Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FIle unreadable .. please help


  • Please log in to reply
23 replies to this topic

#1 armandillo7

armandillo7

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 03 January 2016 - 04:51 AM

 
Hi, I'm new to the forum , I have a serious problem .. This morning when I opened the computer , I found myself with the most files unreadable , so I formatted the PC thinking immediately to a virus , but I went over to the other partition formatting internal pc , finding all the corrupted files . ... I tried to recover photos and videos with the software but with negative results .. PixRecovery Photo Recovery Stellar Phoenix JPEG Repair file Repair I hope for your help .. Thank you..... Ps my Operating System Win 8.1 was then I came back to 7 home premium .. I apologize for my English but I'm using a translator ...


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 03 January 2016 - 08:54 AM


Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .encrypted, .crinf, .XRNT, .XTBL, .crypt, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .EnCiPhErEd, .0x0, .bleep, .1999, {CRYPTENDBLACKDC}, .vault, .HA3, .toxcrypt, .CTBL, .CTB2, or 6-7 length extension consisting of random characters?

Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file.

These are some examples:
HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt
HELP_RESTORE_FILES.txt, HELP_TO_SAVE_FILES.txt, RECOVERY_KEY.txt, DecryptAllFiles.txt
DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt
DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, 
About_Files.txt, FILESAREGONE.TXT, IHAVEYOURSECRET.KEY, HELLOTHERE.TXT, SECRETIDHERE.KEY, 
READTHISNOW!!!.TXT, SECRET.KEY, HELPDECYPRT_YOUR_FILES.HTML, Help_Decrypt.txt
YOUR_FILES.HTML, DecryptAllFiles_<user name>.txt, encryptor_raas_readme_liesmich.txt
DecryptAllFiles_.txt, RECOVERY_FILES.txt, help_decrypt_your_files.html, YOUR_FILES.url
Howto_RESTORE_FILES_.txt, RECOVERY_FILE.TXT, RECOVERY_FILE_.txt, restore_files_.txt
howto_recover_file_.txt, how_recover+****.txt, ,_how_recover_.txt, recover_file_*****.txt

Note: The (*) represents random characters which some ransom notes names may include.
Once you have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 03 January 2016 - 10:35 AM

Thank you for the answer, but luckily for me it is not the famous Cryptloker, I did not find any of the files mentioned below and have had no request to decrypt.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:13 AM

Posted 03 January 2016 - 10:57 AM

What type of files were infected?

How were they corrupted?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 03 January 2016 - 02:49 PM

Then, the files that have been damaged are (text, audio, video and photo) if I try to open .txt files leave many written with square and  question marks while the video and audio are unreadable photos


Edited by armandillo7, 03 January 2016 - 02:52 PM.


#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 03 January 2016 - 03:59 PM

Armandillo7,

I've sent you a PM, I'd like to take a look at the files. If you have and PNG or TXT files, they would be preferred for a bit of analysis. I'm interested in seeing if they are actually encrypted somehow, or if you have a hardware issue causing corruption.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 01:43 AM

 
Hi thank you for the help I sent an email with a png file .. .


#8 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 02:01 AM

I wanted to add even though I do not know if it could be useful that I'm experiencing slowdowns in PC even after formatting, which it never happened so I assume that the virus is left on the partition "Local Disk D" .. if I make a scan through a linux distribution, you could fix it? Thank you



#9 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 04 January 2016 - 10:07 AM

I've received the file, not figuring out too much of it. It definitely does not have a PNG header, so it is heavily corrupted. Any chance you have a TXT file to send?

 

If you are having issues after a reformat, I would suspect hardware problems. Even if the virus was still on the D drive (which is usually actually a recovery partition), it normally wouldn't be active unless you invoked it explicitly. Not to say it isn't possible (I've seen the recovery partition itself get infected and drop a payload into the Windows install).

 

I would definitely test your RAM and hard drive.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#10 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 11:21 AM

Hello I thank you again for the help they are giving me hope that we can resolve this, however, my PC has hidden recovery partition, the local disk d keep all personal files unusable.



#11 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 11:23 AM

I am doing scan disk d with a virus by the time he found 3 infected files, you think I can recover the files?



#12 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 04 January 2016 - 11:26 AM

I would highly suggest you have your hard drive tested, it could be corrupting files if it is failing. If you can give me the make/model of your system, I might be able to instruct you on starting a built-in manufacturer test.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#13 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 11:31 AM

I ran a test disc with a portable program, and I say good, however my pc is a ASUS x53sd



#14 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 04 January 2016 - 11:32 AM

What hard drive test did you run through it? Was it a quick or full scan? I recommend the test provided by the manufacturer of the hard drive if you can, otherwise you can use SeaTools by SeaGate, it can be used from a Hiren's bootable disc if you have one.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#15 armandillo7

armandillo7
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 04 January 2016 - 11:35 AM

ok .. thanks .. was fast so I think the test is not reliable ... use the software given by you and let you know ...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users