fileerror_22001 infected my files. How to remove

Hi There,
I have a Windows xp sp2 computer and recently it got infected with a virus that when i try to open any picture or document file i get the following error.

If i click on file it opens up with fileerr_22001
I tried to run spyware cleaners and antivirus but still doesn't remove.  Anyone know how to clean this so i can restore my files.

Thanks
Mike
snipa911Asked:
Who is Participating?
 
rpggamergirlCommented:
Apparently this infection converts these files to .fcd type file extensions and placed in folders in my C:\Documents and Settings\Steven\Local Settings\Application Data area. The folders are then named CCD and FLR.
C:\Documents and Settings\<your username>\Local Settings\Application Data area\CCD
C:\Documents and Settings\<your username>\Local Settings\Application Data area\FLR

Also read here:
http://www.msofficeforums.com/word/1034-fileerror_22001-new-virus.html 
 
Steps to take as long as your AV program hasn't removed the infection.
http://72.14.235.132/search?q=cache:UHBuO2mFetgJ:forums.mcafeehelp.com/showthread.php%3Ft%3D226136+fileerror_22001&cd=2&hl=en&ct=clnk&gl=au

1. Use "Msconfig" to deselect the startup process in the startup tab, The process you are looking for looks something like "43718D7A.exe" Then apply and restart the PC. After the Trojan should not be active.

2. Backup the 2 folders with the encrypted original files
\Documents and Settings\<username>\Local Settings\Application Data\CDD,
\Documents and Settings\<username>\Local Settings\Application Data\FLR.
To pendrive, CD or DVD etc. In case the decryption goes bad.

3. Now use the Dr Web decrypting tool to decrypt the .fcd files in the folders above back to their original state. If the tool doesn't work when in your account try when logged in via the others users accounts if any available.
ftp://ftp.drweb.com/pub/drweb/windows/te33decrypt.exe

4. Once you have your original files back, back them up for safety, once you are satisfied all your photos etc are back.

5. Remove the Trojan completely, using DrWebCureIt, MalwareBytes or Combofix.
 
 
1. Download and install DrWebCureit:
http://www.freedrweb.com/cureit/

2. Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

3. Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 
jasin00Commented:
doc could be corrupted. also make sure the pc knows what type of software to use to open differnt file types.
explorer/tools/folder options/ file types/ scroll through the list and match up accordingly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.