There is a lot of "ransomware" malware going around lately that encrypts a user's files and then asks for money to decrypt them. The worst one is called Malware Protection and it encrypts the files to a .rar file with a 50 digit password.
Details about Malware Protection malware:
Obviously a 50 digit password protected AES encrypted .rar file is virtually impossible to decrypt, so I will not ask for help about this particular malware here.
But there is another "ransomware" malware variant going around which seems to encrypt the user's files in a different way which is amenable to decryption. This variant is called the FBI Moneypak trojan and it does not convert the user's files to password protected .rar files. Instead it encrypts the files and adds a .block file extension to the end of the file. I think the encryption it uses is the Tiny Encryption Algorithm (TEA), and some people have had success in decrypting the files using various switches in a tool called te94decrypt.exe which is available from the Dr.Web antivirus website. However, the problem is knowing which switch to use.
I have uploaded a .rar file to RapidShare which contains a Microsoft Word .docx file with the .block file extension that has been encrypted by the FBI Moneypak trojan, and also a copy of the te94decrypt.exe tool from the Dr.Web antivirus website.
I am looking for a general method of decrypting these files which I can use to help other infected users. So if any of the experts here can help with decrypting these .block files, I will be extremely grateful.
Link to the .rar file I uploaded to RapidShare:
The pleasehelp.rar file does not contain any infected files. One of the files is an encrypted Microsoft Word document, and the other file is a legitimate decryption tool from the Dr.Web antivirus website.