A friend ask me for help.

His PC have been infected by a trojan that looks like GPcode except that from my research.
The trojan GPcode use a 1024 bits RSA to encrypt the victims files.

However, this trojan use AES to encrypt the victims files. See below.
Does anyone know how to decrypt the AES files ????

===================================
Your files are encrypted!
Decrypter costs 30 euro!
Vore information at:

s/n: saewQ^7eFV!mj<lEhY5g|yuM
key: M7@\Hd5tMnk5+w3R!Y8@Mn+K

Do not delete or change this file!!!

Your post isn't related to ClamWin operation/problems/support.

However, go to the Dr. Web site. They have a free decryptor that may help.

Regards,

Thanks for the information.

BTW. Does Clamwin have any decryption ability against those viruses that encrypt itself to avoid detection

I have scan my friends PC without detecting anything. So I backup his data files (*.xls.crypt) and reformat his PC.

I am going to use the decryptor to recover his files.

ClamWin uses the Clam AV engine which doesn't do any decrypting. It can unpack unobscured malware that uses popular unpackers, it can disassemble a short section of malware if it finds an unobscured entry point, and it can unzip programs compressed with popular zip/archive programs. Clam is primarily devoted to finding malware from its signature database, however, so if there is no signature for a piece of malware, it can't help. The database is updated frequently from user submissions of malware, so it has signatures for most of the "popular" malware.

Regards,