Word and Excel Files changed to .exe

K

KenSmellsGood

New member
Local time
3:27 PM
Messages
4
Location
South Western Pennslyvania
Our sister company apparently contracted a worm that changed all of their .doc(x) and .xls(x) files to .exe files. Does anyone here have experience with this worm, and if so what was your solution?

If what I'm reading online is right, this worm is pretty old so I'm not sure how they would get it. I'm also not at that site so the only information I have is what my boss has told me.
 

My Computer My Computer

OS
Windows 7 64bit

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built using existing case
OS
Windows 7 Home Premium 64 bit sp1
CPU
Intel i5 3570 3.4Ghz Ivy Bridge SKT 1155 quad core
Motherboard
Gigabyte Z77-HD3 SKT 1155 2xSata 3, 4x USB 3.0
Memory
G-Skill Rip Jaws 16Gb (8x2) DDR3 -1600 PC3 12800 CL 10 red
Graphics Card(s)
Gigabyte NVIDIA GT610 1Gb DDR3 810/1200 PCI-E 2.0 Silent
Sound Card
NVIDIA High Definition & Realtech High Definition Audio
Monitor(s) Displays
2 x Philips 226V4L 16:9 aspect ratio
Screen Resolution
1920 x 1080 HD
Hard Drives
Samsung 840 Pro 256gb SSD, SATA 3.
Hitachi Touro Portable 1tb, USB 3.0 HDD used for image b/ups.
PSU
Corsair VS450
Case
Codeng
Cooling
PSU fan & CPU fan
Keyboard
Logitech
Mouse
Logitech Wireless trackball M570
Internet Speed
Wireless 3G. 3mg down & 550kb up.
Antivirus
Bitdefender Internet Security 2020
Browser
Opera (Current Version) & Firefox
Other Info
MS Office 2013 Pro. Davis weather station software. MGE Nova 600 avr UPS.
Thanks... I've been able to fix association issues before. In this case the actual extensions have been changed. We had a guy who told us it may be Cryptolocker. I've never had to deal with it so I wouldn't know.
 

My Computer My Computer

OS
Windows 7 64bit

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
home built
OS
Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
CPU
AMD Athlon II x4 620
Motherboard
Gigabyte GA-MA785G-UD3H
Memory
6GB GSkill DDR2 800
Graphics Card(s)
AMD 4670 GPU + AMD 4200 IGP
Sound Card
on board Realtek ALC889A
Monitor(s) Displays
RCA 40" LCD TV, Insignia 32" LCD TV, HP 15" LCD monitor
Screen Resolution
1680 x 1050
Hard Drives
OCZ Vertex 3 120GB,
Samsung F3 1TB (3),
Several others - WD, Seagate, Hitachi, ...
PSU
Corsair 500 W
Case
Rosewill mid tower
Cooling
CM 90mm rifle
Keyboard
Gyration wireless, Logitech wireless, Dell USB wired
Mouse
Gyration wireless, Logitech wireless, V7 USB wired
Internet Speed
Spectrum - 100Mbps D / 10Mbps U
Antivirus
Avast, MBAM3, EMET, WinPatrol
Browser
Pale Moon, Firefox, IE
Other Info
2 multi-boot PC's
Mainly HTPC/Office/Gen purpose (no gaming).
Trendnet USB KVM.
LG DVD burner/Blue Ray Player.
Tray system for removable SATA backup drives.

Not currently OCd, under-volted.
I use Hybrid sleep, rarely re-boot or shutdown.

Hauppauge HD-PVR, Avermedia PCIe TV Tuner, Hauppauge PCI TV Tuner.
Cryptolocker is a very serious infection.

Have a look at this Youtube video, which gives a method of removing it. As far as I know Cryptolocker will become very evident on your computer & let you know that it is there as they want a ransom to be paid to unlock it.

Let us know how you get on. What AV programs are you using?. You could do a full scan of your system to see if it picks up anything.
 

My Computer My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built using existing case
OS
Windows 7 Home Premium 64 bit sp1
CPU
Intel i5 3570 3.4Ghz Ivy Bridge SKT 1155 quad core
Motherboard
Gigabyte Z77-HD3 SKT 1155 2xSata 3, 4x USB 3.0
Memory
G-Skill Rip Jaws 16Gb (8x2) DDR3 -1600 PC3 12800 CL 10 red
Graphics Card(s)
Gigabyte NVIDIA GT610 1Gb DDR3 810/1200 PCI-E 2.0 Silent
Sound Card
NVIDIA High Definition & Realtech High Definition Audio
Monitor(s) Displays
2 x Philips 226V4L 16:9 aspect ratio
Screen Resolution
1920 x 1080 HD
Hard Drives
Samsung 840 Pro 256gb SSD, SATA 3.
Hitachi Touro Portable 1tb, USB 3.0 HDD used for image b/ups.
PSU
Corsair VS450
Case
Codeng
Cooling
PSU fan & CPU fan
Keyboard
Logitech
Mouse
Logitech Wireless trackball M570
Internet Speed
Wireless 3G. 3mg down & 550kb up.
Antivirus
Bitdefender Internet Security 2020
Browser
Opera (Current Version) & Firefox
Other Info
MS Office 2013 Pro. Davis weather station software. MGE Nova 600 avr UPS.
You must log in or register to reply here.

Similar threads

MS Word and Excel password protection
Replies
2
Views
2K
cpeterm
C
Solved Word and Excel Classes in Registry
Replies
2
Views
2K
jmltinc
J
Password Protect Openoffice Word and Excel Documents?
Replies
15
Views
9K
paulyjames
P
Solved Unable to open hyperlinks in Word and Excel
Replies
1
Views
22K
Ranger4
Ranger4
files changed to bitcrypt, money demanded, reinstall help needed'
Replies
2
Views
7K
bluemars1
B
Back
Top