Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All my files are corupted *.jpg.pfkdcbn


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rock1991

Rock1991

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 19 December 2014 - 09:48 AM

Hi i have a problem. All my files (.jpg, .pdf, .doc, .doc) are corrupted and have a extensios (*.jpg.pfkdcbn, .pdf.pfkdcbn) a try to restore but not work, i scan a laptop with all antivirus and all antispware programs but nothing to work, i try to decrypt a files with all posible decrypter but nothing to work.

 

sorry for my bad english

 

 

Please help!!



BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2014 - 10:06 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Non-malware removal steps
 
Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 19 December 2014 - 12:02 PM


The newest variant of CTB Locker (Critroni, Onion) will encrypt all data files and rename them as a file with a 6-7 length extension with random characters.

A repository of all current knowledge regarding CTB Locker and Critroni Ransomware is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CTB Locker (Critroni) does and provide information for how to deal with it. At this time there is no fix tool and no way to retrieve the private key that can be used to decrypt your files without paying the ransom.

More information in this article: New Critroni variant offers free test decryption and now uses CTB2 extension. Unfortunately, there is still no known method of decrypting your files without paying the ransom.

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Do not post any of the logs created by the tools LighthouseParty asked you to run in the above discussion topic.

 

To avoid confusion...this topic is closed.

Thanks
The BC Staff


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users