The virus has changed the file extension


  1. Posts : 2
    win 8
       #1

    The virus has changed the file extension


    Hello Friends
    My computer recently got a strange virus
    Change the extension of all files (Word, Excel, Photoshop, etc.)

    File extensions such as:
    10.93.DOCX.kbuibxd
    amar.XLSX.kbuibxd
    khorasan.XLSM.kbuibxd

    Note: Only files with uppercase extensions

    Please help me because I have lost important files

    Even after changing the file extension, the file is corrupted and can not be opened
    Last edited by Brink; 19 Feb 2015 at 20:26. Reason: removed email address
      My Computer


  2. Posts : 2,774
    Windows 7 Professional 64-bit
       #2

    Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.
      My Computer


  3. Posts : 143
    Windows 7 Home Premium 64 bit
       #3

    Some ransomware will create new encrypted files, then delete your originals afterwards; you can try Recuva to see if recoverable originals might have original filenames' remnants still present, see if files can be recovered from restore point saves, etc...
      My Computer


  4. Posts : 2
    win 8
    Thread Starter
       #4

    Thank you
    I changed my windows but the problem is not resolved
      My Computer


  5. Posts : 369
    Windows 7 Pro 32bit
       #5

    It is indeed a ransomware attack,
    Your only hope for now is you should have a back-up of your files. If you hadn't done that, i guess you need to wait tell someone announced a solution for this.

    PS: no one yet has recovered from this attack since last month.
    Heres a post from the Security News Section: https://www.sevenforums.com/security-...ions-rise.html
    Last edited by ShoTTaS; 12 Feb 2015 at 03:51. Reason: forgot security on the section.
      My Computer


  6. Posts : 57
    Primary OS: Archlinux with Kde-Plasma5 x86-64. Secondary OS: Windows 8.1 x64. UEFI Setup.
       #6

    Seems you were hit by the ransomware CTB-locker:
    CTB Locker and Critroni Ransomware Information Guide and FAQ

    I once had a laptop from a customer with the same infection, all files were converted and encrypted and got added a random extension.
    To get back your files is pretty hard - impossible without backups, some ransomware in older times were used to using low encrytion strenghts which can be bruteforced and have files recovered, but nowdays they all use AES strenght.

    What is important is that you do not create any new file or input external drives on Windows cause ransomware can also go outside System partition.
    Also if you were planning to, do not pay any cent to the guys who created that ransomware, most likely you will not get back your data and you will cause them to continue their acts cause they found investment.

    ebrahimn65 said:
    Thank you
    I changed my windows but the problem is not resolved
    Not sure what you meant but for removal i personally recommend a new install of Windows cause i do not know how deep the infection could be, but you can also grab a Rescue-DVD of Bitdefender:
    How to create a Bitdefender Rescue CD
    Last edited by Midori; 19 Feb 2015 at 20:45.
      My Computer


  7. whs
    Posts : 26,210
    Vista, Windows7, Mint Mate, Zorin, Windows 8
       #7

    RolandJS said:
    Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.
    Restoring from a restore point will not restore files. But if there is a restore point from before the infection, the files can be recovered with Shadow Explorer.

    ShadowExplorer - Recover Lost Files and Folders
      My Computer


  8. Posts : 2,470
    Windows 7 Home Premium
       #8

    ebrahimn65,

    It looks as if it is too late and your files are already encrypted. However, you need to remove CTB Locker from your computer. Malwarebytes Anti-Malware detects this ransomware as Trojan.ZBAgent.NS and will eradicate it.

    If you wish, please download Malwarebytes Anti-Malware
    Download > https://www.malwarebytes.org/products/
    Select the FREE version!
    Save to the Desktop.

    On the Desktop. double-click mbam-setup-2.X.X.XXXX.exe to install (X's = current version)
    Allow the file to run.
    Follow the setup wizard to Install.

    Place a checkmark next to Launch Malwarebytes Anti-Malware, then click: Finish
    However, please make sure to uncheck the PREMIUM version Trial checkmark, if it appears near the end of the installation.

    Once MBAM opens, click the Settings tab at the top, and, in the left column, select Detections and Protections
    If not already checked, select: Scan for rootkits
    Click the Scan tab at the top of the program window, and select: Threat Scan

    Next, click: Scan Now
    If you receive a message that updates are available, click: Update Now
    At this point, the update is downloaded, installed, and the scan starts.
    The scan may take some time to finish, so please be patient.

    If potential threats are detected, select Quarantine All as the Action for all the listed items.
    Next, click: Apply Actions

    While still on the Scan tab, click the link for View detailed log
    In the window that opens, click the Export button, select Text file (*.txt), and save the log to the Desktop.


    Please post the MBAM report in your reply.

    Notes:
    1. The log is automatically saved by MBAM and is also viewed by clicking:
    History tab > Application Logs.
    2, If MBAM encounters a file that is difficult to remove...
    Click OK and allow MBAM to proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:58.
Find Us