Decryptor for virus parent.inf (Indahnya kencani Mei.txt)

Status
Not open for further replies.
B

BLoodroSE

Posts: 6   +0
hello everyone!
first nice to see and meet you all
and thanks to open my thread

beginning of the story
my computer is infected with a virus called Parent.inf (in my country Indonesia called that),
first , in all my disk have file with the name Hr Vs M31.txt .exe and Indahnya kencani Mei.txt .exe
This virus works with rename all files that have extension * jpg * 3gp * mp4 * mp3 and another media file extension,

example : the file name is a.jpg the virus make this file a.jpg to Parents_a.jpg0.7090379.bmp
all file media to format extensions Parents****.bmp , if i am rename , this is same , can`t for open

sample of the virus

Code: 
http://imzupload.com/pszu96yb85gq/virus.rar.html

now, the virus is clear from my computer , but i have one dangerous problem
99% data media in my computer has encrypt by viruses,
all my work , all my photos , all my videos
can't open again,

can someone help me how to dencrypt all my file ,please

sample for this file being encrypt, real extension is JPG

Code: 
http://imzupload.com/520606a4k1dv/zz.rar.html

virus reference
translate from google indonesia to english languange

Code: 
http://translate.google.com/translate?hl=en&sl=id&tl=en&u=http%3A%2F%2F74.125.153.132%2Fsearch%3Fq%3Dcache%3AuQH1yYLYOJwJ%3Awww.pcmedia.co.id%2Fdetail.asp%253FId%253D1898%2526Cid%253D20%2526Eid%253D49%2Bindahnya%2Bkencani%2Bmei.txt%26cd%3D4%26hl%3Den%26ct%3Dclnk%26client%3Dfirefox-a


i am searching in google about this viruses , maybe can help you for helping me :)
very big thanks im says to all people wanna help me, because all my work and data my study being encrypt for virus
and the result is :

Code: 
http://www.threatexpert.com/report.aspx?md5=f51a9fa87bbf2b3a638ab4f27dfb29a3

who can help for dencrypt this file
thanks thanks and thanks
you saved my life thanks
THanks for anything u help may just posting
thanks :)
 
Welcome to TechSpot, BLoodroSE. I'll help with the malware.

Please do this first:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\userinit.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Also scan these,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


I'll know which direction to take after seeing that. We usually ask that you follow the steps HERE and leave the three logs for review- but do the viruscan first.
 
hy thanks Bobbye for the reply
..
i think now all virus on my pc is clean
but all my data is same can`t to open
the virus encrypt data
please
all data is very2 important
i need to dencrypt all my data
such as mp3 3gp doc jpg and all media format
the virus make all media data goes to bmp format
and if i rename it is same can`t to open
thanks

best regards
 
I gave you instructions on what to do. When I see the log from that, we will continue.
 
hello this is the results :

Code: 
VirSCAN.org Scanned Report :
Scanned time   : 2010/01/10 23:38:18 (WIT)
Scanner results: Scanners did not find malware!
File Name      : userinit.exe
File Size      : 26112 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : a93aee1928a9d7ce3e16d24ec7380f89
SHA1           : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report  : http://virscan.org/report/a5a07d5491462d6eaa7ecf14cede7796.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.5.0.8         20100110180442    2010-01-10  5.83   -
AhnLab V3      2010.01.09.02   2010.01.09        2010-01-09  1.72   -
AntiVir        8.2.1.134       7.10.2.152        2010-01-10  0.42   -
Antiy          2.0.18          20100108.3621411  2010-01-08  0.12   -
Arcavir        2009            201001091222      2010-01-09  0.03   -
Authentium     5.1.1           201001091522      2010-01-09  1.30   -
AVAST!         4.7.4           100109-1          2010-01-09  0.01   -
AVG            8.5.288         270.14.132/2611   2010-01-10  0.48   -
BitDefender    7.81008.4850276 7.29817           2010-01-10  4.91   -
CA (VET)       35.1.0          7225              2010-01-07  6.66   -
ClamAV         0.95.2          10276             2010-01-09  0.01   -
Comodo         3.13.579        3409              2010-01-10  1.23   -
CP Secure      1.3.0.5         2010.01.10        2010-01-10  0.04   -
Dr.Web         4.44.0.9170     2010.01.10        2010-01-10  8.46   -
F-Prot         4.4.4.56        20100109          2010-01-09  1.24   -
F-Secure       7.02.73807      2010.01.10.05     2010-01-10  0.14   -
Fortinet       11.355-         11.355            2010-01-09  0.37   -
GData          19.9886/19.668  20100110          2010-01-10  7.74   -
ViRobot        20100108        2010.01.08        2010-01-08  0.51   -
Ikarus         T3.1.01.80      2010.01.10.74933  2010-01-10  4.59   -
JiangMin       13.0.900        2010.01.09        2010-01-09  12.22  -
Kaspersky      5.5.10          2010.01.10        2010-01-10  0.12   -
KingSoft       2009.2.5.15     2010.1.10.22      2010-01-10  0.56   -
McAfee         5.3.00          5856              2010-01-09  3.39   -
Microsoft      1.5302          2010.01.10        2010-01-10  10.14  -
Norman         6.01.09         6.01.00           2010-01-09  6.02   -
Panda          9.05.01         2010.01.09        2010-01-09  5.12   -
Trend Micro    9.120-1004      6.760.04          2010-01-10  0.03   -
Quick Heal     10.00           2010.01.09        2010-01-09  3.26   -
Rising         20.0            22.29.06.04       2010-01-10  2.00   -
Sophos         3.03.0          4.49              2010-01-10  3.00   -
Sunbelt        3.9.2389.2      5608              2010-01-08  2.58   -
Symantec       1.3.0.24        20100102.020      2010-01-02  0.06   -
nProtect       20100110.01     6839932           2010-01-10  4.15   -
The Hacker     6.5.0.3         v00145            2010-01-09  0.84   -
VBA32          3.12.12.1       20100108.2153     2010-01-08  2.44   -
VirusBuster    4.5.11.10       10.118.27/2007503 2010-01-10  2.35   -
 
BLoodroSE
Thank you for posting! Your post will not be visible until a moderator has approved it for posting
 
Please run the three programs HERE: Maywarebytes, Superantispyware, then HijackThis.

Attach the 3 logs so I can get some idea of what's on the system. Unfortunately, if it is Virut, some is getting past that preliminary scan, depending where it is on the system.

I can't even do a decent search because somehow, every security reporting board on the internet seems to have picked up this thread! When I start a search for either if the names, I see your "Help Urgent" at the beginning of the post!

So I need some information from your system.
 
Status
Not open for further replies.

Similar threads

midian182
EA says generative AI will make gamers spend more, speed up development time
Replies
19
Views
243
erickmendes
erickmendes
midian182
Amazon's solution for stressed workers: close your eyes and think happy thoughts
Replies
6
Views
158
FaTaL
FaTaL
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back