Summary
Gpcode.AK is "ransom-ware" that intends to extort money from the victim by encrypting data files. It requires the victim to order the malware author's custom tool to restore the encrypted data.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Technical Details
Gpcode.AK searches drives C to Z for the following file types on the system:
- 7z
- abd
- abk
- acad
- ace
- arh
- arj
- arx
- asm
- bak
- bcb
- bz
- bz2
- c
- cc
- cdb
- cdr
- cdw
- cer
- cgi
- chm
- cnt
- cpp
- css
- csv
- db
- db1
- db2
- db3
- db4
- dba
- dbb
- dbc
- dbd
- dbe
- dbf
- dbm
- dbo
- dbq
- dbt
- dbt
- dbx
- djvu
- doc
- dok
- dpr
- dwg
- dxf
- ebd
- eml
- eni
- ert
- fax
- fjs
- flb
- frg
- frm
- frt
- frx
- gfa
- gfd
- gfr
- gtd
- gz
- gzip
- h
- hpp
- htm
- html
- iges
- igs
- inc
- jad
- jar
- java
- jfi
- jpe
- jpeg
- jpg
- jsp
- key
- kwm
- ldiflst
- ldr
- lsp
- lzh
- lzw
- man
- mdb
- mht
- mmf
- mnb
- mns
- mnu
- mo
- msb
- msg
- mxl
- old
- p12
- pak
- pas
- pem
- pfx
- pgp
- php
- php3
- php4
- pl
- pm3
- pm4
- pm5
- pm6
- prf
- prx
- pst
- pw
- pwa
- pwl
- pwm
- rar
- rmr
- rnd
- rtf
- safesar
- sig
- sql
- tar
- tbb
- tbb
- tbk
- tdf
- tgz
- txt
- uue
- vb
- vcf
- wab
- xls
- xml
It then encrypts the discovered files using an RSA algorithm and renames them with a ._CRYPT extention and deletes the original files. As a ransom note, it drops the file !_READ_ME_!.txt to the directory that requires the victim to buy a custom decrypting tool from the malware author.
Description Created: 2008-06-08 22:03:26.0
Description Last Modified: 2008-06-09 12:36:25.0
Submit a sample
Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)
F-Secure Community
Give advice. Get advice. Share the knowledge on our free discussion forum.