file extension

most of files like .docx , .pdf , .jpeg changed to .docx.lcmkfhc , .pdf.lcmkfhc , .jpeg.lcmkfhc etc .......and file doesnt open ...showing error corrupt or cant open
techpAsked:
Who is Participating?
 
Alessandro ScafariaConnect With a Mentor Infrastructure Premier Field AdministratorCommented:
Probably your files are gone because they were victims of a Ransomware CryptoLocker o similar.

As OriNetworks pointed out, perform immediately a full scan of your system (I personally suggest a combination of Combofix and Malwarebytes) to clean your system.

Then take a look at this site too: https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!!

Let me know.....
0
 
Santosh GuptaCommented:
did you tried to run antivirus and malware scan ?
also did you tried to remove .lcmkfhc from file extention and open ?
0
 
OriNetworksCommented:
This appears to be a common question recently and points to virus that encrypts your files. Scan your comouter with up to date anyvirus software and also malwarebytes. You will most likely have to restore your files from a backup. If you dont have one you may be out of luck
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
techpAuthor Commented:
antivirus is updated , ........removed extension , copied to other pc , still cant open
0
 
Santosh GuptaCommented:
try as suggested by OriNetworks, surely system is infected. Which operating system and antivirus you are using.
0
 
techpAuthor Commented:
no progress
0
 
☠ MASQ ☠Connect With a Mentor Commented:
Sorry - this is CBT-Locker - a Trojan (Not Cryptolocker and Cryptolocker tools won't recover this)  :(
See http:Q_28623027.html and multiple other threads on the topic
Your data files are being encrypted.
You can disinfect the system by booting to an AV utility such as the Kapersky rescue disk
http://support.kaspersky.com/viruses/rescuedisk
The trojan uses a random private encryption key and will offer you a chance to unencrypt your files at a price - hence the term Ransomware

Unless you have backups - or shadow copy or pay there's little chance of recovery.
It's worth disinfecting the machine to stop any further encryption but usually by the time this is noticed most of the permanent harm has been done.
0
 
techpAuthor Commented:
CBT locker , files encrypted , how to decrypt ?
0
 
☠ MASQ ☠Commented:
You don't, please read the links.
0
 
btanConnect With a Mentor Exec ConsultantCommented:
ransomware uses random extension after it encrypt your files, as all mentioned very poor chance to get back original file, at best from your backup or shadow copies (assuming you enabled that). it is strange that the ransomware did not prompt you for "ransom" or notify you on machine infected, likewise I believe it is CTB Locker (or known as Critroni in its early stage) too which appends random file extension  
Older versions of CTB-Locker would change the file extension to .CTBL or .CTB2, while newer ones are using a random extension such as .ftelhdd or .ztswgmc.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#ctbl

another sharing instance - http://deletemalware.blogspot.sg/2015/01/virus-renamed-and-encrypted-my-files.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.