YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA
x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Cryzip.A

Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Cryzip.A compresses into password-protected ZIP format all the files with any of the following extensions: ARH, ARJ, ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC, FRM, FRT, FRX, GTD, GZ, GZIP, JPG, KEY, KWM, LST, MAN, MDB, MMF, MO, OLD, P12, PAK, PAS, PDF, PGP, PL, PWL, PWM, RAR, RTF, SAFE, TAR, TXT, XLS, XML, ZIP.

These extensions include Word documents, Excel spreadsheets, Access databases, text files, JPG pictures, files compressed using WinZip, WinRAR and ARJ, etc.

Users will not be able to open those files until they obtain the password. Cryzip.A creates a text file with instructions about how to pay for the password using e-gold.

If you have been affected by this Trojan, the password to decompress the files is the following:
C:\Program Files\Microsoft Visual Studio\VC98

Additionally, it overwrites the files mentioned above with the text string Erased by Zippo! GO OUT!!! and then, deletes them. This way, these files cannot be retrieved even if a special tool for recovering deleted files is used.

>

Infection strategy 

Cryzip.A creates the following files:

  • For each one of the files that it compresses with a password, Cryzip.A creates another file with the same name, to which it adds the text string _CRYPT_.ZIP.
  • AUTO_ZIP_REPORT.TXT, which contains instructions in order to purchase from the swindlers a certain tool that unzips all the files.

 

Cryzip.A modifies all the files with any of the following extensions: ARH, ARJ, ASM, BAS, C, CDR, CGI, CHM, CPP, DB, DB1, DB2, DBF, DBT, DBX, DOC, FRM, FRT, FRX, GTD, GZ, GZIP, JPG, KEY, KWM, LST, MAN, MDB, MMF, MO, OLD, P12, PAK, PAS, PDF, PGP, PL, PWL, PWM, RAR, RTF, SAFE, TAR, TXT, XLS, XML and ZIP, as it compresses them into password-protected ZIP files.

Means of transmission 

Cryzip.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Cryzip.A is written in the programming language Visual C++. This Trojan is 1,191,936 bytes in size.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365