?
Solved

fileerror_22001 infected my files.  How to remove

Posted on 2009-04-27
2
Medium Priority
?
489 Views
Last Modified: 2013-11-22
Hi There,
I have a Windows xp sp2 computer and recently it got infected with a virus that when i try to open any picture or document file i get the following error.

If i click on file it opens up with fileerr_22001
I tried to run spyware cleaners and antivirus but still doesn't remove.  Anyone know how to clean this so i can restore my files.

Thanks
Mike
0
Comment
Question by:snipa911
2 Comments
 
LVL 6

Expert Comment

by:jasin00
ID: 24241523
doc could be corrupted. also make sure the pc knows what type of software to use to open differnt file types.
explorer/tools/folder options/ file types/ scroll through the list and match up accordingly.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 24242219
Apparently this infection converts these files to .fcd type file extensions and placed in folders in my C:\Documents and Settings\Steven\Local Settings\Application Data area. The folders are then named CCD and FLR.
C:\Documents and Settings\<your username>\Local Settings\Application Data area\CCD
C:\Documents and Settings\<your username>\Local Settings\Application Data area\FLR

Also read here:
http://www.msofficeforums.com/word/1034-fileerror_22001-new-virus.html 
 
Steps to take as long as your AV program hasn't removed the infection.
http://72.14.235.132/search?q=cache:UHBuO2mFetgJ:forums.mcafeehelp.com/showthread.php%3Ft%3D226136+fileerror_22001&cd=2&hl=en&ct=clnk&gl=au

1. Use "Msconfig" to deselect the startup process in the startup tab, The process you are looking for looks something like "43718D7A.exe" Then apply and restart the PC. After the Trojan should not be active.

2. Backup the 2 folders with the encrypted original files
\Documents and Settings\<username>\Local Settings\Application Data\CDD,
\Documents and Settings\<username>\Local Settings\Application Data\FLR.
To pendrive, CD or DVD etc. In case the decryption goes bad.

3. Now use the Dr Web decrypting tool to decrypt the .fcd files in the folders above back to their original state. If the tool doesn't work when in your account try when logged in via the others users accounts if any available.
ftp://ftp.drweb.com/pub/drweb/windows/te33decrypt.exe

4. Once you have your original files back, back them up for safety, once you are satisfied all your photos etc are back.

5. Remove the Trojan completely, using DrWebCureIt, MalwareBytes or Combofix.
 
 
1. Download and install DrWebCureit:
http://www.freedrweb.com/cureit/

2. Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php 

3. Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question