Solved

file extension

Posted on 2015-02-24
11
213 Views
Last Modified: 2015-03-14
most of files like .docx , .pdf , .jpeg changed to .docx.lcmkfhc , .pdf.lcmkfhc , .jpeg.lcmkfhc etc .......and file doesnt open ...showing error corrupt or cant open
0
Comment
Question by:techp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628659
did you tried to run antivirus and malware scan ?
also did you tried to remove .lcmkfhc from file extention and open ?
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 40628669
This appears to be a common question recently and points to virus that encrypts your files. Scan your comouter with up to date anyvirus software and also malwarebytes. You will most likely have to restore your files from a backup. If you dont have one you may be out of luck
0
 

Author Comment

by:techp
ID: 40628673
antivirus is updated , ........removed extension , copied to other pc , still cant open
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628676
try as suggested by OriNetworks, surely system is infected. Which operating system and antivirus you are using.
0
 
LVL 5

Accepted Solution

by:
Alessandro Scafaria earned 250 total points
ID: 40628689
Probably your files are gone because they were victims of a Ransomware CryptoLocker o similar.

As OriNetworks pointed out, perform immediately a full scan of your system (I personally suggest a combination of Combofix and Malwarebytes) to clean your system.

Then take a look at this site too: https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!!

Let me know.....
0
 

Author Comment

by:techp
ID: 40628902
no progress
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 150 total points
ID: 40628930
Sorry - this is CBT-Locker - a Trojan (Not Cryptolocker and Cryptolocker tools won't recover this)  :(
See http:Q_28623027.html and multiple other threads on the topic
Your data files are being encrypted.
You can disinfect the system by booting to an AV utility such as the Kapersky rescue disk
http://support.kaspersky.com/viruses/rescuedisk
The trojan uses a random private encryption key and will offer you a chance to unencrypt your files at a price - hence the term Ransomware

Unless you have backups - or shadow copy or pay there's little chance of recovery.
It's worth disinfecting the machine to stop any further encryption but usually by the time this is noticed most of the permanent harm has been done.
0
 

Author Comment

by:techp
ID: 40633490
CBT locker , files encrypted , how to decrypt ?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40634024
You don't, please read the links.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 100 total points
ID: 40636840
ransomware uses random extension after it encrypt your files, as all mentioned very poor chance to get back original file, at best from your backup or shadow copies (assuming you enabled that). it is strange that the ransomware did not prompt you for "ransom" or notify you on machine infected, likewise I believe it is CTB Locker (or known as Critroni in its early stage) too which appends random file extension  
Older versions of CTB-Locker would change the file extension to .CTBL or .CTB2, while newer ones are using a random extension such as .ftelhdd or .ztswgmc.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#ctbl

another sharing instance - http://deletemalware.blogspot.sg/2015/01/virus-renamed-and-encrypted-my-files.html
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question