:
127.0.0.1 www.antivir.de 127.0.0.1 www.bitdefender.de
127.0.0.1 www.znet.de
127.0.0.1 www.chip.de
127.0.0.1 www.virustotal.com
127.0.0.1 virusscan.jotti.org
127.0.0.1 www.kaspersky.com
127.0.0.1 www.sophos.de
127.0.0.1 www.trojaner-info.de
127.0.0.1 www.trojaner-help.de
127.0.0.1 www.arcabit.com
127.0.0.1 www.avast.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.clamav.net
127.0.0.1 www.drweb.com
127.0.0.1 www.f-prot.com
127.0.0.1 www.google.de
127.0.0.1 www.fortinet.com
127.0.0.1 www.nod32.com
127.0.0.1 www.norman.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.anti-virus.by/en
127.0.0.1 www.symantec.com
127.0.0.1 www.windowsupdate.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.zonelabs.com
127.0.0.1 www.heise.de
127.0.0.1 www.antivirus-online.de
127.0.0.1 www.free-av.com
127.0.0.1 www.panda-software.com
127.0.0.1 www.pc-welt.de
127.0.0.1 www.pc-special.net
127.0.0.1 download.freenet.de
127.0.0.1 www.vollversion.de
127.0.0.1 www.das-download-archiv.de
127.0.0.1 www.freeware.de
127.0.0.1 www.antiviruslab.com
127.0.0.1 www.search.yahoo.com
127.0.0.1 www.web.de
127.0.0.1 www.hotmail.com
127.0.0.1 www.hotmail.de
127.0.0.1 www.gmx.net
127.0.0.1 www.spiegel.de
127.0.0.1 www.icq.com
127.0.0.1 www.icq.de
127.0.0.1 www.flirtlife.de
127.0.0.1 www.ffh.de
127.0.0.1 www.lavasoft.de
127.0.0.1 www.de.wikipedia.org
127.0.0.1 www.wikipedia.org
127.0.0.1 www.en.wikipedia.org
127.0.0.1 www.wissen.de
127.0.0.1 www.virus-aktuell.de
127.0.0.1 www.arcor.de
127.0.0.1 www.t-online.de
127.0.0.1 www.t-com.de
127.0.0.1 www.alice-dsl.de
127.0.0.1 www.freenet.de
127.0.0.1 www.1und1.de
127.0.0.1 www.fbi.gov
127.0.0.1 www.polizei.de
Un block de notas es creado en la carpeta %System%. Se lo encuentra con la denominación WARNING_README_NOW.TXT y contiene el siguiente mensaje:
WARNING: FILE ENCRYPTION HAS BEEN FINISHED!
############################################
Dear User,
----------
Some Ascii Files have been encrypted with the sk0r alias Czybik's Ascii File Encryption Engine v1.0.
You are not longer able to use those files. But now nothing is lost. You are able to use your files again if
you decrypt them. To do this you need to buy a decoder and the
password.
==========
So how can you buy this? The following stepps will show you what to do:
Decryption Notes:
=================
1) Simply write an email to: sk0r1337@???.de with subject: Need Decoder and Password
2) Wait for an email from me.
3) Read the email and follow the stepps (you must give a payment to me to get the decoder and the
password
4) Open the decoder.exe
5) Input File and Password and click decrypt --> Do this for all encrypted files
Pricelist:
Decoder: Game Accounts in worth of about maximum 80
Password: Game or Internet Accounts (Websites) in worth of maximum 20
You see you can be lucky that the Decoder and the Password are so cheap.
Be lucky you are not a victim of other Ransomware, they are very expensive (400$)
So please follow the stepps. Otherwise you will not be able to use your files again.
Don 't send to avers. They will not be able to get or crack the password. So pay or say 'bye' to all your
encrypted files.
Regards: sk0r / Czybik - Malwarewriter
2006 by sk0r / Czybik
Win32.Skowor Ransomware 2006 by sk0r / Czybik sk0r alias Czybik's
Ascii File Encryption Engine v1.0 2006 by sk0r / Czybik
Más Información:
Noticias 
