Virus changed all files types and extension !!!!!!!!!!!!!
January 22nd, 2015, 7:00
I have a windows 7 PC for one of my customers with strange problem
ALL Microsoft office files, PDf, pictures,...., almost all personal files
All files extention have changed from .doc to .DOC.jejfpoi and .pdf to .PDF.jejfpoi and so on
I tried to change the files back to original extention but still cannot open it (Microsoft office wont recognize it), I think it been encrypted ???
I did scan using (Symantec 360) but nothing found ???
I have attached 3 files for you to try fixing them.
ALL Microsoft office files, PDf, pictures,...., almost all personal files
All files extention have changed from .doc to .DOC.jejfpoi and .pdf to .PDF.jejfpoi and so on
I tried to change the files back to original extention but still cannot open it (Microsoft office wont recognize it), I think it been encrypted ???
I did scan using (Symantec 360) but nothing found ???
I have attached 3 files for you to try fixing them.
- Attachments
-
- scan0003.JPG.zip
- (3.95 MiB) Downloaded 855 times
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 7:49
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 8:40
First of all pleas don't use this kind of font, there is no need.
Second did your client use any antyvirus on his computer?? If no, I think that your client is victim of so called "ransomware". It is "worm/virus" that is encrypts data on drive not whole drive but single files. Then you see the information that if you want to decrypt data you must pay the ransom.
So there is two options first client pay the ransom, and second you try brute-force.
Regards
Second did your client use any antyvirus on his computer?? If no, I think that your client is victim of so called "ransomware". It is "worm/virus" that is encrypts data on drive not whole drive but single files. Then you see the information that if you want to decrypt data you must pay the ransom.
So there is two options first client pay the ransom, and second you try brute-force.
Regards
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 9:14
samurai7 wrote:First of all pleas don't use this kind of font, there is no need.
Second did your client use any antyvirus on his computer?? If no, I think that your client is victim of so called "ransomware". It is "worm/virus" that is encrypts data on drive not whole drive but single files. Then you see the information that if you want to decrypt data you must pay the ransom.
So there is two options first client pay the ransom, and second you try brute-force.
Regards
sorry for the font, it just too small i thing
if the clint pay the ransom ? will it be encrypted ? or he will just loose his money ?
i mean are they trusted after they receive there ransom, did it work before ??
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 9:47
@LostDataSa
Honestly I don't know ;/ I only know how it works in theory, I never had a chance to check this in practice. And I hope I never will.
Honestly I don't know ;/ I only know how it works in theory, I never had a chance to check this in practice. And I hope I never will.
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 10:28
i followed the instruction on (Decrypt All Files jejfpoi.txt) which found everywhere on my Clint drive
they are asking for 630 USD
and they gave me the option to decrypt one file only
I have uploaded the encrypted and the decrypted files together in rar file
the question by comparing the encrypted and the original file, wil it be possible to find the encryption key
they are asking for 630 USD
and they gave me the option to decrypt one file only
I have uploaded the encrypted and the decrypted files together in rar file
the question by comparing the encrypted and the original file, wil it be possible to find the encryption key
- Attachments
-
- compair.rar
- (15.33 KiB) Downloaded 620 times
-
Decrypt All Files jejfpoi.txt- (1.24 KiB) Downloaded 1040 times
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 10:31
More than just extensions were altered. Likely a new variant of the encryption-ransom-wares going around. You used to be able to recover files from shadow copies but this is not often the case anymore. Most ransomware's give a short window to pay- paying only guarantees you wont have the money. These criminals may give you the key to decrypt- but sometimes don't as there is nothing you can do about it if you pay. I suggest no one ever pay- then this would stop.
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 10:35
warnerr wrote:More than just extensions were altered. Likely a new variant of the encryption-ransom-wares going around. You used to be able to recover files from shadow copies but this is not often the case anymore. Most ransomware's give a short window to pay- paying only guarantees you wont have the money. These criminals may give you the key to decrypt- but sometimes don't as there is nothing you can do about it if you pay. I suggest no one ever pay- then this would stop.
I tried using r-studio
i found all the original files deleted but there are almost the same size and non of them working
also tried to repair the recovered files but no luck also
i am saying the only way is to decrypt these file or if we are able to find the key by comparing the encrypted file and the file was decrypted by the hacker website ( they gave me only one file to decrypt)
Last edited by LostDataSa on January 22nd, 2015, 10:42, edited 1 time in total.
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 22nd, 2015, 11:08
here is another file that is also decrypted for comparing them
- Attachments
-
- compair2.rar
- (1.71 KiB) Downloaded 593 times
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 23rd, 2015, 6:43
LostDataSa wrote:i followed the instruction on (Decrypt All Files jejfpoi.txt) which found everywhere on my Clint drive
they are asking for 630 USD
and they gave me the option to decrypt one file only
I have uploaded the encrypted and the decrypted files together in rar file
the question by comparing the encrypted and the original file, wil it be possible to find the encryption key
I do not recommend you pay the extortionist, because it encourages this bad people keep doing the same.
Also I know cases after paying the amount of 3000 eur. customer have not received any key or mode to get data.
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 23rd, 2015, 8:14
I don't agree with your theory that paying will encourage them and not paying will discourage them. They will keep doing this because it works. many people pay.
I do agree to not pay them though.. as good Will Hunting said quite eloquently... " Because Fuck them, that's why".
paying them is no guarantee they will give any key or decrypt your files. The best thing you can do is prevent it. Don't leave network drives mapped unnecessarily, don't leave backup drives connected, don't overwrite your backups too quickly.
maybe try some new technology. Recently Palo Alto bought Cyvera. They are developing some really interesting endpoint protection. Basically there are around 20 techniques most malware uses and these guys are researching each one and writing defence for each. listen to the latest Risky Business podcast for an interview with the CTO of PAN http://risky.biz/RB350 , or download and try it https://www.paloaltonetworks.com/products/endpoint-security.html
I do agree to not pay them though.. as good Will Hunting said quite eloquently... " Because Fuck them, that's why".
paying them is no guarantee they will give any key or decrypt your files. The best thing you can do is prevent it. Don't leave network drives mapped unnecessarily, don't leave backup drives connected, don't overwrite your backups too quickly.
maybe try some new technology. Recently Palo Alto bought Cyvera. They are developing some really interesting endpoint protection. Basically there are around 20 techniques most malware uses and these guys are researching each one and writing defence for each. listen to the latest Risky Business podcast for an interview with the CTO of PAN http://risky.biz/RB350 , or download and try it https://www.paloaltonetworks.com/products/endpoint-security.html
Re: Virus changed all files types and extension !!!!!!!!!!!!
January 15th, 2016, 9:02
Hello Spildit,
As i am new to this forum, i could not compose new post. but i am trying from here if you get , it would be helpful
Friend of mine has seems to be same problem , seem his work pc been infected by ransomware and , he send me this photo file to check if i could recover this file.
Could you please have a look to this photo file and tell me the details of infection and solution to this problem.
bunch of thanks with big hearth.
Regards
Digu
As i am new to this forum, i could not compose new post. but i am trying from here if you get , it would be helpful
Friend of mine has seems to be same problem , seem his work pc been infected by ransomware and , he send me this photo file to check if i could recover this file.
Could you please have a look to this photo file and tell me the details of infection and solution to this problem.
bunch of thanks with big hearth.
Regards
Digu
- Attachments
-
- 17115_910526755677816_1016787013723012869_n.jpg.zip
- (61.22 KiB) Downloaded 637 times
Powered by phpBB © phpBB Group.