Solved

Currpted Files Due to Virus

Posted on 2014-01-16
8
495 Views
Last Modified: 2014-01-18
Corrupted Document Screenshot 1Corrupted Document Screenshot 2
I have an user whose PC was infected with "Crypto" virus on this computer last night and somehow so many WORD/EXECL files on the network drive (on Windows Server 2003/File Server) have been infected. When I try to open them, I see the screenshots.

Is there a simply program that will undo the damage?
0
Comment
Question by:sglee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Accepted Solution

by:
Kent Fichtner earned 167 total points
ID: 39786183
I am sorry to say but as far as I am aware those files are encrypted, not corrupted.  I have looked and there are a lot of other people with the same issue.  The only solution that I know of is to restore a backup.
0
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 167 total points
ID: 39786287
Pay the ransom, restore from shadow copies, restore from backup are the only solutions. I am very sorry to say.
0
 
LVL 84

Assisted Solution

by:Scott McDaniel (Microsoft Access MVP - EE MVE )
Scott McDaniel (Microsoft Access MVP - EE MVE ) earned 166 total points
ID: 39786299
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:sglee
ID: 39786419
Excel ErrorUpon further investigation, I don't think it is an act of virus.
Reasons:
(1) I can open some WORD files.
(2) I can't open any of the EXCEL files so far. I tried to open 20 some excel files.
(3) All of those files that I can't open have older dates like 9/5/2011, 5/3/1009 ... etc. None of these have today's or yesterday's dates. If the virus opened/altered the contents of those files, they would have had recent dates, but that is not the case.

That leads me to think that maybe this problem is caused by something else. Maybe server hardware is failing? Windows updates (perhaps applied overnight) screwed things up? If the Windows update was the problem, that would have been on CNN by now.

I don't know what to make of it?

As to the backup, I found out they did not have good backup since 12/168/2013, so here is another problem.
0
 
LVL 84
ID: 39786462
Crypto may not have encrypted all of the documents, so it would be possible open some but not all. It's very obvious if Crypto was the culprit - the user should have seen the "ransom" screen on their machine at some point. It's an image that has "Your personal files are encrypted" at the top, a picture of a shield to the left, a countdown timer, etc etc.

If you know the machine was infected with Crypto. then AFAIK there's nothing you can do other than pay the ransom, restore from backup, or try to use the Shadow Copy workaround to get them back (as suggested earlier).
0
 

Author Comment

by:sglee
ID: 39786503
Viruses QuarantinedHere are the viruses in Quarantined.
0
 
LVL 4

Expert Comment

by:Kent Fichtner
ID: 39786598
I would say if it is that virus or not, if the files have been corrupted that means the data in the file has changed...then the only way to get it back is to restore it.  Either restore through system rollback or a restore though a backup.
0
 

Author Comment

by:sglee
ID: 39786617
I agree. Thanks for your help.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question