XTBL (virus cipher): how to decipher?

More recently, the Internet has appeared new pest - virus cipher XTBL.For many users, it has become a real headache.The fact is that in its essence is a program extortionists, to cope with which it is not so simple.But let's see what we can do and what action to take is not recommended.

What XTBL-virus?

fact that computer viruses do exist, do not need anyone to explain.They now can count hundreds of thousands.But one of the global problems was the recent emergence of XTBL-virus, remote data is encrypted on the user's computer terminal.

Frankly, many IT-giants like "Kaspersky Lab" or ESET were simply not ready for such an epidemic, as have never encountered anything like this.

Of course, in the database of virus signatures of any corporation that develops anti-virus software, there are a lot of templates, which can keep track of suspicious files and malicious code, but as it turns out, it does not always help.

A similar situation was observed when there was a well-known and sensational at the time the virus under the name «I Love You», which simply removes the multimedia content from infected computers.Virus-cipher XTBL acts in a similar way and is quite unusual modification of the Trojan, combined with extortion of money.

As the virus enters the system?

As for penetration into the system, you can point out a few important aspects.The fact that the virus extension XTBL as such does not manifest itself.Most often, the threat comes in the form of a letter by e-mail with attachments archive type or .scr (screensaver file extension standard Windows).

Based on this, it may be advisable, never detach attachments containing such files, even if they come from a reliable source.In an extreme case, if there's one full-time virus scanner before opening the attachment it must simply check for the content threats.

How are the effects of the virus?

Consequences, alas, it is extremely sad.If the user already "caught" this infection, you need to be very careful.

virus itself remotely encrypt user files on your computer (most often it concerns the photo or music) to the renaming of names in a set of letters and numbers and using extension .xtbl.

But that's not all.After completion of the encryption process the user is a system message that the files on the computer were encrypted.In order to obtain a so-called decoder file after virus XTBL, the user is invited to pay a tidy sum (usually in the region of 5,000 rubles) and send the code to the e-mail addresses such as [email protected], [email protected] or [email protected].

As is clear, this is not worth.As a result, you can just spend the money, and in return do not get absolutely nothing (in fact, do).

Independent attempts to get rid of the virus

Unfortunately, the technology on which works with the expansion of the virus XTBL, still has not been studied thoroughly, so to speak about any active action is not necessary.

trouble in another self attempt to rename the infected files, or change of expansion only leads to the fact that all information will be immediately deleted.For example, you try to change the file type 12345uі8758av9gs5764.xtbl, which was once a photograph.After renaming, of course, press Enter to complete the operation.The file is immediately deleted, in spite of everything, and not in the "shopping cart", and from the hard disk without the possibility of recovery.Using specialized tools for data recovery and a positive outcome is not guaranteed.

antivirus utility

with Kaspersky everything is not easy.Today there is a real threat posed XTBL-virus.How to decode the data after its impact, no one knows.Note that even the experts "Kaspersky Lab" frankly admitted that they currently do not have effective means to deal with this unexpected threat.

Although in some respects XTBL-virus and behaves like a regular Trojan, however its effect is quite different from the standard scheme.Even the attempt to find the virus file system standard scanner or manual mode, and the subsequent removal of lead only to the fact that the virus creates its own copy, masquerading system or user files.In this case, find it on your computer becomes a Sisyphean labor.Moreover, the virus lies protection from such interference.

line scan

As for online decryption can only say that at the moment none of the developers have absolutely no means to do so.So if you offer to take advantage of a Web resource, you can be sure that it is a complete divorce.

priority in the creation of an antidote for all IT-giants of the problem is a priority.But not all that bad.

possible to find the decoder files after a virus XTBL?

As is clear, today at least some more or less operating funds to protect against this virus does not exist in nature.However, you can try to prevent actions that they committed.

For example, if you noticed the start of the encryption process, you can quickly complete the process in the tree, using the standard "Task Manager."

Maybe another situation when a computer terminal is already present XTBL-virus.How do I remove it?This can be done only by means of a standard anti-virus (but not in any way manually), although this step is not a guarantee that the user will get rid of this pest.

If all else fails

In the extreme case, if absolutely nothing works, you can use to remove Trojan programs such as Rescue Disc with antivirus software.We are talking about today is not decrypted.At least at least remove XTBL-virus yet, so to speak, as not running Windows, you can start up using tools such as Rescue Disc.

himself a pest, you can remove.If it comes to the effects of a Trojan, unfortunately, there is nothing you can do.Apparently, XTBL-virus belongs to a new generation of pests for which the drug has not yet been established, although all efforts are aimed precisely at this.

According to recent reports the developers of anti-virus software "Kaspersky Lab" announced that in the near future means to combat computer-nouveau pest is found.Well, ordinary users can only wait and hope that the new drug would be most effective.

Conclusion In conclusion it should be said that in contrast to the standard encryption methods that the virus does not use algorithms such as AES.That is why decrypt the data after exposure to the virus is a daunting task, as in the days of the Second World War the German Navy messages that used encryption technology "Enigma".

But do not despair.I think in the near future solution to this problem will be found.The main thing - do not panic, do not turn off the computer and rename files.It is better to wait for the official release of anti-virus solutions, and that alone can spoil everything just.