Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


virus changed file extension and the files shows corrupted while opening

  • This topic is locked This topic is locked
2 replies to this topic

#1 rajeshshinde1795


  • Members
  • 2 posts
  • Local time:06:36 AM

Posted 24 April 2015 - 09:46 AM

Hi, I'm rajesh. and new in this forum, recently some virus infected my windows 7 and windows server data, the virus changed extension to tvnjkam. All my docx, xlxs,jpg,pdf files have extension like "file name.docx.tvnjklm" I have renamed the file by removing added extension but when tried to open the file it says corrupted.after going through some forums it understood it might be infected with ransom ware, so I tried many Antivirus rescue disk but there is positive results so far. Is there any way to restore corrupted files to original state. Thanks Rajesh

Edited by hamluis, 24 April 2015 - 12:37 PM.
Moved from Win 7 to Am I Infected to Gen Security- Hamluis.

BC AdBot (Login to Remove)


#2 Aura


    Bleepin' Special Ops

  • Malware Response Team
  • 19,697 posts
  • Gender:Male
  • Local time:08:06 PM

Posted 24 April 2015 - 09:55 AM

Hi rajeshshinde1795 :)

It seems that you have been infected with a variant of the CTB-Locker/Ctritroni Cryptoware. When it's done encrypting files, it appends an extension to them composed of random generated characters. If you want to read more about CTB-Locker and Critrino, you can visit the FAQ hosted on BleepingComputer at the link below.

CTB Locker and Critroni Ransomware Information Guide and FAQ

There's also a Support thread currently open and on-going for this infection. In order to keep all the information centralized and avoid having hundreds of threads created for the same issue, you should post in this thread if you need assistance. You can also ask your questions there.

CTB Locker or DecryptAllFiles.txt Encrypting Ransomware sets extension to .CTBL

Good luck.

Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#3 Animal


    Bleepin' Animinion

  • Members
  • 35,905 posts
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:06 PM

Posted 24 April 2015 - 12:38 PM

Topic closed and suggested that you follow the links already provided.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)

A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)

"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)

Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users