Files became ENCODED...?

sevenelsevenel
edited April 2011 in Science & Tech
Hello,
Not sure where to post this..feel free to move if necessary.

My friend recently had a problem with a possible virus that altered most of her files into file types called ENCODED, which I'm not very familiar with. She ran AVG and Spybot, which found some viruses/malware, and deleted them. Unfortunately, the files (pictures, music, documents, and even Windows Media Player) only open with junk fonts. We've had no luck finding a solution. Anyone know what caused this, and how/if there's a fix for it?

Thanks!

Comments

  • ThraxThrax 🐌 Austin, TX Icrontian
    edited April 2011
    Post a screenshot of these files, please.
  • sevenelsevenel
    edited April 2011
    hey thrax, thanks for helping me out again, granted it's not for me specifically this time, haha.

    what exactly do you need a screenshot of? the files opened as the gibberish? the "properties"? or the icons as they appear on screen?
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited April 2011
    The icons, file extension and properties interface, please.
  • sevenelsevenel
    edited April 2011
    http://i1098.photobucket.com/albums/g366/jmbclh/ScreenCapture.jpg

    Before, she said the icons actually showed a preview, not the 'icon' it shows now.
  • sevenelsevenel
    edited April 2011
    thrax? ...anyone?
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2011
    Have you tried renaming the files to get rid of the ENCODED extension?
  • TushonTushon I'm scared, Coach Alexandria, VA Icrontian
    edited April 2011
    You would need to disable (uncheck) the option "Hide known file and folder types" under Folder options. I imagine renaming every file that was named by this will be rather annoying with a recursive script.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2011
    They have free programs like Rename-It that will easily handle the name extension changes.
  • sevenelsevenel
    edited April 2011
    thanks for the response guys.

    ok, we tried renaming. the files were turned into ***.jpg.ENCODED for ex. we removed the .ENCODED part, leaving the .jpg and it opened up the viewer with the message "Photo Gallery cannot open this file. The file appears to be damaged or corrupted". I tried with an Excel file too, and it opened Excel with a similar message. I tried with a word doc, and it opened up in word as a bunch of different characters.
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2011
    Unfortunately I think you're out of luck: http://www.net-security.org/malware_news.php?id=945

    //EDIT: http://www.securelist.com/en/descriptions/old313444

    You can use file recovery software to try to recover the lost files. I would save them to an external drive, then wipe the PC and reinstall Windows. Also, make sure your friend's PC is fully protected with a good anti-virus. It's worth paying for one, just make sure it's not McAfee or Norton.
  • sevenelsevenel
    edited April 2011
    she has AVG, and SpyBot, possibly AdAware also. i don't think whatever the virus is/was is related to those 2 links. this doesn't have _CRYPTED anywhere, and theres no ransom messages. i'll look into trying to recover the files, granted if they're "corrupted", can they even be recovered?
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited April 2011
    It may not be that exact strain of ransomware, but it fits the profile. Your friend might not have seen the "ransom note." The jumble of characters is typically what you would see in an encrypted file.
Sign In or Register to comment.