Documents and music files 'ncrypted' - trying to revert the change
Last response: in Windows XP
I have a customer whos PC has been hit with some form of virus/script/whatever. The end result is that all the document (.doc, .ppt etc) and music files have been changed to an unreadable state.
The initial symptom is that the files are renamed to xxxx.doc.NCRYPTED.NCRYPTED.NCYRPTED.NCRYPTED.ncrypted
Renaming the file to remove the rubbish on the end makes no difference as the file is still unreadable - appears the file header has been altered perhaps?
There is also a text file left behind with the following:
"Some files on your machine are encrypted and your private informations were collected and sent to us.
To decrypt files so you could use them again, you have to buy our decryptor.
After you buy decryptor, your files will be decrypted, and we will destroy your private informations from our system, and help you remove malicious software from your system.
To buy decryptor, contact us at: thankyoumuchos@gmail.com or meloveyoug@yahoo.com
If you dont contact us, your private informations will be shared and you will loose all your data."
Normally, I would just run a format & reinstall the system but in this case the customer is desperate to keep their data since they have no backup.
So far I have run multiple virus scans with NOD32 which has pulled off some 30+ infections. I have also run spyware scans but of course this has had no effect.
Goggle has so far been unable to help and I'm not very confident of being able to get this resolved.
Any ideas or help would be greatly appreciated!
Desperate
The initial symptom is that the files are renamed to xxxx.doc.NCRYPTED.NCRYPTED.NCYRPTED.NCRYPTED.ncrypted
Renaming the file to remove the rubbish on the end makes no difference as the file is still unreadable - appears the file header has been altered perhaps?
There is also a text file left behind with the following:
"Some files on your machine are encrypted and your private informations were collected and sent to us.
To decrypt files so you could use them again, you have to buy our decryptor.
After you buy decryptor, your files will be decrypted, and we will destroy your private informations from our system, and help you remove malicious software from your system.
To buy decryptor, contact us at: thankyoumuchos@gmail.com or meloveyoug@yahoo.com
If you dont contact us, your private informations will be shared and you will loose all your data."
Normally, I would just run a format & reinstall the system but in this case the customer is desperate to keep their data since they have no backup.
So far I have run multiple virus scans with NOD32 which has pulled off some 30+ infections. I have also run spyware scans but of course this has had no effect.
Goggle has so far been unable to help and I'm not very confident of being able to get this resolved.
Any ideas or help would be greatly appreciated!
Desperate
More about : documents music files ncrypted revert change
Related ressources
- Trying to revert back to Windows 7 from Windows 8 PLEASE HELP!! - Forum
- "my documents " system folder properties - Forum
- Random freezes - Win 7 - Forum
- Iam trying to access my files on my old hard drive, i can see them all except th - Forum
- Unable to access My Documents folder on old HDD "Access denied" - Forum
the Virus i believe is a win32.gpcode virus.
Ive been researching this problem for 2 days now and there isn't much out there.
According to the Kasparsky AV team (they seem to be the only ones on top of this) its a virus that people have modifed so its hard to keep up with. they also state the data is not recoverable... (but give you recommendations on what might work) :S
if anyone has found different i would love to know as i have a client who was rather upset when i told her she had lost everything.
i have followed this guide below with not to much joy but hopefully it will work for one of you.
PhotoRec may do the job, its hard to tell with the amount of data it brings back.
http://www.viruslist.com/en/viruses/encyclopedia?virusi...
Good luck and if anyone finds out anything more please let me know.
Ive been researching this problem for 2 days now and there isn't much out there.
According to the Kasparsky AV team (they seem to be the only ones on top of this) its a virus that people have modifed so its hard to keep up with. they also state the data is not recoverable... (but give you recommendations on what might work) :S
if anyone has found different i would love to know as i have a client who was rather upset when i told her she had lost everything.
i have followed this guide below with not to much joy but hopefully it will work for one of you.
PhotoRec may do the job, its hard to tell with the amount of data it brings back.
http://www.viruslist.com/en/viruses/encyclopedia?virusi...
Good luck and if anyone finds out anything more please let me know.
Related ressources:
- ForumCPU/Motherboard change without OS re-install?
- ForumSystem crash upod uninstall/disabling of sound card
- ForumShared Documents Now Called " Documents "
- ForumStartup repair could not repair this computer automatically
- ForumProblem Relocating Documents folder to second hard drive in Windows 7
- ForumCant delete pictures from my documents
- ForumMy Documents on ld Hard Drive
- ForumQuestion: Quadraphonic music conversion project!
- ForumSSD Questions Concerning Usage/Setup Recommendations
- ForumHELP!!! Please with Windows XP
- ForumCannot modify/delete/change permissions on a registry key
- ForumAll my system files turn blue
- ForumTrying to install Win98 on new build to get to XP (problem)
- ForumCleaning up unneeded files to speed up XP, which?
- ForumHow do I see hidden files?
- More resources
Read discussions in other Windows XP categories
!
