TechSpot

Decryptor for virus parent.inf (Indahnya kencani Mei.txt)

By BLoodroSE
Jan 2, 2010
  1. hello everyone!
    first nice to see and meet you all
    and thanks to open my thread

    beginning of the story
    my computer is infected with a virus called Parent.inf (in my country Indonesia called that),
    first , in all my disk have file with the name Hr Vs M31.txt .exe and Indahnya kencani Mei.txt .exe
    This virus works with rename all files that have extension * jpg * 3gp * mp4 * mp3 and another media file extension,

    example : the file name is a.jpg the virus make this file a.jpg to Parents_a.jpg0.7090379.bmp
    all file media to format extensions Parents****.bmp , if i am rename , this is same , can`t for open

    sample of the virus

    Code:
    http://imzupload.com/pszu96yb85gq/virus.rar.html
    now, the virus is clear from my computer , but i have one dangerous problem
    99% data media in my computer has encrypt by viruses,
    all my work , all my photos , all my videos
    can't open again,

    can someone help me how to dencrypt all my file ,please

    sample for this file being encrypt, real extension is JPG

    Code:
    http://imzupload.com/520606a4k1dv/zz.rar.html
    virus reference
    translate from google indonesia to english languange

    Code:
    http://translate.google.com/translate?hl=en&sl=id&tl=en&u=http%3A%2F%2F74.125.153.132%2Fsearch%3Fq%3Dcache%3AuQH1yYLYOJwJ%3Awww.pcmedia.co.id%2Fdetail.asp%253FId%253D1898%2526Cid%253D20%2526Eid%253D49%2Bindahnya%2Bkencani%2Bmei.txt%26cd%3D4%26hl%3Den%26ct%3Dclnk%26client%3Dfirefox-a

    i am searching in google about this viruses , maybe can help you for helping me :)
    very big thanks im says to all people wanna help me, because all my work and data my study being encrypt for virus
    and the result is :

    Code:
    http://www.threatexpert.com/report.aspx?md5=f51a9fa87bbf2b3a638ab4f27dfb29a3
    who can help for dencrypt this file
    thanks thanks and thanks
    you saved my life thanks
    THanks for anything u help may just posting
    thanks :)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, BLoodroSE. I'll help with the malware.

    Please do this first:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org FREE on-line scan service
    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
      • c:\windows\system32\userinit.exe
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    Also scan these,

    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe


    I'll know which direction to take after seeing that. We usually ask that you follow the steps HERE and leave the three logs for review- but do the viruscan first.
     
  3. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    hy thanks Bobbye for the reply
    ..
    i think now all virus on my pc is clean
    but all my data is same can`t to open
    the virus encrypt data
    please
    all data is very2 important
    i need to dencrypt all my data
    such as mp3 3gp doc jpg and all media format
    the virus make all media data goes to bmp format
    and if i rename it is same can`t to open
    thanks

    best regards
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I gave you instructions on what to do. When I see the log from that, we will continue.
     
  5. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    sorry long reply
    :)

    mmm
    my computer now is fresh
    im unnistaled it
    so?
     
  6. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    hello this is the results :

    Code:
    VirSCAN.org Scanned Report :
    Scanned time   : 2010/01/10 23:38:18 (WIT)
    Scanner results: Scanners did not find malware!
    File Name      : userinit.exe
    File Size      : 26112 byte
    File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5            : a93aee1928a9d7ce3e16d24ec7380f89
    SHA1           : 513f8bdf67a5a9e09803cfb61f590b39f2683853
    Online report  : http://virscan.org/report/a5a07d5491462d6eaa7ecf14cede7796.html
    
    Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
    a-squared      4.5.0.8         20100110180442    2010-01-10  5.83   -
    AhnLab V3      2010.01.09.02   2010.01.09        2010-01-09  1.72   -
    AntiVir        8.2.1.134       7.10.2.152        2010-01-10  0.42   -
    Antiy          2.0.18          20100108.3621411  2010-01-08  0.12   -
    Arcavir        2009            201001091222      2010-01-09  0.03   -
    Authentium     5.1.1           201001091522      2010-01-09  1.30   -
    AVAST!         4.7.4           100109-1          2010-01-09  0.01   -
    AVG            8.5.288         270.14.132/2611   2010-01-10  0.48   -
    BitDefender    7.81008.4850276 7.29817           2010-01-10  4.91   -
    CA (VET)       35.1.0          7225              2010-01-07  6.66   -
    ClamAV         0.95.2          10276             2010-01-09  0.01   -
    Comodo         3.13.579        3409              2010-01-10  1.23   -
    CP Secure      1.3.0.5         2010.01.10        2010-01-10  0.04   -
    Dr.Web         4.44.0.9170     2010.01.10        2010-01-10  8.46   -
    F-Prot         4.4.4.56        20100109          2010-01-09  1.24   -
    F-Secure       7.02.73807      2010.01.10.05     2010-01-10  0.14   -
    Fortinet       11.355-         11.355            2010-01-09  0.37   -
    GData          19.9886/19.668  20100110          2010-01-10  7.74   -
    ViRobot        20100108        2010.01.08        2010-01-08  0.51   -
    Ikarus         T3.1.01.80      2010.01.10.74933  2010-01-10  4.59   -
    JiangMin       13.0.900        2010.01.09        2010-01-09  12.22  -
    Kaspersky      5.5.10          2010.01.10        2010-01-10  0.12   -
    KingSoft       2009.2.5.15     2010.1.10.22      2010-01-10  0.56   -
    McAfee         5.3.00          5856              2010-01-09  3.39   -
    Microsoft      1.5302          2010.01.10        2010-01-10  10.14  -
    Norman         6.01.09         6.01.00           2010-01-09  6.02   -
    Panda          9.05.01         2010.01.09        2010-01-09  5.12   -
    Trend Micro    9.120-1004      6.760.04          2010-01-10  0.03   -
    Quick Heal     10.00           2010.01.09        2010-01-09  3.26   -
    Rising         20.0            22.29.06.04       2010-01-10  2.00   -
    Sophos         3.03.0          4.49              2010-01-10  3.00   -
    Sunbelt        3.9.2389.2      5608              2010-01-08  2.58   -
    Symantec       1.3.0.24        20100102.020      2010-01-02  0.06   -
    nProtect       20100110.01     6839932           2010-01-10  4.15   -
    The Hacker     6.5.0.3         v00145            2010-01-09  0.84   -
    VBA32          3.12.12.1       20100108.2153     2010-01-08  2.44   -
    VirusBuster    4.5.11.10       10.118.27/2007503 2010-01-10  2.35   -
    
     
  7. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

    BLoodroSE
    Thank you for posting! Your post will not be visible until a moderator has approved it for posting
     
  8. BLoodroSE

    BLoodroSE TS Rookie Topic Starter

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run the three programs HERE: Maywarebytes, Superantispyware, then HijackThis.

    Attach the 3 logs so I can get some idea of what's on the system. Unfortunately, if it is Virut, some is getting past that preliminary scan, depending where it is on the system.

    I can't even do a decent search because somehow, every security reporting board on the internet seems to have picked up this thread! When I start a search for either if the names, I see your "Help Urgent" at the beginning of the post!

    So I need some information from your system.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...