Excel Errors on Network Drives

A couple hours ago we starting noticing a lot of errors with Excel and Word documents that are stored on the network.
When we try to open them we get the attached error. We are using Office 2010 and nothing has changed on the file server or with the computers. Some are saves as xlsx and some as xls and they both have issues.

Is there something I can do to fix this?

Who is Participating?
Josh-ITConnect With a Mentor Commented:
Really a longshot, but-
Are you having the same problem with any other of the following file types?
3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

I can't remember if Cryptolocker changes file extensions or not, but it's nasty if that's what is causing this. Typically I have seen this ransomware get's onto a single client PC, and then it starts encrypting all the above file types across any network shares.
Have you tried opening the document with repair? take a read through this to see if it helps http://office.microsoft.com/en-gb/excel-help/repairing-a-corrupted-workbook-HA010342840.aspx

WinsoupAuthor Commented:
I actually just had a user call and had that virus so chances are thats what happened.
Is there a good way to go about fixing this?

We are using Kaspersky but apparently it made it past that.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Depends on the variant of the virus from what I hear.
So, from last I read into Cryptolocker, it's easy to remove. The bad news is that won't help you get the files back.
Restore from Backup is the best method to get your files back typically once the virus is gone.
I have seen someone pay the ransom the malware is demanding and let the machine start decrypting files, the client I was helping paid the ransom, and the software did start decrypting their files. As much as I hate to suggest it, that worked for them.
It is a super nasty one though that last I checked there was no way to decrypt the files without getting the private key from the people demanding the ransom.

WinsoupAuthor Commented:
This doesn't sound like much fun.
If it installed on a single computer and found its way to a couple network drives do I need to wipe the file server too or just get her machine off the network since the actual virus was only on her machine?
I can restore from backups if I have to do that.
Sorry, about to run out for the day so I won't be of much more assistance.
To my knowledge, if you kill the actual ransomware, you won't be able to decrypt the files via paying the ransom.
My understanding is that the ransomware only loads on the infected machine, then encrypts what it has access too, including network shares. So I don't believe the file server actually gets infected.
And yes, from what I heard it is no fun. And nothing stops it yet that I know of.
WinsoupAuthor Commented:
Ok, now that we know what the issue is we'll figure out how we want to handle it.
Thanks for your input.
No problem, good luck. It's a nasty one that's all too easy to get unfortunately.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.