Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.


*

mamoto

  • *
  • 2
  • +0/-0
      • View Profile
  • Publish
  • I want to know the ransoncrypt attack my files rar
    « on: May 10, 2017, 01:11:32 pm »
    I have just discovered that some files on an external hard drive that I use to save files as backups have been modified, and have changed the name and its extension by numbers and letters randomly. Initially they were rar files. I guess it was made by some ransoncrypt but I do not know which one. Would anyone tell me by what could have been made it, and if there is any tool to recover the files?
    Thks.

    *

    Execute

    • *****
    • 211
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: I want to know the ransoncrypt attack my files rar
    « Reply #1 on: May 12, 2017, 06:46:48 pm »
    There are a few ransomware viruses that encrypt files and place them inside a .rar archive.
    You have changed the extension, but have not said what full name and extension the virus has placed on your files.
    Also, there should be a ransom note message somewhere around the locked files with instructions or information about the ransomware virus.

    One such recent virus that comes to mind is All_your_documents.rar and you can read more about it from the article here:

    http://sensorstechforum.com/all_your_documents-rar-virus-remove-restore-files/

    Kind Regards,
    Execute
    There is no place like 127.0.0.1

    *

    mamoto

    • *
    • 2
    • +0/-0
        • View Profile
  • Publish
  • Re: I want to know the ransoncrypt attack my files rar
    « Reply #2 on: May 23, 2017, 11:00:09 am »
    Thanks for your reply, the new names files are numbers and letters without any sense, and also the extension of the archives are the same.
    Also, the archives are stored in a hard external disc (usb conexion), and no message is showing after the attack.
    All it's very strange but after using a recovery tool to missing archives, I could descover that the original archives were deleted at the same time were created the new encrypted archives (the time of the two actions are the same). Unfortunately, I could'n recover the original archives with the program RECUVA (and also another more that I tred).
    I hope this information add data to your diagnosis. I read your suggested article, but don't match with my case.
    Regards.

    *

    Execute

    • *****
    • 211
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: I want to know the ransoncrypt attack my files rar
    « Reply #3 on: May 23, 2017, 01:22:25 pm »
    Hmm, that is quite interesting. Sad that you couldn't recover files with Recuva. Just don't reformat the drive so you could keep trying such Data Recovery programs. That is indeed helpful information, but can't really remember a ransomware that did that. If I remember anything I will be sure to write about it here.
    There is no place like 127.0.0.1

     


    Facebook Comments