Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File extension changed by virus?


  • Please log in to reply
3 replies to this topic

#1 sysdll

sysdll

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 March 2009 - 10:32 PM

I was asked to help a friend with an infected computer. It was slow, anti malware programs would not run even in safe mode, Google searches were re directed, regedit would not run, etc etc. The owner needed it up and running ASAP so I suggested a fresh install. I tried to save the personal files and found that all the .jpg, .doc, .pdf and .zip files had the extra extension .encrypt and would not open. Only files with .gif and .tif were not affected.

I did a fresh install of XP Home but could only save .gif and .tif files that were not changed.

I have been searching and posting all over the web to no avail to find out how to unencrypt files like this.

If it happened once chances are it will happen again and I would like to find out if this was caused by an infection and what to do about it.

Any help will be greatly appreciated.

Edited by sysdll, 29 March 2009 - 10:36 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:36 PM

Posted 30 March 2009 - 09:48 PM

Was the infection, by chance, Filefix.exe?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 sysdll

sysdll
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 31 March 2009 - 01:41 AM

It was not identified as such by any of the tools that did work. Also there were no popups saying go to a website and download a fix for a fee.

A member of another site found a script that used the .encrypt extension but this was easily defeated by changing the file name back to itís original form. This did not work on the ones I encountered.

Iíve been searching for more information on Filefix.exe and it seems there is a way to rid a computer of this virus but so far Iíve not found a way to recover the encrypted files.

Does anyone know if the Filefix.exe hacked files have the .encrypt extension?

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:36 PM

Posted 31 March 2009 - 03:40 PM

Have a look through this tutorial

http://www.bleepingcomputer.com/virus-remo...ix-professional
It has an application for retrieving the encrypted files
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users