Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


DOCX.echkmwl extension. Is this a virus?

  • This topic is locked This topic is locked
1 reply to this topic

#1 poiriermartin


  • Members
  • 1 posts
  • Gender:Male
  • Location:Riverview, NB, Canada
  • Local time:11:11 AM

Posted 14 April 2015 - 07:43 PM

Hey there,


My docx files on my jump drive have an (echkmwl) extension. It's gibberish code when I open my word docs in Word or Wordpad. Instead of a document that's supposed to be 7 pages, it's 365 pages. Google search returns zero. Is this a virus?


If anyone could help, It would be greatly appreciated.





Edited by hamluis, 15 April 2015 - 06:14 AM.
Closed, moved from Bus Apps to AII - Hamluis.

BC AdBot (Login to Remove)


#2 Sintharius


    Bleepin' Sniper

  • Members
  • 5,639 posts
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:11 PM

Posted 15 April 2015 - 03:48 AM

Hello there,

The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolderTorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.

A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

To avoid confusion, I have asked a Moderator to close this topic.

Edited by Alexstrasza, 15 April 2015 - 03:48 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users