Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus has renamed my files, altering their extensions. Please help


  • This topic is locked This topic is locked
3 replies to this topic

#1 buttons15

buttons15

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 27 December 2014 - 12:23 PM

hi, i am in a bit of a tizz (panic-striken actually!) my PC having been infected by some kind of virus. The majority of certain file types have had their extensions altered. I have noticed this on many of my .jpeg files, but on others too (.doc, .pdf etc.)
 
If i right-click on one of the files to obtain its properties, windows installer opens up telling me it wants to configure a program, Nero, if i cancel this action i can then access property information on that file. All those affected seem to have as their file type: RYHQNQC File.
 
If I look at these files within their folder quite often the affected files will have .JPG displaying after their name. For example a .jpeg file prior to infection may have been called "image1" and it would only be seen in its folder as its name i.e. "image1" after infection it would appear in its folder as "image1.JPG". and on right-clicking and reaching the properties as stated it is of file type "RYHQNQC File"  and as such has become "image1.JPG.RYHQNQC"
 
Moreover the infection has affected all my drives, with thousands of files having been given the RYHQNQC File extension.
 
Having looked around the web trying to establish what sort of virus has caused this, it looks similar to the ransom crypt type viruses, but I cannot be sure, since I am not being asked for payments to decrypt etc. 
 
I really would appreciate any help or pointers in the hope that I may be able to restore my infected files.I am not too techy, so please if you can offer any help in simplistic terms, then wonderful. I'd be heart-broken should I not be able to recover them. My many thanks in advance, Nicola


BC AdBot (Login to Remove)

 


#2 buttons15

buttons15
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 December 2014 - 09:00 AM

Alas its the CTB-locker!!! So there is nothing that can be done. Everything's lost



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 01 January 2015 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Yes it's a bad infection.

Read these instructions.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information

If you want me to check and remove any remnant items from your computer please proceed.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 06 January 2015 - 10:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users