The virus has changed the file extension

[ebrahimn65]

Hello Friends
My computer recently got a strange virus
Change the extension of all files (Word, Excel, Photoshop, etc.)

File extensions such as:
10.93.DOCX.kbuibxd
amar.XLSX.kbuibxd
khorasan.XLSM.kbuibxd

Note: Only files with uppercase extensions

Please help me because I have lost important files

Even after changing the file extension, the file is corrupted and can not be opened

 

[RolandJS]

Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.

 

[mdd1963]

Some ransomware will create new encrypted files, then delete your originals afterwards; you can try Recuva to see if recoverable originals might have original filenames' remnants still present, see if files can be recovered from restore point saves, etc...

 

[ebrahimn65]

Thank you
I changed my windows but the problem is not resolved

 

[ShoTTaS]

It is indeed a ransomware attack,
Your only hope for now is you should have a back-up of your files. If you hadn't done that, i guess you need to wait tell someone announced a solution for this.

PS: no one yet has recovered from this attack since last month.
Heres a post from the Security News Section: http://www.sevenforums.com/security...thors-streamline-attacks-infections-rise.html

 

[Midori]

Seems you were hit by the ransomware CTB-locker:
CTB Locker and Critroni Ransomware Information Guide and FAQ

I once had a laptop from a customer with the same infection, all files were converted and encrypted and got added a random extension.
To get back your files is pretty hard - impossible without backups, some ransomware in older times were used to using low encrytion strenghts which can be bruteforced and have files recovered, but nowdays they all use AES strenght.

What is important is that you do not create any new file or input external drives on Windows cause ransomware can also go outside System partition.
Also if you were planning to, do not pay any cent to the guys who created that ransomware, most likely you will not get back your data and you will cause them to continue their acts cause they found investment.

Thank you
I changed my windows but the problem is not resolved

Not sure what you meant but for removal i personally recommend a new install of Windows cause i do not know how deep the infection could be, but you can also grab a Rescue-DVD of Bitdefender:
How to create a Bitdefender Rescue CD

 

[whs]

Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.

Restoring from a restore point will not restore files. But if there is a restore point from before the infection, the files can be recovered with Shadow Explorer.

http://www.sevenforums.com/tutorial...r-recover-lost-files-folders.html#post1137368

 

[cottonball]

ebrahimn65,

It looks as if it is too late and your files are already encrypted. However, you need to remove CTB Locker from your computer. Malwarebytes Anti-Malware detects this ransomware as Trojan.ZBAgent.NS and will eradicate it.

If you wish, please download Malwarebytes Anti-Malware
Download > https://www.malwarebytes.org/products/
Select the FREE version!
Save to the Desktop.

On the Desktop. double-click mbam-setup-2.X.X.XXXX.exe to install (X's = current version)
Allow the file to run.
Follow the setup wizard to Install.

Place a checkmark next to Launch Malwarebytes Anti-Malware, then click: Finish
However, please make sure to uncheck the PREMIUM version Trial checkmark, if it appears near the end of the installation.

Once MBAM opens, click the Settings tab at the top, and, in the left column, select Detections and Protections
If not already checked, select: Scan for rootkits
Click the Scan tab at the top of the program window, and select: Threat Scan

Next, click: Scan Now
If you receive a message that updates are available, click: Update Now
At this point, the update is downloaded, installed, and the scan starts.
The scan may take some time to finish, so please be patient.

If potential threats are detected, select Quarantine All as the Action for all the listed items.
Next, click: Apply Actions

While still on the Scan tab, click the link for View detailed log
In the window that opens, click the Export button, select Text file (*.txt), and save the log to the Desktop.


:ar: Please post the MBAM report in your reply.

Notes:
1. The log is automatically saved by MBAM and is also viewed by clicking:
History tab > Application Logs.
2, If MBAM encounters a file that is difficult to remove...
Click OK and allow MBAM to proceed with the disinfection process.
If asked to restart the computer, please do so immediately.