Virus attack - any idea's please ?

  Furkin 10:32 27 Mar 2015
Locked

Yesterday, at about mid morning, I noticed that I couldn’t open my MS-Word files. They came up with things like: “can’t open, may be corrupted”, or “wrong extension” and sometimes the ‘File Conversion’ window.

As I panicked, I noticed that MS-Excel is in the same way. I did a restore + Spybot scan + Malwarebytes scan – to no avail.

This morning I wanted to attach a picture to an email, and see that they are ‘corrupted’ as well. 99.9% of my pictures are in .jpg format. When I see them in P.Shop folders, they have a PSD logo overprinted on each file, though the actual extension is still .jpg.

I tried changing it to .psd, but it still wouldn’t open.

I Just noticed that I have a couple of new files in the folders, starting with “HELP ENCRYPTION" ????? or similar.

This takes me to a page telling me that this bastard of a company has hijacked my files and want paying to release them. Some of their files contain: Balzakoptions + welcomoptions + visataster etc

I assume that I’m not the only one, so I’m hoping that there is a fix for this.

I’ll add a couple of images to Photobucket shortly, to show what I get.

This is a catastrophe as all my stuff is within these files.

I have the Auto back-up running on a separate drive (E) but have no idea how to use it in this instance. Even if I can open my files again, I’m sure the same virus will get them anyway.

Cheers guys

  alanrwood 11:05 27 Mar 2015

First of all disconnect your backup drive in an attempt to isolate the problem and hopefully prevent your backups from being corrupted as well.

You will need to search the web for any fix as I don't know of one for this particular one. In any case if you have good backups of your data then a complete reinstall after reformat is probably the cheapest option.

This is a good reason that I keep a backup on a separate USB attached Hard Drive which is always switched off unless I am actually backing up the files to it. Another good suggestion is to install CryptoPrevent in the future. Worth every cent to prevent your situation.

  Fruit Bat /\0/\ 11:24 27 Mar 2015

If its an old strain you may be lucky

"Now, security firms Fox-IT and FireEye - which aided the effort to shut down the Gameover Zeus group - have created a portal, called Decrypt Cryptolocker, via which any of the 500,000 victims can find out the key to unlock their files.

"All they have to do is submit a file that's been encrypted from that we can figure out which encryption key was used," said Greg Day, chief technology officer at FireEye.

Mr Day said people wishing to use the portal - click here - should submit a file that did not contain sensitive information to help it verify which key they needed."

  Furkin 11:36 27 Mar 2015
  Furkin 13:24 27 Mar 2015

I tried one crypto buster as in the Guardian or Mail, called Spy-hunter. But half way through the scan, I realised it was just another service that finds hundreds of problems, then asks for money.

At the end of the scan, it came up with1800 problems,,,, and asked for money.

Don't get me wrong, even living on DLA, I don't mind paying something, as long as it does what I need !

Am off to physio now, so will look into CryptoLocker when I get home.

  Secret-Squirrel 13:46 27 Mar 2015

Furkin, by all means try FB's advice, but because modern encryption systems are so powerful, I'm doubtful that that website will find the key required to unlock your encrypted files. It's definitely worth tying. Don't waste your time with any other security programs as they won't be able to help with this issue.

I know it's little consolation but reports do indicate that the rogues do decrypt your files when they've received payment. $500 is an awful lot of money though. Note too that the rogue's webpage you provided has a link to decrypt one file for free so you can confirm that your files are, in principle, recoverable.

"I have the Auto back-up running on a separate drive (E) but have no idea how to use it in this instance."

The easiest solution may be to accept that your personal files will always be inaccessible and restore them from your backup. Tell us in full about this "Auto back-up" thingy you've got and someone may be able to help.

Good luck with everything.

  Secret-Squirrel 14:31 27 Mar 2015

Furkin, I've just remembered something. Depending on your version of Windows you may be able to use the "Previous Versions" feature for your affected files. Have a read here and scroll down to the "Use a Previous Version" section. However if you've got hundreds of files then it'll take a long time to do them all.

  Secret-Squirrel 14:44 27 Mar 2015

Here's a better link.

  Furkin 09:03 28 Mar 2015

Cheers SS:

That takes me to another "we'll find 1500 problems, then you pay", but with no guarantee that it will fix this particular problem.

I'm on Win-7 ult (32).

My Back-up is on a separate - internal - drive (E).

I think I'm using the back-up that's included in Win-7.

  Furkin 09:11 28 Mar 2015

INFORMATION ONLY:

I think this 'virus' was brought in via an email message, saying that I had a fax. The subject line contained "BG ceo". This is name of an insurance company, where I emailed the ceo, so it looked feasible.

When I clicked on the link, nothing happened - well, visually anyway. I'm sure that something occurred behind the scenes.

Now I think back, no-one has my fax number.

I have had the same message twice, unless it was Thunderbird duplicating the first one - which occurs regularly.

  Secret-Squirrel 09:56 28 Mar 2015

"That takes me to another "we'll find 1500 problems, then you pay"........."

When you say "that" do you mean one or both of the links I posted? If so then those webpages are completely clear of any rogue programs and are simply instructions on how to use "Previous Versions" and general info about the CryptoLocker virus. It sounds like your PC may have multiple malware issues if you're being offered scam software.

Did you follow any of the printed instructions on how to restore your files? If not then have a look at my last link and try a single file first to see if it works - "Letter to Audrey 2015" would be a good one to start with.

PS: What anti-virus program are you running?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

Alice Saey's mesmerising animation for Dutch singer Mark Lotterman

iPad Pro 10.5in (2017) review

Comment booster votre iPhone ?