Solved

Office documents randomly corrupting - possible malware issue.

Posted on 2013-01-31
4
323 Views
Last Modified: 2013-11-22
Hi there,

I have a really worrying issue that emerged yesterday with two independent customers. The first one was a laptop that was running extremely slow and then apparently some of the office documents had become unreadable. I immediately assumed adware / virus infection but was unable to remotely access it due to connection / stability issues and so could not confirm this. I got the customer to email me several of the affected documents (word, excel and publisher). Sure enough when I attempted to open them i got the same message as them: The file cannot be opened because there are problems with its contents. Details: The file is corrupt and cannot be opened.

Given that the laptop showed all the signs of being infected with some kind of malware I assumed at this stage that it had somehow corrupted some of the office documents. Within two hours I got a report from another customer (totally unrelated) that some of their office documents had become corrupted. I did have remote access to this machine and logged in to find exactly the same error message as on the laptop. I scanned for viruses and found nothing.

This is where I currently am. Could this be a new virus that is corrupting Office documents? I have attempted to repair one of the files using the office repair component of Ontrack Data Recovery. It repaired the header but then the data was unreadable. However my main concern is identifying the underlying cause.

Any suggestions or feedback would be welcome.
0
Comment
Question by:VogueSoftware
4 Comments
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 500 total points
Comment Utility
I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKIller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:VogueSoftware
Comment Utility
Many thanks Sudeep,

Will get started on those steps shortly. It will take me a while though as there are three machines with network access to the files and theoretically it could be any of them with the issue - to make matters worse they need constant access to them during the day so i will need to work round the staff.

In the meantime if anyone else has had same issue or has any suggestions for repairing the office documents please speak up!

Cheers again.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
excel forecast function 1 29
Slide Show 5 69
Windows 10 Modified 2 29
Copying and pasting pictures from Excel 2 17
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This article will show you how to use shortcut menus in the Access run-time environment.
This video shows the viewer how to set up and create Footnotes in their document. Click on the References tab: Select "Insert Footnote": Type in desired text:
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now