Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: The virus has changed the file extension

10 Feb 2015   #1
ebrahimn65

win 8
 
 
The virus has changed the file extension

Hello Friends
My computer recently got a strange virus
Change the extension of all files (Word, Excel, Photoshop, etc.)

File extensions such as:
10.93.DOCX.kbuibxd
amar.XLSX.kbuibxd
khorasan.XLSM.kbuibxd

Note: Only files with uppercase extensions

Please help me because I have lost important files

Even after changing the file extension, the file is corrupted and can not be opened


My System SpecsSystem Spec
.
10 Feb 2015   #2
RolandJS

Windows 7 Professional 64-bit
 
 

Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.
My System SpecsSystem Spec
10 Feb 2015   #3
mdd1963

Windows 7 Home Premium 64 bit
 
 

Some ransomware will create new encrypted files, then delete your originals afterwards; you can try Recuva to see if recoverable originals might have original filenames' remnants still present, see if files can be recovered from restore point saves, etc...
My System SpecsSystem Spec
.

12 Feb 2015   #4
ebrahimn65

win 8
 
 

Thank you
I changed my windows but the problem is not resolved
My System SpecsSystem Spec
12 Feb 2015   #5
ShoTTaS

Windows 7 Pro 32bit
 
 

It is indeed a ransomware attack,
Your only hope for now is you should have a back-up of your files. If you hadn't done that, i guess you need to wait tell someone announced a solution for this.

PS: no one yet has recovered from this attack since last month.
Heres a post from the Security News Section: Ransomware authors streamline attacks, infections rise
My System SpecsSystem Spec
19 Feb 2015   #6
Midori

Primary OS: Archlinux with Kde-Plasma5 x86-64. Secondary OS: Windows 8.1 x64. UEFI Setup.
 
 

Seems you were hit by the ransomware CTB-locker:
CTB Locker and Critroni Ransomware Information Guide and FAQ

I once had a laptop from a customer with the same infection, all files were converted and encrypted and got added a random extension.
To get back your files is pretty hard - impossible without backups, some ransomware in older times were used to using low encrytion strenghts which can be bruteforced and have files recovered, but nowdays they all use AES strenght.

What is important is that you do not create any new file or input external drives on Windows cause ransomware can also go outside System partition.
Also if you were planning to, do not pay any cent to the guys who created that ransomware, most likely you will not get back your data and you will cause them to continue their acts cause they found investment.

Quote   Quote: Originally Posted by ebrahimn65 View Post
Thank you
I changed my windows but the problem is not resolved
Not sure what you meant but for removal i personally recommend a new install of Windows cause i do not know how deep the infection could be, but you can also grab a Rescue-DVD of Bitdefender:
How to create a Bitdefender Rescue CD
My System SpecsSystem Spec
19 Feb 2015   #7
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote   Quote: Originally Posted by RolandJS View Post
Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.
Restoring from a restore point will not restore files. But if there is a restore point from before the infection, the files can be recovered with Shadow Explorer.

ShadowExplorer - Recover Lost Files and Folders
My System SpecsSystem Spec
19 Feb 2015   #8
cottonball

Windows 7 Home Premium
 
 

ebrahimn65,

It looks as if it is too late and your files are already encrypted. However, you need to remove CTB Locker from your computer. Malwarebytes Anti-Malware detects this ransomware as Trojan.ZBAgent.NS and will eradicate it.

If you wish, please download Malwarebytes Anti-Malware
Download > https://www.malwarebytes.org/products/
Select the FREE version!
Save to the Desktop.

On the Desktop. double-click mbam-setup-2.X.X.XXXX.exe to install (X's = current version)
Allow the file to run.
Follow the setup wizard to Install.

Place a checkmark next to Launch Malwarebytes Anti-Malware, then click: Finish
However, please make sure to uncheck the PREMIUM version Trial checkmark, if it appears near the end of the installation.

Once MBAM opens, click the Settings tab at the top, and, in the left column, select Detections and Protections
If not already checked, select: Scan for rootkits
Click the Scan tab at the top of the program window, and select: Threat Scan

Next, click: Scan Now
If you receive a message that updates are available, click: Update Now
At this point, the update is downloaded, installed, and the scan starts.
The scan may take some time to finish, so please be patient.

If potential threats are detected, select Quarantine All as the Action for all the listed items.
Next, click: Apply Actions

While still on the Scan tab, click the link for View detailed log
In the window that opens, click the Export button, select Text file (*.txt), and save the log to the Desktop.


Please post the MBAM report in your reply.

Notes:
1. The log is automatically saved by MBAM and is also viewed by clicking:
History tab > Application Logs.
2, If MBAM encounters a file that is difficult to remove...
Click OK and allow MBAM to proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
My System SpecsSystem Spec
Reply

 The virus has changed the file extension




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
File Extension DMG
I have some .dmg file, this looks like some archive. What is the best software to open it? Easy to use?
Software
APK file extension
Hello I wanted to take a quick look at a APK file so I just right click on it and selected open with the wrong one. Now I cant get them back to the way they were so I can open them in APKtool. I found this on the net and before I try this can someone let me know its safe. ...
General Discussion
Display File Extension on Unknown File Types
Hello :o I dont know if Im on the right section to post this. I just want to ask to our fellow members and gurus here, I dont know what went wrong but suddenly the unknown file types in my Windows 7 PRO x64bit doesnt display its file extensions anymore.. How can i restore it to default? to...
General Discussion
Changed a file Association and it changed everything to a link file
LIke an idiot I changed a associate file and it has turned everything into a lnk so I cant open any programs or anything at all any solutions would be greatly appre:cry:ciated
General Discussion
No file extension
Hi, I burned a few movies (.avi) on a dvd from my friends hard drive and copied and pasted onto my PC. But in the movies library it shows file type as "File" without any extension. I even checked the file properties, which also shows no extension. I can play them on my PC using "open with...
Music, Pictures & Video
Which file extension are you?
Which file extension are you? BBspot - Which File Extension Are You? Me, according to the quiz. :p http://www.bbspot.com/Images/News_Features/2004/10/file_extensions/mp3.jpg
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:27.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App