    my computer now is fresh
    im unnistaled it
    so?
     
  6. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    hello this is the results :

    Code:
    VirSCAN.org Scanned Report :
    Scanned time   : 2010/01/10 23:38:18 (WIT)
    Scanner results: Scanners did not find malware!
    File Name      : userinit.exe
    File Size      : 26112 byte
    File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5            : a93aee1928a9d7ce3e16d24ec7380f89
    SHA1           : 513f8bdf67a5a9e09803cfb61f590b39f2683853
    Online report  : http://virscan.org/report/a5a07d5491462d6eaa7ecf14cede7796.html
    
    Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
    a-squared      4.5.0.8         20100110180442    2010-01-10  5.83   -
    AhnLab V3      2010.01.09.02   2010.01.09        2010-01-09  1.72   -
    AntiVir        8.2.1.134       7.10.2.152        2010-01-10  0.42   -
    Antiy          2.0.18          20100108.3621411  2010-01-08  0.12   -
    Arcavir        2009            201001091222      2010-01-09  0.03   -
    Authentium     5.1.1           201001091522      2010-01-09  1.30   -
    AVAST!         4.7.4           100109-1          2010-01-09  0.01   -
    AVG            8.5.288         270.14.132/2611   2010-01-10  0.48   -
    BitDefender    7.81008.4850276 7.29817           2010-01-10  4.91   -
    CA (VET)       35.1.0          7225              2010-01-07  6.66   -
    ClamAV         0.95.2          10276             2010-01-09  0.01   -
    Comodo         3.13.579        3409              2010-01-10  1.23   -
    CP Secure      1.3.0.5         2010.01.10        2010-01-10  0.04   -
    Dr.Web         4.44.0.9170     2010.01.10        2010-01-10  8.46   -
    F-Prot         4.4.4.56        20100109          2010-01-09  1.24   -
    F-Secure       7.02.73807      2010.01.10.05     2010-01-10  0.14   -
    Fortinet       11.355-         11.355            2010-01-09  0.37   -
    GData          19.9886/19.668  20100110          2010-01-10  7.74   -
    ViRobot        20100108        2010.01.08        2010-01-08  0.51   -
    Ikarus         T3.1.01.80      2010.01.10.74933  2010-01-10  4.59   -
    JiangMin       13.0.900        2010.01.09        2010-01-09  12.22  -
    Kaspersky      5.5.10          2010.01.10        2010-01-10  0.12   -
    KingSoft       2009.2.5.15     2010.1.10.22      2010-01-10  0.56   -
    McAfee         5.3.00          5856              2010-01-09  3.39   -
    Microsoft      1.5302          2010.01.10        2010-01-10  10.14  -
    Norman         6.01.09         6.01.00           2010-01-09  6.02   -
    Panda          9.05.01         2010.01.09        2010-01-09  5.12   -
    Trend Micro    9.120-1004      6.760.04          2010-01-10  0.03   -
    Quick Heal     10.00           2010.01.09        2010-01-09  3.26   -
    Rising         20.0            22.29.06.04       2010-01-10  2.00   -
    Sophos         3.03.0          4.49              2010-01-10  3.00   -
    Sunbelt        3.9.2389.2      5608              2010-01-08  2.58   -
    Symantec       1.3.0.24        20100102.020      2010-01-02  0.06   -
    nProtect       20100110.01     6839932           2010-01-10  4.15   -
    The Hacker     6.5.0.3         v00145            2010-01-09  0.84   -
    VBA32          3.12.12.1       20100108.2153     2010-01-08  2.44   -
    VirusBuster    4.5.11.10       10.118.27/2007503 2010-01-10  2.35   -
    
     
  7. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    BLoodroSE
    Thank you for posting! Your post will not be visible until a moderator has approved it for posting
     
  8. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run the three programs HERE: Maywarebytes, Superantispyware, then HijackThis.

    Attach the 3 logs so I can get some idea of what's on the system. Unfortunately, if it is Virut, some is getting past that preliminary scan, depending where it is on the system.

    I can't even do a decent search because somehow, every security reporting board on the internet seems to have picked up this thread! When I start a search for either if the names, I see your "Help Urgent" at the beginning of the post!

    So I need some information from your system.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...