kevluck373
asked on
data recovery from possible virus
Hello,
A friend of mine told me he has viruses on his USB drive, and it seems I’ve heard a virus of this type is going around; don’t know the exact name of the virus.
Apparently, what happens is the user of the flash drive is told all the documents on the flash drive are encrypted, and I was told something like calling giving your card #s or giving your #s through a web page.
I’ve scanned the flash drive w/ multiple antivirus software & no viruses have been found, but what has happened seems to be almost all documents on the drive or corrupt.
When you open a bmp file, you see the screen telling you your files are encrypted, yada, yada. I’ve attached a bmp file that shows the picture I’m talking about. There is no virus w/ this bmp file.
Microsoft Office 2010 files seem to be hit hard, and those are the files I need to recover if at all possible. I have Office 2010 too, and if there is a better repair function in later versions of Office…well they will not be available to me.
I’ve tried 2 evaluation versions of Office recovery software & nothing that looks anything good has been recovered; just a bunch of junk.
I’m attaching a word file that when you open it w/ Word says it corrupted do you want to repair the file. If you choose repair then you get the message “the file cannot be opened because there are problems w/ the contents.” Then you hit the details button you get “this file cannot be recovered because some parts are missing or invalid".
I’m not sure, but maybe this is what the virus was supposed to do and corrupt all the Office files, and apparently the picture type files too. There is a load of JPG file on the flash drive that get the corrupt message too. I’ve attached a JPG file, and hopefully there’s a way to open the file or a way to recover the file.
Does anyone know of a recovery software that may be able to get these documents back, may be another way to try to recover these documents, or just hopeless?
Garmin-heart-rate.docxThanks
README.bmp
s-l16001.jpg
A friend of mine told me he has viruses on his USB drive, and it seems I’ve heard a virus of this type is going around; don’t know the exact name of the virus.
Apparently, what happens is the user of the flash drive is told all the documents on the flash drive are encrypted, and I was told something like calling giving your card #s or giving your #s through a web page.
I’ve scanned the flash drive w/ multiple antivirus software & no viruses have been found, but what has happened seems to be almost all documents on the drive or corrupt.
When you open a bmp file, you see the screen telling you your files are encrypted, yada, yada. I’ve attached a bmp file that shows the picture I’m talking about. There is no virus w/ this bmp file.
Microsoft Office 2010 files seem to be hit hard, and those are the files I need to recover if at all possible. I have Office 2010 too, and if there is a better repair function in later versions of Office…well they will not be available to me.
I’ve tried 2 evaluation versions of Office recovery software & nothing that looks anything good has been recovered; just a bunch of junk.
I’m attaching a word file that when you open it w/ Word says it corrupted do you want to repair the file. If you choose repair then you get the message “the file cannot be opened because there are problems w/ the contents.” Then you hit the details button you get “this file cannot be recovered because some parts are missing or invalid".
I’m not sure, but maybe this is what the virus was supposed to do and corrupt all the Office files, and apparently the picture type files too. There is a load of JPG file on the flash drive that get the corrupt message too. I’ve attached a JPG file, and hopefully there’s a way to open the file or a way to recover the file.
Does anyone know of a recovery software that may be able to get these documents back, may be another way to try to recover these documents, or just hopeless?
Garmin-heart-rate.docxThanks
README.bmp
s-l16001.jpg
John
It sounds like you got the Cryptolock Ransomware virus. You cannot recover the documents and you must restore from a recent backup.
It also won't just infect the USB disks, but also local and network locations. First install windows again from scratch on the infected PC, then as has been mentioned above, restore all your data from your backups.
just saying: from itworldcanada.com
I hope you have a recent backup
Ransomware and rogue anti-spyware are the worst types of malware afflicting Canadian computers, EnigmaSoftware.com reportshttp://www.itworldcanada.com/messagent.php?ID=u83u0UG_4Pz_TvzUrmuZqiCygfvEfaudGMnvj9zNtOxrALFKCJ84%2BhEFhufNRZ7pRgRS_fRmfAeyDLsvM2kXkcTlFbM09
I hope you have a recent backup
ASKER
I've been surfing the internet, and it seems there's a slim possibility you can download apps from places such as Kapersky to hopefully decrypt some of the file(s).
Most of the apps say you need a backup copy. The backup w/ office is known as the shadow copy, and I assume this is the file that's kept in the background to get a document back if say, the power goes out. There seems to be some apps that don't seem to mention shadow copies, but it seems you have to know the specific name of the virus to use one of these apps.
Since I've done many virus scans on the flash drive I'm not sure there is a way to find out which specific virus it could be.
Most of the apps say you need a backup copy. The backup w/ office is known as the shadow copy, and I assume this is the file that's kept in the background to get a document back if say, the power goes out. There seems to be some apps that don't seem to mention shadow copies, but it seems you have to know the specific name of the virus to use one of these apps.
Since I've done many virus scans on the flash drive I'm not sure there is a way to find out which specific virus it could be.
Decryption could take many years. You need to recover from backup. Kaspersky might be able to tell you what variant, but that does not change the outcome.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did find out the infection on the drive is crypmic, and apparently has came up very recent.
There a few programs out there supposedly will decrypt files for other ransomware encryption but not this particular ransomware. Hopefully someday there will be some program that decrypt all the files.
I feel bad for him, but all I can do is urge to him to back frequent.
Thanks for your help
There a few programs out there supposedly will decrypt files for other ransomware encryption but not this particular ransomware. Hopefully someday there will be some program that decrypt all the files.
I feel bad for him, but all I can do is urge to him to back frequent.
Thanks for your help
ASKER
I tried several ways to see if there were any shadow copies on the flash drive but didn't any.
Why did you only select one answer here when several said similar things?