Been attacked by a virus [Closed]

Report
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
-
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
-
Hi team

am having a big issue opening my files on my computer , I have tried all the possible way invain , cleaned my computer with virus , but now all my files are corrupted and have funny extensions for instance : all my documents like Microsoft , Word , Excell , and PDF are having funny extensions like this "xlx.igupfnj; doc.igupfnj; pdf.igupfnj" can anybody assist me to open back my files normal as per their default programmes ?


thanks in advance for your assistance.
Related:

12 replies

Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on Full.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

Hi


thanks very much for your quick reply , I have attached the text file below on this link.

http://speedy.sh/mRWgn/ZHPDiag.txt
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Hello

All the pleasure is mine.

The log is presently being analyzed by a colleague, I shall get back to you as soon as possible.

Hang in there!

Best regards
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Could you explain

1. what are these software

-registry-repair-5-0-1-26

-Remo Repair Word

-iSkysoft PDF Editor

2. Where did you get them from and if you purchased them

Go to this site:

https://www.virustotal.com/gui/

For all of the above software, upload the .exe file and request a scan and give me the complete results

Good luck
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

These software were installed by me , I download them on the internet by google search. I did not purchase them. iwanted just to repair the files using these mentioned softwares but invain.


these are the link :

RegistryCleaner.exe

https://www.virustotal.com/gui/file/45db1858564fce455bcba6ac7fe9b1af3fccf560bd0963a9298a45f22c883ac0




iSkysoft PDFEditor.exe

https://www.virustotal.com/gui/file/da9dfe64d48a6197d55a040288b10add639f8a2238371c0bbdf4fb5ea9207910


this is the last one

Remo Repair rs-repairdoc.exe

https://www.virustotal.com/gui/file/1c169f9c7be74d41b5e0e42dca1ee9b215caafe20bddf229fe76236540e5cdbc
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Okay,

The zhp log and Virus Total shows the software is clean.

Lets see if it's just the file extensions which were changed.

# Download USB Fix on your computer, and launch it.
# It will start automatically, and a shortcut will be created on your desktop.
# Connect all your external data sources to your PC (Usb keys, external drives, etc...) Do not open them.
# Choose " Deletion " option.

#The computer will re-start, and it may be longer than usually.

# UsbFix will display a message at re-start.

# Click "OK" to start cleaning.
# Copy/paste the report here.

Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/

Catch you later

Ambucias
Moderator and Virus/Security Contributor
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.


so what I did was to clean and below are my result.

---------------------------------------------------------------


[b]############################## | UsbFix V 7.811 | [Clean][/b]

User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0

[b]################## | Security Information |[/b]

AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS

[b]################## | Generic Research |[/b]


(!) Temporary files deleted. (44.2610645294189 MB)

[b]################## | Registry |[/b]


[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]

[b]################## | Hijack |[/b]


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal[/url] - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD

[b]################## | G:\ - Fixed drive (NTFS) |[/b]

[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.


so what I did was to clean and below are my result.

---------------------------------------------------------------


[b]############################## | UsbFix V 7.811 | [Clean]/b

User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog//url
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net//url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact//url

[b]################## | System information |/b

MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0

[b]################## | Security Information |/b

AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |/b

C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS

[b]################## | Generic Research |/b


(!) Temporary files deleted. (44.2610645294189 MB)

[b]################## | Registry |/b


[b]################## | Regedit Run |/b

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

[b]################## | UsbFix - Information |/b

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)/url
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?/url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url

[b]################## | Hijack |/b


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |/b

[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |/b

[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal/url - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD

[b]################## | G:\ - Fixed drive (NTFS) |/b

[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD

[b]################## | Vaccin |/b

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net//url | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url |/b
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Hello

No infection so no delete button.

When you click right on the file and go to properties does it indicate a previous version?

Can you try to change the file extension of any one file?

Or upload any non important file (word) on speedyshare so that I will examine it.

Combofix is a very last resort for disinfection, it may have created collateral damage.
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

hi

again I would like to thank you a million for your help , thought I still havent found the solution I believe with time thinks will come easily.


below is the link for speedy share

http://speedy.sh/2nZKC/3-05-Annexe-Exemple-Plan-Affaires-Quebec.PDF.lgupfnj


do u suggest that I use combofix ,is the free trial can do the job ? please let me know .
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
No, do not run combofix, I thought that you had used it already.

This is a very strange phenomenon.

I am sending the file to a colleague for an opinion. I will get back to you.

P.S. I'm impressed, a French pdf!
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554 >
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020

P.S. Can you read and write French?
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020
>
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020

yes I do read french 5/5 and I understand french 5/5 but my problem is writting am from the french speaking country but am experienced in english , did my studies in english and all the IT technical terms most of them are in know them in english. but if u wanna communicate in french its fine with me . but my spelling and writting are not that perfect .
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Bonjour,

A French speaking country, probably born from the French imperialist era.

The virus encrypted your files.

You must now decrypt them.

Download this decrypt tool:

https://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once the file has been downloaded, extract the zip file, and run the Anti-CryptorBit.exe program. This will open the main dashboard for Anti-CryptorBit as shown below



Simply click on the recovery method that you wish to run and follow the instructions.

Bonne chance et donnez-m'en des nouvelles.
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

bonjour ,

merci pour votre aide encore une , but still the files can't open they seem to be really corrupt . I have followed the method you show me on the last post invain. if there is still something I can do please let me know .

merci encore une fois.
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
Bonjour,

I have tried to change the file extension without success. I sent the file to an expert colleague for analysis and there is no doubt in his mind that the file was encrypted. This usually happens when your machine is hacked and the hackers ask for a ransom to return your files to normal. Unfortunately your system security software

1. Trend Micro OfficeScan Anti-spyware
2. Windows Defender
3. Windows Firewall

were not able to protect you from intrusion.

Having said that, to avoid conflcts between antivirus's you should have only one, otherwise they get confused and protection is not as good. You may also get false positive reports.

I suggest that you use an antivirus software with it's own firewall, not Windows's.

Last but not least, I regret to inform you that the files cannot be recovered. In the future, should you come across a threat, I suggest that before attempting disinfection that you come to Kioskea first.

Je suis désolé.

Cordialement
Ambucias
Moderator
Posts
29
Registration date
Thursday January 22, 2015
Status
Member
Last seen
February 25, 2020

Big thanks to your sir , I understand that its not your fault but ours. We should have known this before. But its too late la prochaine fois I will be very watchfull. Quel est le meilleur antivirus reseau que tu p me proposer pour mon entreprise de 50 a 100 pc?
Posts
48680
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
October 13, 2020
14,554
I suggest Kapersky