Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus / Malware


  • Please log in to reply
19 replies to this topic

#1 cmed76

cmed76

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 January 2015 - 07:12 AM

I have been attempting to access an old usb hard drive today. But have discovered that half the files have had their file ending changed to .doc.longjhh for example. I take out the .longjhh part of the ending but am still unable to open the files. Word for example says the file is corrupt. Just tried to google search this file ending but found nothing. Any ideas on a good tool that could fix this? These files are pretty important. Any ideas would be greatly received

Thanks

Chris

Edit: Topic moved from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


m

#2 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 January 2015 - 09:29 AM

Bump

#3 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:46 PM

Posted 27 January 2015 - 02:30 PM

Please tell us you have adequate security on your primary harddrive[s]. You do not want to introduce what might be on that old usb harddrive onto your aforementioned built-in harddrives.  And, soon, techs will appear to help you, follow their instructions to the letter.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#4 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 January 2015 - 03:24 PM

Thanks for the response Ronald. Yes the machine is running macaffee av and anti spyware. All up to date and running correctly. Look forward to hearing from you.

Chris

#5 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 January 2015 - 12:39 PM

Thanks for the response Ronald. Yes the machine is running macaffee av and anti spyware. All up to date and running correctly. Look forward to hearing from you.

Chris

#6 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:46 PM

Posted 29 January 2015 - 03:34 PM

BC techs should be appearing in here shortly.  I'm not one of them, so I will defer to them, and learn along with you what they teach.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 29 January 2015 - 07:16 PM

So, perhaps the drive is infected.

Coneect it and Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 January 2015 - 03:04 AM

Hi boopme

 

I'm sorry but Malwarebytes gave me nothing back (see below)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/01/2015
Scan Time: 08:12:27
Logfile: Malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.30.01
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: CMedcalf

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 351972
Time Elapsed: 10 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Any other ideas? If i remember correctly the machine that had the malware was wiped and re-imaged, so no chance of buying my way out of this.

 

Thanks for the support

 

Chris



#9 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 January 2015 - 03:05 AM

I just can't understand why I dont see anywhere on the web about anyone else that had this issue with files being renamed to .longjhh

 

Am I unique? :)

 

Thanks again



#10 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:46 PM

Posted 30 January 2015 - 07:24 AM

A quick Google for "longjhh" gave me a Safe Mode translated page of a "longjhh" on a dating site.  Possibly, maybe, somebody played a joke on you on your computer?  If so, you just might have to replace each and every longjhh-affected file from your backup[s].  If you have no backup[s], then you will have to reconstruct your files one by one.

I'm not listing the site here for security reasons.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#11 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 January 2015 - 08:20 AM

Thanks agai. For the response. I'm afraid I have no backups :(

Whe you say reconstruct - do you mean literally just change the file ending back to the previous one ? I tried this on one file - but when trying to reopen I got an error message from word (they old file used to be a .doc file) saying the file was corrupt.

I'll do a google search again on the rogue file ending - however I am convinced the corruption has come from a peice of spyware.

Any other ideas? Pauls appreciate your input on "reconstruction"

Thanks

Chris

#12 cmed76

cmed76
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 30 January 2015 - 08:35 AM

Sorry for the spelling - writing the response on my iPhone with cold hands!

#13 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:46 PM

Posted 30 January 2015 - 12:19 PM

Ooops, should have explained reconstruction of files.  I mean you will have reDownload any file you downloaded before.

Any text file, any document file, you created back then -- you have to remake those files, using the same software used originally.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:46 PM

Posted 30 January 2015 - 01:21 PM

Possbilty these files wre given protection ,so they could not be moved, overwritten or deleted.. Maybe that they were also originally in NTFS.

You may want to ask again in the Windows section and mention We feel it is clean here in AII forum, so it won't get sent back.

Edited by boopme, 30 January 2015 - 01:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:46 PM

Posted 02 February 2015 - 03:00 PM

Hi Chris,

 

Based on your description it seems the files got encrypted by one of those file-encrypting ransomware infections that append a file extensions with random characters!

 

It's possible that your computer isn't infected, it could be another one where you connected the external drive because this kind of virus when active will infect all accessible drives.

 

- Do you see any other strange files on the same folder you have .doc.longjhh?

- Did you connect the HDD recently to a different machine? check the date of the .doc.longjhh files maybe the date and time can give you some hint about when that happened.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users