[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Potential virus corrupting Word and Excel files

Posted on 2013-11-19
6
Medium Priority
?
926 Views
Last Modified: 2014-05-10
I have a client that is getting an error when opening Word and Excel files.  She is using Office 2010 and it happens opening .doc and .docx files (same with Excel).  The error says the file cannot be opened because it is corrupt or part of the file is missing.  If you try to recover, it says it cannot recover the file.

Hitman Pro, Norton 360, and Security Essentials all report that the computer is clean.  MalwareBytes didn't find anything, but I do get an interesting message when Word is opened after installing MalwareBytes.

MalwareBytes Anti-Malware:

Succesfully blocked access to a potentially malicious website: 66.77.96.140
Type: outgoing
Port: 49577. Process: winword.exe

All Word and Excel files have been corrupted.  Has anyone seen this particular virus before and has anyone had any luck recovering the word and excel files?

Thanks in advance.
0
Comment
Question by:Austinns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39659744
See https://www.virustotal.com/en/ip-address/66.77.96.140/information/

Hashes of malicious executables are provided, these can be searched for by scanning your system (http://md5deep.sourceforge.net/#download for example) with a SHA-256 hash generator, redirecting the output to a text file.  You can then search the text file for each hash identified above and remove them.  Bear in mind these may be droppers, which drop additional malware, not currently associated with the report above.

Dr. Web seems to be the signature based scanning engine which is leading the pack on this particular piece of malware.  It would be worthwhile to scan your system with that product, prior to engaging in deeper analysis.

See http://it.pages.tcnj.edu/files/2012/04/MSAdvancedMalwareCleaningNov2011.pdf
http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf

• Disconnect from network
• Identify malicious processes and drivers
• Suspend and terminate suspicious processes
• Identify and delete malware autostarts
• Delete malware files
• Reboot
• Repeat Step 2

See Invincea
0
 

Author Comment

by:Austinns
ID: 39659805
Thanks,

I will scan with that software when I get back to the office and will add follow-up info.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39660146
Additionally, consider creating zones on your DNS server which resolve the FQDNs identified in the VirusTotal Report to a local web server or loopback address.

Enforce rules at your firewall to prevent your internal DNS servers from being bypassed: All local hosts configured to use local DNS servers.  Firewall blocks all outbound DNS requests from all hosts except your local DNS servers.  Configure your internal DNS servers to use OpenDNS servers as their forwarders.

I've created an OpenDNS enhancement requested based on your report here:
https://support.opendns.com/entries/23001279-Site-Checker-Vote-On-Domains-Improvements
0
 
LVL 4

Expert Comment

by:FutureTechSysDOTcom
ID: 39666296
Here is an expert's exchange article I wrote:

http://www.experts-exchange.com/Software/Internet_Email/Email/Anti_Spam/A_12391-How-To-Speed-Up-Your-Computer-Remove-Spyware-Viruses-and-PUA-Potentially-Unwanted-Applications.html

I'd run through this process on the machines on your network.  Worst case scenario, they all run a bit better and are virus free :-)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question