Doc, Xls, and Pdfs act like they are corrupt on desktop

A user has several folders on their win 7 desktop that contain pdfs, doc, docx, and xls files. When we try to open them it says they are corrupt. Any files of the same extention that are saved in other locations on the HD do not say this. Can you help?
portillosjohnAsked:
Who is Participating?
 
☠ MASQ ☠Connect With a Mentor Commented:
If you're certain the system is clean I'd still suspect you're looking at ransomware damage - you won't get a message on the screen until all the indexed files are encrypted so if the payload was removed by AV or anti-malware tools only some files will be affected and the damage becomes apparent.  These nasties tend to index the HDD and then work their way sequentially through the file structure so look to see if the locations could be indexed in order. you may find a folder that's only part encrypted which is the point at which the damage was stopped.  

The lack of a cleanup log indexing a ransomware signature undermines this but the pattern of Office files and JPEGs is consistent with that kind of infection.
0
 
portillosjohnAuthor Commented:
On closer inspection it is all docs and docs on the computer. I have already scanned with malware bytes and eset and it finds nothing.
0
 
☠ MASQ ☠Commented:
Check JPEGs as well.  If it's all Office files and common image formats this is Cryptolocker.

An Offline scan should find the infective component which is hidden while active on the machine.  If the infection was Cryptolocker then you've almost certainly lost the data :(

See: http://www.experts-exchange.com/Security/Encryption/Q_28295419.html
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
portillosjohnAuthor Commented:
Its not all the jpegs. Just one folder on the destkop. I can't find any evidence that it is cryptolocker. Plus no ransom message.
0
 
☠ MASQ ☠Commented:
Are the only files affected in the one folder or is it just JPEGs in one folder that are affected?

Check your eset logs to see if anything has been removed or quarantined recently
0
 
portillosjohnAuthor Commented:
It seems to be only JPEGs in one folder that are affected. The logs came up blank as well...Really wierd.
0
 
portillosjohnAuthor Commented:
Looks like it was the cryptolock. The user had backups which he did not tell me at the start......
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.