Doc, Xls, and Pdfs act like they are corrupt on desktop

Posted on 2014-01-09
Last Modified: 2014-01-15
A user has several folders on their win 7 desktop that contain pdfs, doc, docx, and xls files. When we try to open them it says they are corrupt. Any files of the same extention that are saved in other locations on the HD do not say this. Can you help?
Question by:portillosjohn
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Author Comment

ID: 39768239
On closer inspection it is all docs and docs on the computer. I have already scanned with malware bytes and eset and it finds nothing.
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39770254
Check JPEGs as well.  If it's all Office files and common image formats this is Cryptolocker.

An Offline scan should find the infective component which is hidden while active on the machine.  If the infection was Cryptolocker then you've almost certainly lost the data :(


Author Comment

ID: 39771371
Its not all the jpegs. Just one folder on the destkop. I can't find any evidence that it is cryptolocker. Plus no ransom message.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 39771837
Are the only files affected in the one folder or is it just JPEGs in one folder that are affected?

Check your eset logs to see if anything has been removed or quarantined recently

Author Comment

ID: 39771919
It seems to be only JPEGs in one folder that are affected. The logs came up blank as well...Really wierd.
LVL 62

Accepted Solution

☠ MASQ ☠ earned 500 total points
ID: 39771967
If you're certain the system is clean I'd still suspect you're looking at ransomware damage - you won't get a message on the screen until all the indexed files are encrypted so if the payload was removed by AV or anti-malware tools only some files will be affected and the damage becomes apparent.  These nasties tend to index the HDD and then work their way sequentially through the file structure so look to see if the locations could be indexed in order. you may find a folder that's only part encrypted which is the point at which the damage was stopped.  

The lack of a cleanup log indexing a ransomware signature undermines this but the pattern of Office files and JPEGs is consistent with that kind of infection.

Author Closing Comment

ID: 39782587
Looks like it was the cryptolock. The user had backups which he did not tell me at the start......

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office Picture Manager is not included in Office 2013. This comes as a shock to users upgrading from earlier versions of Office, such as 2007 and 2010, where Picture Manager was included as a standard application. This article explains how…
This article descibes how to create a connection between Excel and SAP and how to move data from Excel to SAP or the other way around.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question