Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Doc, Xls, and Pdfs act like they are corrupt on desktop

Posted on 2014-01-09
7
Medium Priority
?
554 Views
Last Modified: 2014-01-15
A user has several folders on their win 7 desktop that contain pdfs, doc, docx, and xls files. When we try to open them it says they are corrupt. Any files of the same extention that are saved in other locations on the HD do not say this. Can you help?
0
Comment
Question by:portillosjohn
  • 4
  • 3
7 Comments
 

Author Comment

by:portillosjohn
ID: 39768239
On closer inspection it is all docs and docs on the computer. I have already scanned with malware bytes and eset and it finds nothing.
0
 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39770254
Check JPEGs as well.  If it's all Office files and common image formats this is Cryptolocker.

An Offline scan should find the infective component which is hidden while active on the machine.  If the infection was Cryptolocker then you've almost certainly lost the data :(

See: http://www.experts-exchange.com/Security/Encryption/Q_28295419.html
0
 

Author Comment

by:portillosjohn
ID: 39771371
Its not all the jpegs. Just one folder on the destkop. I can't find any evidence that it is cryptolocker. Plus no ransom message.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 63

Expert Comment

by:☠ MASQ ☠
ID: 39771837
Are the only files affected in the one folder or is it just JPEGs in one folder that are affected?

Check your eset logs to see if anything has been removed or quarantined recently
0
 

Author Comment

by:portillosjohn
ID: 39771919
It seems to be only JPEGs in one folder that are affected. The logs came up blank as well...Really wierd.
0
 
LVL 63

Accepted Solution

by:
☠ MASQ ☠ earned 2000 total points
ID: 39771967
If you're certain the system is clean I'd still suspect you're looking at ransomware damage - you won't get a message on the screen until all the indexed files are encrypted so if the payload was removed by AV or anti-malware tools only some files will be affected and the damage becomes apparent.  These nasties tend to index the HDD and then work their way sequentially through the file structure so look to see if the locations could be indexed in order. you may find a folder that's only part encrypted which is the point at which the damage was stopped.  

The lack of a cleanup log indexing a ransomware signature undermines this but the pattern of Office files and JPEGs is consistent with that kind of infection.
0
 

Author Closing Comment

by:portillosjohn
ID: 39782587
Looks like it was the cryptolock. The user had backups which he did not tell me at the start......
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question