Solved

file extension

Posted on 2015-02-24
11
198 Views
Last Modified: 2015-03-14
most of files like .docx , .pdf , .jpeg changed to .docx.lcmkfhc , .pdf.lcmkfhc , .jpeg.lcmkfhc etc .......and file doesnt open ...showing error corrupt or cant open
0
Comment
Question by:techp
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628659
did you tried to run antivirus and malware scan ?
also did you tried to remove .lcmkfhc from file extention and open ?
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 40628669
This appears to be a common question recently and points to virus that encrypts your files. Scan your comouter with up to date anyvirus software and also malwarebytes. You will most likely have to restore your files from a backup. If you dont have one you may be out of luck
0
 

Author Comment

by:techp
ID: 40628673
antivirus is updated , ........removed extension , copied to other pc , still cant open
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 40628676
try as suggested by OriNetworks, surely system is infected. Which operating system and antivirus you are using.
0
 
LVL 5

Accepted Solution

by:
Alessandro Scafaria earned 250 total points
ID: 40628689
Probably your files are gone because they were victims of a Ransomware CryptoLocker o similar.

As OriNetworks pointed out, perform immediately a full scan of your system (I personally suggest a combination of Combofix and Malwarebytes) to clean your system.

Then take a look at this site too: https://www.decryptcryptolocker.com/

Probably with no luck, if you upload a crypted file of yours, you'll be able to decrypt it (never happened to me personally).....but a chance is a chance!!

Let me know.....
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:techp
ID: 40628902
no progress
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 150 total points
ID: 40628930
Sorry - this is CBT-Locker - a Trojan (Not Cryptolocker and Cryptolocker tools won't recover this)  :(
See http:Q_28623027.html and multiple other threads on the topic
Your data files are being encrypted.
You can disinfect the system by booting to an AV utility such as the Kapersky rescue disk
http://support.kaspersky.com/viruses/rescuedisk
The trojan uses a random private encryption key and will offer you a chance to unencrypt your files at a price - hence the term Ransomware

Unless you have backups - or shadow copy or pay there's little chance of recovery.
It's worth disinfecting the machine to stop any further encryption but usually by the time this is noticed most of the permanent harm has been done.
0
 

Author Comment

by:techp
ID: 40633490
CBT locker , files encrypted , how to decrypt ?
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 40634024
You don't, please read the links.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 100 total points
ID: 40636840
ransomware uses random extension after it encrypt your files, as all mentioned very poor chance to get back original file, at best from your backup or shadow copies (assuming you enabled that). it is strange that the ransomware did not prompt you for "ransom" or notify you on machine infected, likewise I believe it is CTB Locker (or known as Critroni in its early stage) too which appends random file extension  
Older versions of CTB-Locker would change the file extension to .CTBL or .CTB2, while newer ones are using a random extension such as .ftelhdd or .ztswgmc.
http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information#ctbl

another sharing instance - http://deletemalware.blogspot.sg/2015/01/virus-renamed-and-encrypted-my-files.html
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now