Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Panda Security

Merry Christmas!

This offer ends in:

0 0

Hours

0 0

Minutes

0 0

Seconds

-60%

Special Offer: Renew with a 60% discount

Forgot your customer ID? Click here

-60%
Panda Security

Merry Christmas!

-50% on all Panda Dome products

-50%
Buy
My Account

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Cryzip.A

 
Threat LevelModerate threat
DamageHigh
DistributionNot widespread

At a glance

Common name:Cryzip.A
Technical name:Trj/Cryzip.A
Threat level:Low
Type:Trojan
Effects:  

It compresses user files in password-protected ZIP files, so that affected users will not be able to open them until they enter the correct password.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:March 13, 2006
Detection updated on:March 15, 2006
StatisticsNo

Brief Description 

    

Cryzip.A is a Trojan that compresses in password-protected ZIP format all the files with any of the following extensions: ARH, ARJ (files compressed with ARJ), ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC (Word documents), DPR, DSW, FRM, FRT, FRX, GTD, GZ, GZIP, JPG, KEY, KWM, LST, MAN, MDB (Access databases), MMF, MO, OLD, P12, PAK, PAS, PDF, PEM, PGP, PL, PWL, PWM, RAR (files compressed with WinRAR), RTF, SAFE, TAR, TXT (text files), XLS (Excel spreadsheets), XML and ZIP (files compressed with WinZip).

Users will not be able to open those files until they enter the password. Cryzip.A creates a text file with instructions about how to pay for the password using e-gold.

If you have been affected by this Trojan, the password to decompress the files is the following:
C:\Program Files\Microsoft Visual Studio\VC98

Cryzip.A does not spread automatically by its own means. It needs an attacking user's intervention in order to reach the affected computer.

Visible Symptoms 

    

Cryzip.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, if you cannot find any files with the extensions mentioned above and instead of them, there are files whose names contain the text string _CRYPT_.ZIP, your computer is likely to have been affected by Cryzip.A.

Tech details

Effects

Cryzip.A compresses into password-protected ZIP format all the files with any of the following extensions: ARH, ARJ, ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC, FRM, FRT, FRX, GTD, GZ, GZIP, JPG, KEY, KWM, LST, MAN, MDB, MMF, MO, OLD, P12, PAK, PAS, PDF, PGP, PL, PWL, PWM, RAR, RTF, SAFE, TAR, TXT, XLS, XML, ZIP.

These extensions include Word documents, Excel spreadsheets, Access databases, text files, JPG pictures, files compressed using WinZip, WinRAR and ARJ, etc.

Users will not be able to open those files until they obtain the password. Cryzip.A creates a text file with instructions about how to pay for the password using e-gold.

If you have been affected by this Trojan, the password to decompress the files is the following:
C:\Program Files\Microsoft Visual Studio\VC98

Additionally, it overwrites the files mentioned above with the text string Erased by Zippo! GO OUT!!! and then, deletes them. This way, these files cannot be retrieved even if a special tool for recovering deleted files is used.

>

Infection strategy 

Cryzip.A creates the following files:

  • For each one of the files that it compresses with a password, Cryzip.A creates another file with the same name, to which it adds the text string _CRYPT_.ZIP.
  • AUTO_ZIP_REPORT.TXT, which contains instructions in order to purchase from the swindlers a certain tool that unzips all the files.

 

Cryzip.A modifies all the files with any of the following extensions: ARH, ARJ, ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC, FRM, FRT, FRX, GTD, GZ, GZIP, JPG, KEY, KWM, LST, MAN, MDB, MMF, MO, OLD, P12, PAK, PAS, PDF, PGP, PL, PWL, PWM, RAR, RTF, SAFE, TAR, TXT, XLS, XML and ZIP, as it compresses them into password-protected ZIP files.

Means of transmission 

Cryzip.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Cryzip.A is written in the programming language Visual C++. This Trojan is 1,191,936 bytes in size.

Solution

See solution

Anytech logo

Call us 24/7 and get a FREE DIAGNOSIS

+1 (323) 395 2630

logo
Panda Security, a WatchGuard Technologies brand, offers the most advanced protection for your family and business. Its Panda Dome range provides maximum security against viruses, ransomware and computer espionage, and is compatible with Windows, Mac, Android and iOS.
    About Panda
    Company Info Reviews Awards and certifications Panda Worldwide Blog Security Info
    Home Users
    Panda Dome portfolio Customer Login Page Online Antivirus Downloads Free Antivirus Free VPN Offers
    Business - WatchGuard Technologies
    Watchguard Endpoint Security Network Security Authpoint MFA Secure Wi-Fi Partners
    Visa Master Card Maestro Pay Pal Apple Pay
    Bank Transfer iDeal Klarna
    Privacy Policy Legal Notice Cookie Policy Return Policy