Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Encrypted docs & pics

This is a discussion on Encrypted docs & pics within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I just noticed this morning that some of the word documents on my desktop are opening incorrectly - sample attached.


Closed Thread
 
Thread Tools Search this Thread
Old 02-12-2016, 05:55 PM   #1
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



I just noticed this morning that some of the word documents on my desktop are opening incorrectly - sample attached. How do I fix that please? It seems to be encrypted and I've no idea how it happened.

Uhmmmm - it wont let me upload it - Ping.JPG.encrpted: Invalid file.

As you can imagine, it's all double dutch inside the file.

I ran SuperAntispyware and disposed of usual cookies. Malwarebytes found nothing and Trend House call found nothing. A document I typed last night on desktop is OK. It is just the older documents which look like they are encrypted (somehow)

Listed in desktop - the problem ones are encrypted rather than docs or pics.

Cansomeone please help?
joodyanne is offline  
Sponsored Links
Advertisement
 
Old 02-13-2016, 01:44 PM   #2
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



Can no-one help me ?
joodyanne is offline  
Old 02-13-2016, 07:32 PM   #3
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



I know for sure now that I have the CryptOLOcker virus
joodyanne is offline  
Sponsored Links
Advertisement
 
Old 02-14-2016, 02:15 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Cryptolocker Hijack program - Page 26 - General Security

Cryptolocker Hijack program - General Security
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-14-2016, 03:34 PM   #5
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



Thanks Chemist, but this is all a bit too hi-tech for me :(
joodyanne is offline  
Old 02-14-2016, 05:50 PM   #6
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,808
OS: Windows 7 Professional SP1

My System

I think he's saying that cryptolocker is unfixable. Those two links tell you how and why.
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 02-14-2016, 08:44 PM   #7
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



Then what do I do? lol
joodyanne is offline  
Old 02-15-2016, 06:07 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



In the first link I gave you, scroll down to 'How to restore your encrypted files from Shadow Volume Copies'. Read those instructions to see if this is possible.

If those instructions don't work, any encrypted files are essentially gone forever, unless you pay the ransom, which we don't recommend doing.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-15-2016, 12:17 PM   #9
Registered Member
 
Join Date: Jul 2011
Location: Bendigo, Victoria
Posts: 168
OS: Win7 HP SP1



Actually I did that yesterday, but the box was empty. So if they are gone forever, do I just delete them? How come no-one has been able to get rid of this program without having to pay (I am dubious to pay because I dont know if they are genuine or not)

Thanks for your help Chemist.
joodyanne is offline  
Old 02-15-2016, 01:15 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, joodyanne. Sorry we couldn't do more.

Quote:
How come no-one has been able to get rid of this program without having to pay
Their method of encryption is just too hard to break. Without the decryption key, there is no way in.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-04-2016, 11:59 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN issues CISCO
Hello all. I recently switched providers and I am having trouble accessing the internet network from VPN. Any suggestions?
mrw5641 Networking Support 146 11-20-2015 10:06 AM
Post 8 to 8.1 Upgrade - EFS Encrypted folders Access Denied
This Windows 8.1 upgrade was titled an 'Upgrade' - I assumed it would be like a Service Pack or such - maintaining original OS settings - WRONG. All of my previously Windows EFS encrypted folders and files (showing green per show encrypted folders green checkbox in Explorer) now show 'Access...
MNGuy248 Windows 8, 8.1 Support 0 11-16-2013 03:45 PM
Google Docs used as proxy to C&C server by new malware
Security researchers from antivirus vendor Symantec have uncovered a piece of malware that uses Google Docs, which is now part of Google Drive, as a bridge when communicating with attackers in order to hide the malicious traffic. The malware - a new version from the Backdoor.Makadocs family -...
Glaswegian Computer Security News 0 11-20-2012 02:18 PM
what are encrypted files ?? do we have any way to encrypt or decrypt and file ??
Hello, 1) What are encrypted files and how do we know which files are encrypted and which are not. 2) i know its against the TSF rules to discuss anything related to password recovery or anything like that but just curious to know when anybody forget the password and if they are able to...
bindudhindsa Windows 7 , Windows Vista Support 9 06-09-2011 12:36 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:41 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts