Network share

Hi

Since today morning I have a weird problem. On one of my network share when I try to open a .DOC .XLS or a .PDF I receive a message that says

The file format differs from the format that the file name extension specifies.

If I clic on OK the file is opening and all the text Inside is ASCII.

It is happening on the entire share. But only this share. The others share are OK.
jpmoreauAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
cpmcomputersConnect With a Mentor Commented:
In most cases the cryptolocker (and similar)
Infect from a client pc on the network not usually the server itself not the one necessarily you are logging in from
You need to check all the pc's on the network

Please also check this article

http://www.theregister.co.uk/2014/04/03/cryptodefense_rsa_private_key_on_disk/

A new variant is out
0
 
Dan CraciunIT ConsultantCommented:
Check if the files are not encrypted. You could of been hit by CryptoLocker or similar.

I mean another computer with access to that share is infected.
If that's the case, remove it from the network, clean it, restore files from backup.

HTH,
Dan
0
 
Tony GiangrecoCommented:
Are you sure there isn't spyware on the Pc your accessing it from?

Here are some apps to check it with
AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/

Kaspersky TDSSKiller
http://www.bleepingcomputer.com/download/tdsskiller/

ESET online scanner
http://www.eset.com/us/online-scanner/

Malwarebytes Anti-Rootkit
http://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/

www.malwarebytes.org
www.superantispyware.com
www.hitmanpro.com
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
jpmoreauAuthor Commented:
It is happening from any of the pc's
0
 
Dan CraciunIT ConsultantCommented:
You can post here a document that you know does not contain sensitive data so we can confirm it's encrypted.

In the mean time, check the local documents of the other computers. I bet at least one has all documents encrypted. That's the infected one...
0
 
jpmoreauAuthor Commented:
The documents that are in problem are on a server share. Here is one example

Thanks
Besoins-des-clients-2012.xls
0
 
Dan CraciunIT ConsultantCommented:
Looks encrypted. No header, no identifiable content inside.

The way Cryptolocker works, it encrypts all documents on local folders and on accessible network shares.
0
 
jpmoreauAuthor Commented:
Ok

What is the best way to correct?

Is there an easy way?
0
 
Dan CraciunIT ConsultantCommented:
Yup. Find the infected machine(s), remove it/them from the network, clean them, then restore all files from backups.

Read this if you're infected with CryptoLocker (you might have a different virus, as variants appeared): http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
0
 
jpmoreauAuthor Commented:
I cannot not determine if I'm infected or not. Ihave try the tools but nothings show me taht I'm infected
0
 
Dan CraciunIT ConsultantCommented:
If your files are encrypted, it means some software encrypted it. You just need to find it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.