Austinns
asked on
Potential virus corrupting Word and Excel files
I have a client that is getting an error when opening Word and Excel files. She is using Office 2010 and it happens opening .doc and .docx files (same with Excel). The error says the file cannot be opened because it is corrupt or part of the file is missing. If you try to recover, it says it cannot recover the file.
Hitman Pro, Norton 360, and Security Essentials all report that the computer is clean. MalwareBytes didn't find anything, but I do get an interesting message when Word is opened after installing MalwareBytes.
MalwareBytes Anti-Malware:
Succesfully blocked access to a potentially malicious website: 66.77.96.140
Type: outgoing
Port: 49577. Process: winword.exe
All Word and Excel files have been corrupted. Has anyone seen this particular virus before and has anyone had any luck recovering the word and excel files?
Thanks in advance.
Hitman Pro, Norton 360, and Security Essentials all report that the computer is clean. MalwareBytes didn't find anything, but I do get an interesting message when Word is opened after installing MalwareBytes.
MalwareBytes Anti-Malware:
Succesfully blocked access to a potentially malicious website: 66.77.96.140
Type: outgoing
Port: 49577. Process: winword.exe
All Word and Excel files have been corrupted. Has anyone seen this particular virus before and has anyone had any luck recovering the word and excel files?
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Additionally, consider creating zones on your DNS server which resolve the FQDNs identified in the VirusTotal Report to a local web server or loopback address.
Enforce rules at your firewall to prevent your internal DNS servers from being bypassed: All local hosts configured to use local DNS servers. Firewall blocks all outbound DNS requests from all hosts except your local DNS servers. Configure your internal DNS servers to use OpenDNS servers as their forwarders.
I've created an OpenDNS enhancement requested based on your report here:
https://support.opendns.co
Enforce rules at your firewall to prevent your internal DNS servers from being bypassed: All local hosts configured to use local DNS servers. Firewall blocks all outbound DNS requests from all hosts except your local DNS servers. Configure your internal DNS servers to use OpenDNS servers as their forwarders.
I've created an OpenDNS enhancement requested based on your report here:
https://support.opendns.co
Here is an expert's exchange article I wrote:
https://www.experts-exchange.com/Software/Internet_Email/Email/Anti_Spam/A_12391-How-To-Speed-Up-Your-Computer-Remove-Spyware-Viruses-and-PUA-Potentially-Unwanted-Applications.html
I'd run through this process on the machines on your network. Worst case scenario, they all run a bit better and are virus free :-)
https://www.experts-exchange.com/Software/Internet_Email/Email/Anti_Spam/A_12391-How-To-Speed-Up-Your-Computer-Remove-Spyware-Viruses-and-PUA-Potentially-Unwanted-Applications.html
I'd run through this process on the machines on your network. Worst case scenario, they all run a bit better and are virus free :-)
ASKER
I will scan with that software when I get back to the office and will add follow-up info.