1. Visiting from the US? Why not try DIYnot.US instead? Click here to continue to DIYnot.US.
    Dismiss Notice

corrupted files

Discussion in 'Software' started by Franciszek, 24 Feb 2017.

  1. Franciszek

    Franciszek

    Joined:
    5 Jul 2009
    Messages:
    223
    Thanks Received:
    6
    Location:
    Lancashire
    Country:
    United Kingdom
    I am using Windows 7 and all my files, documents,and photos have become corrupted they have all been modified on the same date and all around the same date and time (not by me) I have tried a system restore I can restore on the same date the modifation took place but cannot find a time before the event took place.
     
  2. footprints

    footprints

    Joined:
    21 Sep 2011
    Messages:
    3,780
    Thanks Received:
    712
    Country:
    United Kingdom
    If you think you may have suffered an attack you should run a full system scan with your security suite, if that fails you can try downloading malwarebytes.
    Link https://www.malwarebytes.com/
    Use the Free version that's as good for scanning and unlike the paid for will not clash with your current security suite.
    If you don't trust links just google it.
     
  3. Have you visited any dodgy sites, or opened up attachments etc. And are you using any AV software. It sounds as though you may have had a rensomeware virus, but you would have had a message telling you how to pay to get the corruption reversed.
     
  4. Franciszek

    Franciszek

    Joined:
    5 Jul 2009
    Messages:
    223
    Thanks Received:
    6
    Location:
    Lancashire
    Country:
    United Kingdom
    Thanks for both replies I have been attacked by RSA4096 will malwarebytes cure the virus or is just to detect? I have researched how to remove manually looks a bit tricky
     
  5. footprints

    footprints

    Joined:
    21 Sep 2011
    Messages:
    3,780
    Thanks Received:
    712
    Country:
    United Kingdom
    Not sure if it will clear the virus at this stage but no harm in trying, what security software were you using? I think some like Norton do a removal service.
    Sorry to hear you have been caught out hope all goes well for you. I won't comment on what I think of the people that do this, it would get me thrown off the site!
     
  6. Franciszek

    Franciszek

    Joined:
    5 Jul 2009
    Messages:
    223
    Thanks Received:
    6
    Location:
    Lancashire
    Country:
    United Kingdom
    Im using Avast The Malware did not remove the virus bit it did get rid of some of the other threats I had
     
  7. footprints

    footprints

    Joined:
    21 Sep 2011
    Messages:
    3,780
    Thanks Received:
    712
    Country:
    United Kingdom
    Sorry it did not clear the virus, I can't recommend any virus removal services, but it would seem the safest and logical route to contact one of the well known names like Norton McAffe or Kasperskey and use a paid for service.
    I think that's what I would try.
     
  8. As you obviously need some AV software, I'd pop into Currys or Tesco for Norton, and see if you can clear it by just running the software from the CD drive. You may still need to resort to the paid services, but in the end, they'll suggest you restore from backups. It's possible that they have a virus undo corruption tool, but I doubt it.

    There are a lot of hits for removal of RSA4096 on google, but be careful in case they do more long term harm than good.
     
  9. bernardgreen

    bernardgreen

    Joined:
    3 Nov 2006
    Messages:
    21,898
    Thanks Received:
    2,016
    Location:
    Bedfordshire
    Country:
    United Kingdom
    Is the data corrupted / encrypted or have the file names been changed to make them invalid ?
     
  10. Neil Henry

    Neil Henry

    Joined:
    8 Mar 2017
    Messages:
    28
    Thanks Received:
    0
    Location:
    Birmingham. United Kingdom
    Country:
    United Kingdom
    Last edited: 9 Mar 2017
  11. Looks like the virus has got the simple steps as well.
     
  12. Neil Henry

    Neil Henry

    Joined:
    8 Mar 2017
    Messages:
    28
    Thanks Received:
    0
    Location:
    Birmingham. United Kingdom
    Country:
    United Kingdom
    Doggit. Do you know how a virus works ? Do you know how they get around a/v's ? Very simple to do and not even Nod32 or Kaspersky could detect them.
    RSA 4096 is an Encryption method and is very hard to crack. There are some Decryption tools out there that will do it, but it helps if you have a background in encryption.

    I am no fan of these skript kiddies who are recompiling these virii and making a few changes to the code to make sure that it is undetected.
     
  13. I don't think you understood the comment Neil; there were no steps in your earlier post to follow.

    But yes, having started in computers over 40 years ago, I do know how virus's work, and I'm still not convinced that all of them come only from the criminal environment. It is a never ending battle between the 2 camps, and the AV community will always lag behind, but better to have something installed, rather than nothing.
     
  14. Neil Henry

    Neil Henry

    Joined:
    8 Mar 2017
    Messages:
    28
    Thanks Received:
    0
    Location:
    Birmingham. United Kingdom
    Country:
    United Kingdom
    My apologies for misunderstaning. I started off learning VB, then C and started writing a load of virii many years ago, but got bored. The majority of the virii you see that have hidden for years have been written by teams and i have seen this on IRC over the years.
    I have Eset's NOD installed with no firewall in place as i monitor my traffic coming in and can quite easily null route anyone who is trying to pentest me for a bug etc.

    And OOPS. I just noticed that i did indeed forget to post the link to the removal help. (Silly Me).

    http://www.removemalwarevirus.com/easy-steps-to-get-rid-of-rsa-4096-from-your-computer
     
  15. Don't worry Neil, I'm now getting old in the tooth, and I'd love to be up at you're level, but I keep my hand in, and have a pretty broad idea on a lot of aspects. Oddly enough, having just gone in the removal link, Malware's blocked the site, and having tried some other sites, it looks as though Malware is trying to stay top dog.
     
Loading...

Share This Page