Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zip._sa is this a virus?


  • Please log in to reply
10 replies to this topic

#1 ADI B

ADI B

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 06 January 2015 - 05:55 PM

I have been searching the web and have failed to find any reference to a problem I have with my computer.  It appears that my files are being zipped by a program working the background.  The zip files have the name of the file and an extension ._sa.  for example cv.docx  has been zipped into cv.docx_sa.  When I attempt to open the file I a password dialogue appears. I have tried a number of password without sucess.   Any ideas??



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 06 January 2015 - 06:17 PM

:welcome: to Bleeping Computer.

The BC staff has advised Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Please submit a sample of a Zip._sa file here: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit any of the malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ADI B

ADI B
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 06 January 2015 - 06:27 PM

On further examination i have noticed the encrypted files have a zip extension.  i.e. cv.docx_sa.zip  . If this helps.



#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:33 PM

Posted 06 January 2015 - 06:47 PM

Any ransom notes?

#5 ADI B

ADI B
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 06 January 2015 - 07:04 PM

No not yet.



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:33 PM

Posted 06 January 2015 - 07:09 PM

No strange files in the folders with encrypted files?

#7 ADI B

ADI B
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 06 January 2015 - 07:22 PM

No I cannot see any strange files in the encrypted folders.  Each folder has a single office document. 



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:33 PM

Posted 07 January 2015 - 03:30 PM

When you say each folder has a single office document, is that normal? Or is it an unknown document? Is it zipped?

#9 ADI B

ADI B
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 07 January 2015 - 04:31 PM

Hi thank you for your help, I have been working through all avenues/programs I could think of and have found out what has created this problem.  I use Allway sync to synchronize my laptop with a network hard drive.   It appears that somehow I accidentally activated an encryption/compression feature which caused files on the network hard drive to be synchronized to the laptop as zipped items needing a password to open.  By disabling this feature and re copying the files to the laptop I have resolved the issue.

 

Again thank you for your help.

 

Adi B



#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,568 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:33 PM

Posted 07 January 2015 - 04:37 PM

Ahh..glad you could figure it out and that it wasn't a ransomware!

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 07 January 2015 - 04:39 PM

I haven't used Allway sync in years.

Glad to hear you resolved the issue. Sometimes persistence pays off.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users