Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Office docs corrupted after malwarebytes fix?


  • Please log in to reply
9 replies to this topic

#1 Dannykaye7

Dannykaye7

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 08 November 2013 - 11:32 AM

Hi all,

 

I've got a situation in which a computer that had a virus on it yesterday (which was removed using Malwarebytes) no longer opens office documents. (I'm honestly not certain that the 2 are linked because I had the same problem with a system that never had a virus on it.) Even taking the files and moving them to another computer doesn't open them. Oddly, even files that I try to open from a network drive won't open. I was able to restore back to a previous version on the network with minimal loss, but I don't set up using previous versions on PCs. (Probably will now, though...) Anyhoo...I need to be able to get to the files that are unable to be opened on the PC.

 

I get the following error: The file you are trying to open [filename] is in a different format than specified by the file extension. Verify that the file is not corrupted and is from a trusted source before opening the file. Do you want to open the file now?

 

When I hit "Yes" all I get is junk.

 

What's my first step to figuring this out?

 

Thanks.

 

-DK.



BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 7,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:11 AM

Posted 10 November 2013 - 06:58 PM

Which version of Ms Office are you using ?  And is the extension on the files you are trying to open the extension you would expect - for example .DOC and .XLS for 2003 and earlier, .DOCX and .XLSX for 2007 and later ?  If the extensions are not what you expect, you could try setting the correct extensions on one or two and then see if they will open - use Windows Explorer.

 

An alternative which might work is to install either Open or Libre Office - they are both free downloads - and see if they will open them. If they do, you can save them as Ms Office type files from within Open or Libre Office and then they should be readable in MS Office.

 

You also say that you are having a problem with files from elsewhere on the network. If the originators can read them on their systems without problem, the problem probably lies with your copy of MS Office. In which case, the simplest thing to do is to uninstall it and re-install.

 

Chris Cosgrove


I am going to be away until about the 22nd October. Time on-line will be reduced and my internet access may be limited. PMs may not be replied to as quickly as normal !


#3 Dannykaye7

Dannykaye7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 November 2013 - 06:27 AM

Hi Chris,

 

We're using Office 2010. Yes, the extensions are what they should be. I have uninstalled/reinstalled to no avail.

 

I'll try OpenOffice. I've tried opening them in GoogleDocs but it errors out there, as well so I doubt that will work. But to cover the bases, I'll give it a go.

 

It is a strange thing that a few of the computers here are having the same problem. On the network, it's no big deal, I can restore back to a point last week and they are fine. But once a system encounters this problem, whether opening a file on the network or locally, it can no longer open the files. And the files can't be open on anyone else's system either.

 

This one's stumped me pretty good.

 

I'll post back once I try OpenOffice.

 

Thanks

-Jeff



#4 Dannykaye7

Dannykaye7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 November 2013 - 07:00 AM

That didn't take long to download and install.

 

The files still don't open...even on my own computer where I downloaded OO4.01.

 

I did a little more digging and I'm very certain that all of the systems that show these symptoms are the ones that had viruses on them. (There were a slew of .zip files that ended up in users' Inboxes and some of them went and opened them and infected their systems. I've been able to clean the virus off of two of them. I had to restore another one to factory. And one of them I haven't even gotten to, yet.

 

But those are the ones that had the problem in the first place.

 

Any ideas on where to go from here?

 

Thanks

-Jeff



#5 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 7,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:11 AM

Posted 13 November 2013 - 07:37 PM

Going on what you are saying, it sounds rather like you still have the infection lurking somewhere on the network. I think your priority has to be be to try and get to the root of this problem and ensure that your network is clean.

 

Malwarebytes is a great tool - I use it myself - but it is not capable of removing everything all the time. If you cannot manage to sterilise your systems by yourself, I would suggest posting in the 'Am I infected ?' section on BC.

 

Chris Cosgrove


I am going to be away until about the 22nd October. Time on-line will be reduced and my internet access may be limited. PMs may not be replied to as quickly as normal !


#6 bcmct

bcmct

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 19 November 2013 - 04:34 PM

Sorry if this is too late or maybe you've already figured it out but it sounds to me like you've been infected with malware that has encrypted those particular files types, such as Cryptolocker. Hopefully that is not the case. I just finished dealing with this exact problem. All DOC and PDF files were encrypted with a 2048bit encryption and you must pay a ransom fee before the deadline or the files will remain encrypted permanently.



#7 Dannykaye7

Dannykaye7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 20 November 2013 - 06:58 AM

Well THAT's not good, bcmt.

 

You seriously have to pay someone to undo this? What criminal do you have to pay? and how long is the deadline?



#8 bcmct

bcmct

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 20 November 2013 - 09:14 AM

In my case the deadline was about 4 days. Luckily I was able to restore from a backup and only suffered minimal loss. I feel sorry for those that have been hit by this and without a backup.

 

You can read more about it here:http://en.wikipedia.org/wiki/CryptoLocker



#9 Dannykaye7

Dannykaye7
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 20 November 2013 - 09:21 AM

Yeah...It looks like I lost some files on local PCs. I was able to grab backups from the network.

 

The article you referenced says that malware sniffing software may not be able to detect the infection. Do you happen to have a sure-fire method?



#10 bcmct

bcmct

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 20 November 2013 - 09:32 AM

We are running AVG antivirus business edition on the network and it failed to pickup the threat. I removed it by first doing a system restore on the affected workstation, then ran a combination of Malwarebytes Anti-malware, Combofix, ADWcleaner, TDSSKiller, and rkill. Then ran a full virus scan using AVG. I wanted to be certain the system was clean before putting it back on the network.

 

Combofix detected rootkit's present on the system and Malwarebytes found some Trojan's present.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users