Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS-Word Documents Corrupted Post-Microsoft-Impersonation-Scam


  • Please log in to reply
3 replies to this topic

#1 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:07 PM

Posted 10 December 2014 - 01:09 PM

Hello All,

 

          I am helping a cousin who recently fell victim to the Microsoft Impersonation Scam.   I have managed to get the computer itself entirely back to the land of the living.  It is a Windows 7 Home Premium 64-bit and there are two separate users on the machine.

 

          For the user who was not the one logged in when the scam attack took place all documents seem to be fine.  This is not true, though, for the MS-Word documents under the user who was logged in, and it doesn't matter whether they're .docx, .doc, or .rtf except in one small detail.  If you attempt to open a .doc file or a .rtf you get the following dialog:

Encoding_Dialog.jpg

 

If you attempt to open a .docx you get a message that it cannot be opened because the file is corrupt.  After you click OK you get a follow up dialog that says there is readable content and you can try to recover it if you trust the file.   On the machine that was originally attacked I thought, "What the heck?," and tried to recover - it just comes right back to the "file is corrupt message."   I have no intention of trying this on my own laptop, though I have tried opening the files in MS-Word 2010 (which is what the .docx files on the other machine were created with) and the results are exactly the same.

 

Does anyone know how these vermin corrupt MS-Word document files and whether there is something out there that would allow me to "disinfect" them so they'll be functional again?

 

Thank you in advance for any assistance you can offer.

 


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


BC AdBot (Login to Remove)

 


#2 splico

splico

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Croatia
  • Local time:10:07 PM

Posted 10 December 2014 - 02:05 PM

Don't wanna claim that this is the case but that problems seems identical in case with malware that encrypts all files on PC and locks them for good. If you have backup it is possible to get files back. In other cases if nothing is changed no one can help you anymore. Would be best to check PC by someone from forum who cleans malware but he/she can't get you files back if I am correct about this.


 "Helpdesk: There is an icon on your computer labeled "My Computer". Double click on it.
User: What's your computer doing on mine?"


#3 britechguy

britechguy

    Been there, done that, got the T-shirt

  • Topic Starter

  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:07 PM

Posted 10 December 2014 - 04:48 PM

I agree that this could be the case.  What's interesting is that it didn't get all files on the computer, but appears to have gotten every MS-Office-program-generated file type under the folder hierarchy of the user that was logged in when the scammers took control of the computer.

 

I am hoping that my cousin was doing backups but my suspicion is that she was not.  If these files are unrecoverable the lesson that she's going to be learning is going to be a far harsher one than even I had imagined.

 


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 


#4 britechguy

britechguy

    Been there, done that, got the T-shirt

  • Topic Starter

  • Moderator
  • 7,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:07 PM

Posted 10 December 2014 - 06:11 PM

Well, it's become abundantly clear that all files under the userid that was logged on when the scam attack took place are encrypted, regardless of file type.

 

I've also learned that no backups exist.   I'm hoping there may be a way to decrypt the files, but know that this is unlikely.


Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

 

     In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.

         ~ Commenter TheCruyffGurn on the The Guardian website, 8/13/2014

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users