Solved

file extension

Posted on 2015-02-24
11
194 Views
Last Modified: 2015-03-14
most of files like .docx , .pdf , .jpeg changed to .docx.lcmkfhc , .pdf.lcmkfhc , .jpeg.lcmkfhc etc .......and file doesnt open ...showing error corrupt or cant open
0
Comment
Question by:techp
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628659
did you tried to run antivirus and malware scan ?
also did you tried to remove .lcmkfhc from file extention and open ?
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 40628669
This appears to be a common question recently and points to virus that encrypts your files. Scan your comouter with up to date anyvirus software and also malwarebytes. You will most likely have to restore your files from a backup. If you dont have one you may be out of luck
0
 

Author Comment

by:techp
ID: 40628673
antivirus is updated , ........removed extension , copied to other pc , still cant open
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628676
try as suggested by OriNetworks, surely system is infected. Which operating system and antivirus you are using.
0
 
LVL 5

Accepted Solution

by:
Alessandro Scafaria earned 250 total points
ID: 40628689
Probably your files are gone because they were victims of a Ransomware CryptoLocker o similar.

As OriNetworks pointed out, perform immediately a full scan of your system (I personally suggest a combination of Combofix and Malwarebytes) to clean your system.

Then take a look at this site too: https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!!

Let me know.....
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:techp
ID: 40628902
no progress
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 150 total points
ID: 40628930
Sorry - this is CBT-Locker - a Trojan (Not Cryptolocker and Cryptolocker tools won't recover this)  :(
See http:Q_28623027.html and multiple other threads on the topic
Your data files are being encrypted.
You can disinfect the system by booting to an AV utility such as the Kapersky rescue disk
http://support.kaspersky.com/viruses/rescuedisk
The trojan uses a random private encryption key and will offer you a chance to unencrypt your files at a price - hence the term Ransomware

Unless you have backups - or shadow copy or pay there's little chance of recovery.
It's worth disinfecting the machine to stop any further encryption but usually by the time this is noticed most of the permanent harm has been done.
0
 

Author Comment

by:techp
ID: 40633490
CBT locker , files encrypted , how to decrypt ?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40634024
You don't, please read the links.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 100 total points
ID: 40636840
ransomware uses random extension after it encrypt your files, as all mentioned very poor chance to get back original file, at best from your backup or shadow copies (assuming you enabled that). it is strange that the ransomware did not prompt you for "ransom" or notify you on machine infected, likewise I believe it is CTB Locker (or known as Critroni in its early stage) too which appends random file extension  
Older versions of CTB-Locker would change the file extension to .CTBL or .CTB2, while newer ones are using a random extension such as .ftelhdd or .ztswgmc.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#ctbl

another sharing instance - http://deletemalware.blogspot.sg/2015/01/virus-renamed-and-encrypted-my-files.html
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now