微点交流论坛

标题: 卡巴斯基：Virus.Win32.Gpcode.ak解决方案 [打印本页]

作者: gudan 时间: 2008-6-29 14:07 标题: 卡巴斯基：Virus.Win32.Gpcode.ak解决方案

原文：http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444
You need to take the following steps to decrypt files:

Find all encrypted files which have the ._CRYPT extension from the victim machine and copy them onto a portable data device into a folder named encrypted.

Follow the instructions above in ‘Restoring Files’ and save the restored files with the correct restored names onto the portable data device in a folder named ‘backup’.

Match unencrypted copies of the files with the encrypted versions in the ‘encrypted’ folder. You can find unencrypted versions of your files in your backup. If you've lost photos, you might have a good copy left on the memory card of your camera. Potentially you may have good copies of your encrypted files on network resources. These are the files you should look for and copy to the folder named ‘backup’.

Important! You MUST sure that the files that you save to the backup folder have identical names to the files in the ‘encrypted’ folder – everything should be identical for except the extension ._CRYPT .
Create a folder named ‘decrypted’ where you will save the decrypted files. Download the free Stopgpcode2 tool from the Kaspersky website. This is used to decrypt your files.

Launch StopGpcode2 from the command prompt (Start > Run > cmd.exe ) – be sure to include the full path to the folders ‘encrypted’, ‘backup’ and ‘decrypted’. For instance, if the tool and the folders are located in the root of drive e: - then you need to execute:

e:\stopgpcode2.exe e:\encrypted e:\backup e:\decrypted
Once the program executes, you will see the tool starting to decrypt your files.

After the tool completes decrypting it will display a ‘Done’ message. Now you can open the ‘decrypted’ folder and check which files the tool was able to decrypt.

Important! The tool may not be able to decrypt all files completely. In this case it will partially restore files display a message saying ‘partly recovered’.
Also, please do not test the tool on a virtual machine. The results are likely to differ significantly from results on a regular machine.

您需要采取下列步骤，以解密档案：

找到所有的加密文件，其中包含 _crypt延长的文件，从受害人的机器将它们复制到便携式数据存储设备中，存放在一个叫做“encrypted”的文件夹中

按照上述提示，建立一个“backup”目录，“encrypted”目录中成功被恢复的文件将被存放到此目录

在'encrypted文件夹中检查未加密的副本文件与加密的版本。您的备份档案中存放着您的被加密文件版本，您可以从您的相机的记忆卡中恢复您丢失的照片文件。 .您被加密的文件在网络资源中可能有很多副本， .这些都是档案，您应该寻找并复制到该文件夹命名为'backup' 。

重要的是您必须确保你保存到备份文件夹上有着相同名字的文件，在'backup'的文件夹中除增长的文件一切应相同。创建一个文件夹，名为'backup' ，你将可节省解密档案。从卡巴斯基的网站下载免费的stopgpcode2工具用来解密您的文件。

从命令提示符（开始“ >运行> cmd.exe ）执行stopgpcode2 -一定要包含完整路径的文件夹'encrypted' ， 'backup'和decrypted' 。举例来说，如果工具和文件夹设在驱动器E根目录下：那么你需要执行：
e:\stopgpcode2.exe e:\encrypted e:\backup e:\decrypted

一旦程序执行，您会看到该工具开始解密您的文件。

该工具完成解密之后，它会显示一个'Done'的讯息。现在，您可以打开'decrypted'的文件夹，并检查有哪些文件的工具能够被解密。

重要的是改工具可能无法将所有文件完全进行解密。在这种情况下将显示一条消息“partly recovered’”提示文件部分解密
同时，对一个虚拟机请不要测试工具。结果很可能在同一台机器上差异甚大。

解密工具下载：http://www.kaspersky.com/downloads/misc/stopgpcode2.zip

[ Last edited by gudan on 2008-6-29 at 20:24 ]

附件 1: 21782396.jpg (2008-6-29 14:11, 51.22 K,下载次数： 63)

附件 2: 21782393.jpg (2008-6-29 14:11, 88.73 K,下载次数： 47)

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn