1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Files on external drive mysteriously encrypted following XP reinstall

Discussion in 'Windows XP' started by BrooksNYC, Sep 22, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    My OEM version of XP Pro (SP 2) crashed last week, so I reinstalled Windows from the installation CD that came with my Dell laptop, and upgraded to SP 3.

    For years, I've backed up my data to an external drive using simple drag-and-drop (no backup software). Prior to reinstalling Windows, I had no trouble accessing the backed up files.

    After reinstalling Windows, I went to retrieve my data from the external drive, only to discover that two-thirds of the files on the drive were inaccessible. In addition to "Access Denied" messages, the filenames are green, as though they've been encrypted. I've NEVER encrypted my data. Honestly, I wouldn't know how!

    The remaining one-third of the backed-up files weren't affected. To my untrained eye (for what that's worth) the pattern of encryption is random. Sometimes every file in a folder is encrypted. Sometimes only a few are. Sometimes none are. Every type of file was targeted: text....media....graphic....executable....the carnage is widespread.

    When I phoned Maxtor Tech Support, the technician had me click and unclick "Properties" boxes for an hour, before concluding that the problem wasn't with the external drive, but with Windows. More than that, he couldn't, or wouldn't say.

    I'd be so grateful for any help with this, and thanks.
     
  2. stantley

    stantley

    Joined:
    May 22, 2005
    Messages:
    7,091
  3. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    Thank you kindly for the welcome, and for your suggestion. :)

    I followed the "Take ownership" instructions to the letter. To no avail, unfortunately.

    I'm stunned that Windows would encrypt my data without permission or warning. And, as someone who lives paycheck to paycheck, I don't know what I'll do if the only solution is professional data recovery.

    I have other data backed up to CD and a thumb drive, and none of that data got encrypted. So whuh happened?

    ** Sputter! Choke! **

    At the risk of sounding stupid, might another computer be able to read the data from my external hard drive? Put another way, where is the encryption actually taking place — on my computer, or on the external drive?

    I don't even know if that makes sense.

    Thank you again!
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    just out of curiousity, did you ever encrypt your files via windows?

    I.E., right click a folder > properties > advanced > encrypt.

    All well and good UNTIL the windows version changes. You can reinstall from the indentical disk, but it will have a different fingerprint.
     
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    just out of curiousity, did you ever encrypt your files via windows?

    I.E., right click a folder > properties > advanced > encrypt.

    All well and good UNTIL the windows version changes. You can reinstall from the indentical disk, but it will have a different fingerprint.
     
  6. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    Thank you, Valis, and no. I've never encrypted anything from Windows.

    You refer to "versions"....

    The laptop came with XP Pro pre-installed. Dell also sent me an XP Pro installation CD. I used the installation CD to reinstall Windows after my registry went belly-up.

    Shouldn't the CD version be identical to the pre-installed, OEM version?

    When I reinstalled the OS, I upgraded from Service Pack 2 to Service Pack 3. I wonder if that could have caused this mess.....
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    nope. Each install has it's own hashmark, fingerprint, whatever you want to call it. I've had at LEAST a dozen employees where I work encrypt their data, which is all well and good, but you run a huge risk as if you don't have the exact disk it was installed on, that data is going to stay encrypted. I just tell them to back it up to the network, that's more secure anyhow.

    Just out of curiousity, what type of encryption does it say it's using? What happens when you try to access the data, precisely?

    May also want to go to start > run > eventvwr and see if anything has been written there regarding the data, and trying to access it.
     
  8. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    I need to stress again that I have never, ever encrypted my files. Until reading your previous post, I didn't even know HOW to encrypt a file. Using the installation CD that Dell bundled with the new laptop, I reinstalled Windows, and now two-thirds of the data on my external backup drive is encrypted, with NO help from me. We're talking hundreds, if not thousands of suddenly-encrypted files — some dating back several years; others created as recently as a week ago.

    There's no rhyme or reason as to which files were or weren't encrypted. All my iTunes music files were encrypted, for cryin' out loud.....frickin' music files!

    Hmmm.....I'm looking at file Properties, and see no clues as to encryption type. Is there a particular word or phrase I should be looking for? Should I be looking somewhere other than file Properties?

    When I click on one of the files, I get an "Access Denied" message. (The filenames of the inaccessible files are green.)

    I do see a few yellow triangles with exclamation points, but don't know how to interpret the Event Descriptions. There's no mention of encryption or denial of access.

    Could a virus have launched this encryptomania? Think I'm going to have to take the laptop into the shop. Achh! I'm ready to take an UZI to Microsoft.

    I appreciate your trying to help me. Thanks again.
     
  9. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
  10. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    good find, brooks.....that actually helped ME out, as I have been trying to find a way to encrypt them and export the key......thanks, man (assuming that last part, so if I'm wrong, sorry)....(y)
     
  11. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    as for a virus encrypting them, I guess anything's possible.

    CLICK HERE to download the HijackThis Installer:
    1. Save HJTInstall.exe to your desktop.
    2. Double-click on HJTInstall.exe to run the program.
    3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    4. Accept the license agreement by clicking the "I Accept" button.
    5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    6. Click "Save log" to save the log file and then the log will open in Notepad.
    7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
    8. Come back here to this thread and paste the log in your next reply.
    9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  12. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    Right ye be.
    Manly, manly. :rolleyes:

    Just e-mailed you my HijackThis logfile.

    Grateful as I am for your time (and I am, believe me), I think a technician may have to dive into the laptop and also into the backup drive.

    Help me clarify a few key points, if you would....

    If Windows encrypts file "X", and file "X" is backed up to external media, the file retains its Windows encryption after backup, correct?

    Furthermore, the file should retain its Windows encryption regardless of the backup media. That is to say, a Windows-encrypted file should retain its encryption on a backup drive, a CD, or a thumb drive. Right?

    In my case, files backed up to CD and thumb drive are NOT encrypted. They are all fully accessible. ONLY files backed up to the backup drive are encrypted.

    Lastly.....

    Wouldn't a Windows-encrypted file be encrypted on Windows itself? Meaning, on my laptop? In twelve years of computing, I've never encountered an encrypted file on my laptop.

    Cheers, pal. Thanks again.
     
  13. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    correct.

    correct again.

    Dunno about that. What app did you use, or did you just copy it straight across? ANY attributes those files have would (well, should) be copied onto the new drive; i.e., if they've been compressed, they should show up on the new drive as compressed.

    well, that depends. Generally a file must be told what attributes to have. Obvious exceptions are going to be certain system files that you cannot modify; this is to ensure system stability.

    But for it to be encrypted, it must be told to be encrypted. I'll take a look at your log here in a second; if you are infected, I'll post it in here and move the thread to the malware forums.

    thanks,

    v
     
  14. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,260
    brooks, the log looks clean, but that's sort of what I expected; I've not heard of malware encrypting stuff before, just destroying it or deleting it.

    Let's go back to step one. Can you post a screen capture (print screen, copy into paint, save to desktop, upload here) of what happens when you try to click on the files in question? I'm also curious to see this green color they have become.

    thanks,

    v
     
  15. BrooksNYC

    BrooksNYC Thread Starter

    Joined:
    Sep 22, 2008
    Messages:
    9
    Thanks for checking out my logfile, V.

    Straight across. Plain ol' drag 'n' drop.

    Here are links to some screen shots. (They may download slightly reduced in size until you click on them.)

    First, two Windows Explorer screen shots, showing folders and files on my backup drive:
    http://i200.photobucket.com/albums/aa130/SBrooksB/001WindowsExplorershot.jpg

    Screen shot 1: Folders with green filenames contain all encrypted files. Clicking on these files results in an "Access denied" message.

    Screen shot 2: Folders with black filenames often contain encrypted AND non-encrypted files. Why some files are encrypted while others aren't is a mystery for The Ages, since I never encrypted one file, let alone thousands.

    The next three pics show the "Properties" box of an encrypted folder:

    Encrypted folder "General" tab, plus Advanced Settings.
    http://i200.photobucket.com/albums/aa130/SBrooksB/002ENCRYPTEDFOLDERGeneraltabplusAdv.jpg

    Encrypted folder "Sharing" tab.
    http://i200.photobucket.com/albums/aa130/SBrooksB/003ENCRYPTEDFOLDERSharingtab.jpg

    "Security" tab plus Advanced Settings.
    http://i200.photobucket.com/albums/aa130/SBrooksB/004ENCRYPTEDFOLDERSecuritytabplusAd.jpg

    In the "General" tab's Advanced Attributes, "Encrypt Contents to Secure Data" is checked, as you can see. When I uncheck it, I get this message:

    http://i200.photobucket.com/albums/aa130/SBrooksB/005ConfirmAttributeChanges.jpg

    The excitement builds until I click "OK", at which point I get another "Access Denied" message.

    What we'll never unravel, I don't think, is why thousands of files spontaneously encrypted themselves.

    It's all so magical. [​IMG]

    You're kind to help me, V., and don't hesitate to throw in the towel when you've had enough. Between work and fatherhood, I know you've got a busy life!
    .
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/752448

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice