Been attacked by a virus

Closed
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020 - Jan 22, 2015 at 05:04 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 25, 2015 at 06:31 AM
Hi team

am having a big issue opening my files on my computer , I have tried all the possible way invain , cleaned my computer with virus , but now all my files are corrupted and have funny extensions for instance : all my documents like Microsoft , Word , Excell , and PDF are having funny extensions like this "xlx.igupfnj; doc.igupfnj; pdf.igupfnj" can anybody assist me to open back my files normal as per their default programmes ?


thanks in advance for your assistance.

12 responses

Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 22, 2015 at 05:06 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on Full.

Wait for the tool to finished (maybe a long time)

7. Close ZHPDiag.

8. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 22, 2015 at 06:05 AM
Hi


thanks very much for your quick reply , I have attached the text file below on this link.

http://speedy.sh/mRWgn/ZHPDiag.txt
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 22, 2015 at 06:30 AM
Hello

All the pleasure is mine.

The log is presently being analyzed by a colleague, I shall get back to you as soon as possible.

Hang in there!

Best regards
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 22, 2015 at 06:52 AM
Could you explain

1. what are these software

-registry-repair-5-0-1-26

-Remo Repair Word

-iSkysoft PDF Editor

2. Where did you get them from and if you purchased them

Go to this site:

https://www.virustotal.com/gui/

For all of the above software, upload the .exe file and request a scan and give me the complete results

Good luck
0

Didn't find the answer you are looking for?

Ask a question
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 22, 2015 at 09:13 AM
These software were installed by me , I download them on the internet by google search. I did not purchase them. iwanted just to repair the files using these mentioned softwares but invain.


these are the link :

RegistryCleaner.exe

https://www.virustotal.com/gui/file/45db1858564fce455bcba6ac7fe9b1af3fccf560bd0963a9298a45f22c883ac0




iSkysoft PDFEditor.exe

https://www.virustotal.com/gui/file/da9dfe64d48a6197d55a040288b10add639f8a2238371c0bbdf4fb5ea9207910


this is the last one

Remo Repair rs-repairdoc.exe

https://www.virustotal.com/gui/file/1c169f9c7be74d41b5e0e42dca1ee9b215caafe20bddf229fe76236540e5cdbc
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 22, 2015 at 05:30 PM
Okay,

The zhp log and Virus Total shows the software is clean.

Lets see if it's just the file extensions which were changed.

# Download USB Fix on your computer, and launch it.
# It will start automatically, and a shortcut will be created on your desktop.
# Connect all your external data sources to your PC (Usb keys, external drives, etc...) Do not open them.
# Choose " Deletion " option.

#The computer will re-start, and it may be longer than usually.

# UsbFix will display a message at re-start.

# Click "OK" to start cleaning.
# Copy/paste the report here.

Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/

Catch you later

Ambucias
Moderator and Virus/Security Contributor
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 23, 2015 at 02:33 AM
Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.


so what I did was to clean and below are my result.

---------------------------------------------------------------


[b]############################## | UsbFix V 7.811 | [Clean][/b]

User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0

[b]################## | Security Information |[/b]

AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS

[b]################## | Generic Research |[/b]


(!) Temporary files deleted. (44.2610645294189 MB)

[b]################## | Registry |[/b]


[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

[b]################## | UsbFix - Information |[/b]

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us/[/url]

[b]################## | Hijack |[/b]


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |[/b]

[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal[/url] - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD

[b]################## | G:\ - Fixed drive (NTFS) |[/b]

[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 23, 2015 at 04:04 AM
Hi
in this software I didnt see the delete option maybe this one I download is the latest version can you check and assist please.


so what I did was to clean and below are my result.

---------------------------------------------------------------


[b]############################## | UsbFix V 7.811 | [Clean]/b

User: USER(Administrator) # LAP_USER
Updated 20/01/2015 by El Desaparecido - SosVirus
Started at 23:25:41 | 22/01/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog//url
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net//url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact//url

[b]################## | System information |/b

MB: Hewlett-Packard (3612)
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
GC: Mobile Intel(R) 45 Express Chipset Family (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 3003 Mo | Free : 1682 Mo]
Bios: Hewlett-Packard
Boot: Normal boot

OS: Microsoft(TM) Windows 7 Professional (6.1.7600 32-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 39.0.2171.99
WB: Mozilla Firefox : 20.0

[b]################## | Security Information |/b

AV: Trend Micro OfficeScan Antivirus [Enabled |Updated]
AS: Trend Micro OfficeScan Anti-spyware [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |/b

C:\ (%SystemDrive%) -> Fixed disk # 146 Gb (128 Gb free - 88%) [] # NTFS
D:\ -> Fixed disk # 152 Gb (143 Gb free - 95%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (71 Mb free - 71%) [System Reserved] # NTFS

[b]################## | Generic Research |/b


(!) Temporary files deleted. (44.2610645294189 MB)

[b]################## | Registry |/b


[b]################## | Regedit Run |/b

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKCU\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-2852288761-3220444514-2734179073-1000\..\Run : [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun

[b]################## | UsbFix - Information |/b

Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)/url
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?/url
Live detection : [url=http://how-to-remove.us/]http://ww25.how-to-remove.us//url

[b]################## | Hijack |/b


[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |/b

[21/01/2015 - 03:39:04 | A | 6 Ko] - C:\ComboFix.txt
[21/01/2015 - 04:54:57 | A | 2 Ko] - C:\GUDownLoaddebug.txt
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\config.sys
[22/01/2015 - 23:10:00 | ASH | 2306448 Ko] - C:\hiberfil.sys
[22/01/2015 - 23:10:01 | ASH | 3075268 Ko] - C:\pagefile.sys
[21/01/2015 - 03:39:10 | SHD] - C:\$RECYCLE.BIN
[22/01/2015 - 02:52:58 | A | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 13:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 18:37:05 | D] - C:\PerfLogs
[13/07/2009 - 20:53:55 | SHD] - C:\Documents and Settings
[21/01/2015 - 02:49:39 | RD] - C:\MSOCache
[21/01/2015 - 02:52:36 | D] - C:\Temp
[21/01/2015 - 03:39:06 | D] - C:\Qoobox
[21/01/2015 - 07:04:21 | D] - C:\ProgramData
[21/01/2015 - 07:16:51 | D] - C:\Windows
[21/01/2015 - 12:34:17 | D] - C:\Recovery
[21/01/2015 - 12:36:40 | RD] - C:\Users
[22/01/2015 - 02:47:01 | RD] - C:\Program Files
[22/01/2015 - 23:18:48 | D] - C:\UsbFix

[b]################## | D:\ - Fixed drive (NTFS) |/b

[22/01/2015 - 03:02:07 | A | 73 Ko] - D:\ZHPDiag.txt
[23/10/2014 - 07:31:24 | A | 40423 Ko] - D:\Koffi OLomide chante pour le Congo, la constitution est sacrée ..qualité HD.mp4
[23/10/2014 - 03:34:48 | A | 722 Ko] - D:\DSF 1.XLS.lgupfnj
[13/09/2011 - 04:21:52 | A | 23082 Ko] - [[url=https://www.virustotal.com/file/1cb27c4f9c0f614d9135de4cb5b32e3c14acd46a790f5a7aaa27c03cc85266b9/analysis/1420634832/]VirusTotal/url - (0/54)] - D:\CitrixReceiver.exe
[24/05/2011 - 23:00:49 | RA | 1 Ko] - D:\MediaID.bin
[21/01/2015 - 12:36:54 | D] - D:\$RECYCLE.BIN
[24/05/2011 - 23:08:00 | D] - D:\WindowsImageBackup
[23/04/2012 - 06:05:10 | D] - D:\ErdUndoCache
[17/08/2013 - 11:24:41 | D] - D:\ec7dee183fcbcd1f7c2831bb53
[19/01/2015 - 05:05:32 | D] - D:\SCAN
[19/01/2015 - 05:05:34 | D] - D:\Network's folder
[21/01/2015 - 02:48:48 | D] - D:\MS Office 2007E
[22/01/2015 - 00:17:19 | D] - D:\BKP_BERNARD

[b]################## | G:\ - Fixed drive (NTFS) |/b

[07/11/2010 - 23:19:24 | N | 0 Ko] - G:\winx.ld
[21/01/2015 - 12:36:54 | D] - G:\$RECYCLE.BIN
[21/01/2015 - 12:26:18 | RASH | 8 Ko] - G:\BOOTSECT.BAK
[07/11/2010 - 23:19:19 | N | 199 Ko] - G:\grldr
[20/11/2010 - 04:40:07 | RASH | 375 Ko] - G:\bootmgr
[21/01/2015 - 12:26:17 | D] - G:\Boot
[21/01/2015 - 12:35:56 | N | 0 Ko] - G:\wedaolu
[21/01/2015 - 12:35:56 | N | 201 Ko] - G:\CLLAD

[b]################## | Vaccin |/b

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net//url | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net//url |/b
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 23, 2015 at 05:41 AM
Hello

No infection so no delete button.

When you click right on the file and go to properties does it indicate a previous version?

Can you try to change the file extension of any one file?

Or upload any non important file (word) on speedyshare so that I will examine it.

Combofix is a very last resort for disinfection, it may have created collateral damage.
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 23, 2015 at 06:17 AM
hi

again I would like to thank you a million for your help , thought I still havent found the solution I believe with time thinks will come easily.


below is the link for speedy share

http://speedy.sh/2nZKC/3-05-Annexe-Exemple-Plan-Affaires-Quebec.PDF.lgupfnj


do u suggest that I use combofix ,is the free trial can do the job ? please let me know .
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 23, 2015 at 06:35 AM
No, do not run combofix, I thought that you had used it already.

This is a very strange phenomenon.

I am sending the file to a colleague for an opinion. I will get back to you.

P.S. I'm impressed, a French pdf!
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165 > Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023
Jan 23, 2015 at 06:36 AM
P.S. Can you read and write French?
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020 > Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023
Jan 23, 2015 at 11:41 AM
yes I do read french 5/5 and I understand french 5/5 but my problem is writting am from the french speaking country but am experienced in english , did my studies in english and all the IT technical terms most of them are in know them in english. but if u wanna communicate in french its fine with me . but my spelling and writting are not that perfect .
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 23, 2015 at 04:21 PM
Bonjour,

A French speaking country, probably born from the French imperialist era.

The virus encrypted your files.

You must now decrypt them.

Download this decrypt tool:

https://download.bleepingcomputer.com/cryptorbit/Anti-CryptorBitV2.zip

Once the file has been downloaded, extract the zip file, and run the Anti-CryptorBit.exe program. This will open the main dashboard for Anti-CryptorBit as shown below



Simply click on the recovery method that you wish to run and follow the instructions.

Bonne chance et donnez-m'en des nouvelles.
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 24, 2015 at 08:59 AM
bonjour ,

merci pour votre aide encore une , but still the files can't open they seem to be really corrupt . I have followed the method you show me on the last post invain. if there is still something I can do please let me know .

merci encore une fois.
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 24, 2015 at 04:10 PM
Bonjour,

I have tried to change the file extension without success. I sent the file to an expert colleague for analysis and there is no doubt in his mind that the file was encrypted. This usually happens when your machine is hacked and the hackers ask for a ransom to return your files to normal. Unfortunately your system security software

1. Trend Micro OfficeScan Anti-spyware
2. Windows Defender
3. Windows Firewall

were not able to protect you from intrusion.

Having said that, to avoid conflcts between antivirus's you should have only one, otherwise they get confused and protection is not as good. You may also get false positive reports.

I suggest that you use an antivirus software with it's own firewall, not Windows's.

Last but not least, I regret to inform you that the files cannot be recovered. In the future, should you come across a threat, I suggest that before attempting disinfection that you come to Kioskea first.

Je suis désolé.

Cordialement
Ambucias
Moderator
0
ft85 Posts 24 Registration date Thursday January 22, 2015 Status Member Last seen February 25, 2020
Jan 25, 2015 at 03:16 AM
Big thanks to your sir , I understand that its not your fault but ours. We should have known this before. But its too late la prochaine fois I will be very watchfull. Quel est le meilleur antivirus reseau que tu p me proposer pour mon entreprise de 50 a 100 pc?
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,165
Jan 25, 2015 at 06:31 AM
I suggest Kapersky
0