Solved

file extension

Posted on 2015-02-24
11
202 Views
Last Modified: 2015-03-14
most of files like .docx , .pdf , .jpeg changed to .docx.lcmkfhc , .pdf.lcmkfhc , .jpeg.lcmkfhc etc .......and file doesnt open ...showing error corrupt or cant open
0
Comment
Question by:techp
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628659
did you tried to run antivirus and malware scan ?
also did you tried to remove .lcmkfhc from file extention and open ?
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 40628669
This appears to be a common question recently and points to virus that encrypts your files. Scan your comouter with up to date anyvirus software and also malwarebytes. You will most likely have to restore your files from a backup. If you dont have one you may be out of luck
0
 

Author Comment

by:techp
ID: 40628673
antivirus is updated , ........removed extension , copied to other pc , still cant open
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628676
try as suggested by OriNetworks, surely system is infected. Which operating system and antivirus you are using.
0
 
LVL 5

Accepted Solution

by:
Alessandro Scafaria earned 250 total points
ID: 40628689
Probably your files are gone because they were victims of a Ransomware CryptoLocker o similar.

As OriNetworks pointed out, perform immediately a full scan of your system (I personally suggest a combination of Combofix and Malwarebytes) to clean your system.

Then take a look at this site too: https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!!

Let me know.....
0
 

Author Comment

by:techp
ID: 40628902
no progress
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 150 total points
ID: 40628930
Sorry - this is CBT-Locker - a Trojan (Not Cryptolocker and Cryptolocker tools won't recover this)  :(
See http:Q_28623027.html and multiple other threads on the topic
Your data files are being encrypted.
You can disinfect the system by booting to an AV utility such as the Kapersky rescue disk
http://support.kaspersky.com/viruses/rescuedisk
The trojan uses a random private encryption key and will offer you a chance to unencrypt your files at a price - hence the term Ransomware

Unless you have backups - or shadow copy or pay there's little chance of recovery.
It's worth disinfecting the machine to stop any further encryption but usually by the time this is noticed most of the permanent harm has been done.
0
 

Author Comment

by:techp
ID: 40633490
CBT locker , files encrypted , how to decrypt ?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40634024
You don't, please read the links.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 100 total points
ID: 40636840
ransomware uses random extension after it encrypt your files, as all mentioned very poor chance to get back original file, at best from your backup or shadow copies (assuming you enabled that). it is strange that the ransomware did not prompt you for "ransom" or notify you on machine infected, likewise I believe it is CTB Locker (or known as Critroni in its early stage) too which appends random file extension  
Older versions of CTB-Locker would change the file extension to .CTBL or .CTB2, while newer ones are using a random extension such as .ftelhdd or .ztswgmc.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#ctbl

another sharing instance - http://deletemalware.blogspot.sg/2015/01/virus-renamed-and-encrypted-my-files.html
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question