Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

File names changed to .ENCODED

Posted on 2010-11-29
4
Medium Priority
?
1,107 Views
Last Modified: 2012-05-10
Last Friday (11/26) many files on my network suddenly appear with .ENCODED as the file extension.  It's hit and miss around the network.  It's effected PDFs, XLS and DBF file type.  There's no rhyme nor reason I can figure out.  I noticed one folder on Saturday and restored it from backups, but it's all over the place.  

I've got Trend Micro running on all workstations and servers, so I should be protected.  I can't find anything online on this.  Any ideas?

If I remove the .ENCODED from the file name and open it, it's gibberish.
0
Comment
Question by:BigRBTrout
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 2000 total points
ID: 34232454
this seems to fit here:

Malicious hackers are spreading the ransomware, which encrypts media and Office files on victim's computers, in an attempt to extort $120. In a nutshell - you can't access your files because the malicious code has encrypted them (in our observations, the whole file isn't encrypted - just the first 10% or so), and the hackers want you to pay the ransom if you want your valuable data back.

http://nakedsecurity.sophos.com/2010/11/26/drive-by-ransomware-attack-demands-120/
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 2000 total points
ID: 34232478
you can check if there are these system modifications.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojransomu.html

0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 2000 total points
ID: 34232499
in short, remove the trojan.

You could use the sophos beta for it.

http://www.sophos.com/products/beta/
--
then  apply all windows updates. Also try to prevent to work with Administrator permissions. Especially when surfing the Internet.
0
 
LVL 1

Author Comment

by:BigRBTrout
ID: 34233329
Thanks, this helped out, quite a bit.  I've got Trend Micro working on removal and I'm restoring files.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question