December 1st, 2009 | 
Author: Good question Monique. And the answer is an unequivocal “maybe.”
As I haven’t personally dealt with either of these pieces of malware, I’m going from the reports I have read.
The first piece of malware discussed (Win32/RansomSMS.AH) blocks Internet access, through what process I do not know. Not knowing what file, files, registry entries or whatever else have been modified, I do not know that the given data would have been backed up.
So seems to me that there’s a good chance a restoral from backup might not solve the problem.
If it is a complete disk image taken from just before the infection, I’d expect it to work, but the existence of such an image for the average user (or even the advanced forensic guru) seems unlikely.
As for the earlier GPcode.ak, I’d say restoring from a backup of the affected files would probably work fine…as long as the old files weren’t erased by a new backup. Fortunately the new, encrypted files have a different name so as long as old files aren’t deleted with a new backup, the old files with their original names ought to still be available to be restored.
Thanks for the thoughtful question. Btw – I’m impressed with how fast your site loads.
Cheers, Steve
Source: Steve B
Posted in Uncategorized