Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.block extension added to files


  • Please log in to reply
8 replies to this topic

#1 bryraasch

bryraasch

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 25 September 2012 - 12:22 PM

I have just removed an infection from a computer without much of an issue, but the infection has left behind a big problem. It has renamed almost all of the common file types such as .jpg, .doc, .xls, .js, .php, .docx, .ppt, etc. to [filename].jpg.block, [filename].doc.block, [filename].xls.block, etc. I have searched the computer and there are over 10,000 files that have been altered. I have downloaded a free program called Extension Renamer, which makes the process faster than renaming them one by one, but it still will take quite a while to go through all of the different file types. I am wondering if there is a script or program that would be useful to remove the ".block" from all of these files with a more automated or hand free approach?

Update:

The situation has gotten worse. I have started renaming the files to remove the ".block" and none of the files work with their original extensions.

Update:
The infection that caused this problem is referred to here: http://www.bleepingcomputer.com/forums/topic469321.html

Edited by bryraasch, 25 September 2012 - 01:13 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:31 AM

Posted 25 September 2012 - 02:09 PM

This looks like a new variant.I dont think its possible to decrypt the files

You can post your issue here

http://www.bleepingcomputer.com/forums/topic446111.html/

Edited by narenxp, 25 September 2012 - 04:17 PM.


#3 bryraasch

bryraasch
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 25 September 2012 - 03:16 PM

New variant...I was afraid that was going to be the case. Is there anyone I should send some of these encrypted files too? Kaspersky maybe? I realize getting these files decrypted in the short run is not going to happen, but I would like to help whoever might need some examples of the encrypted files to create a decryption tool. I have a feeling this is not the last we will see of this virus.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:31 AM

Posted 25 September 2012 - 03:35 PM

You can post your issue and ask for help in previous link i gave.

good luck

#5 bryraasch

bryraasch
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 25 September 2012 - 04:12 PM

The link you gave links to this thread.

Edited by bryraasch, 25 September 2012 - 04:14 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:31 AM

Posted 25 September 2012 - 04:17 PM

Sorry edited it :thumbup2:

#7 massivegood

massivegood

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 26 October 2012 - 06:36 AM

it has been a month - anybody have any new ideas on how to decrypt these malware encrypted .block files? .doc, .jpg, .pdf, .xls, etc etc ?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:31 AM

Posted 26 October 2012 - 07:48 AM

Go through this topic

http://www.bleepingcomputer.com/forums/topic469842.html

#9 mn21111

mn21111

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 18 December 2012 - 03:19 PM

bryraasch and massivegood, there is a possibility to recover .block files now thanks to the work of some good people. I was personally able to after thinking there was no chance and trying all sorts of other decryptors.

http://www.bleepingcomputer.com/forums/topic446111.html/page__st__165

Scroll about halfway down this page and see my post, as well as Fabian Wosar's, they have two different files you can use to try to decrypt your files. You will need to locate Initia1Log.txt.block and ok.txt.block on your pc, since they contain the encryption key/validator generated by the server when your files were encrypted. If you are still infected by the malware you should try to boot from another HD and access your files from another non-infected OS, since further damage to your files is possible and recovery may be difficult after that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users