Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Virus:W32/Gpcode.AK


Aliases:


Virus.Win32.Gpcode.AK

Malware
Virus
W32

Summary

Gpcode.AK is "ransom-ware" that intends to extort money from the victim by encrypting data files. It requires the victim to order the malware author's custom tool to restore the encrypted data.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Gpcode.AK searches drives C to Z for the following file types on the system:

  • 7z
  • abd
  • abk
  • acad
  • ace
  • arh
  • arj
  • arx
  • asm
  • bak
  • bcb
  • bz
  • bz2
  • c
  • cc
  • cdb
  • cdr
  • cdw
  • cer
  • cgi
  • chm
  • cnt
  • cpp
  • css
  • csv
  • db
  • db1
  • db2
  • db3
  • db4
  • dba
  • dbb
  • dbc
  • dbd
  • dbe
  • dbf
  • dbm
  • dbo
  • dbq
  • dbt
  • dbt
  • dbx
  • djvu
  • doc
  • dok
  • dpr
  • dwg
  • dxf
  • ebd
  • eml
  • eni
  • ert
  • fax
  • fjs
  • flb
  • frg
  • frm
  • frt
  • frx
  • gfa
  • gfd
  • gfr
  • gtd
  • gz
  • gzip
  • h
  • hpp
  • htm
  • html
  • iges
  • igs
  • inc
  • jad
  • jar
  • java
  • jfi
  • jpe
  • jpeg
  • jpg
  • jsp
  • key
  • kwm
  • ldiflst
  • ldr
  • lsp
  • lzh
  • lzw
  • man
  • mdb
  • mht
  • mmf
  • mnb
  • mns
  • mnu
  • mo
  • msb
  • msg
  • mxl
  • old
  • p12
  • pak
  • pas
  • pdf
  • pem
  • pfx
  • pgp
  • php
  • php3
  • php4
  • pl
  • pm3
  • pm4
  • pm5
  • pm6
  • prf
  • prx
  • pst
  • pw
  • pwa
  • pwl
  • pwm
  • rar
  • rmr
  • rnd
  • rtf
  • safesar
  • sig
  • sql
  • tar
  • tbb
  • tbb
  • tbk
  • tdf
  • tgz
  • txt
  • uue
  • vb
  • vcf
  • wab
  • xls
  • xml

It then encrypts the discovered files using an RSA algorithm and renames them with a ._CRYPT extention and deletes the original files. As a ransom note, it drops the file !_READ_ME_!.txt to the directory that requires the victim to buy a custom decrypting tool from the malware author.





Description Created: 2008-06-08 22:03:26.0
Description Last Modified: 2008-06-09 12:36:25.0



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.