Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

.jgpg Thumbnails show but won't open after malware removal

1K views 24 replies 2 participants last post by  JSntgRvr 
#1 ·
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x86 Family 15 Model 107 Stepping 1
Processor Count: 2
RAM: 1791 Mb
Graphics Card: ATI Radeon HD 3200 Graphics, 700 Mb
Hard Drives: C: Total - 610475 MB, Free - 489520 MB;
Motherboard: ASUSTeK Computer INC., M3A78-EM
Antivirus: None

PC slowed to a crawl so I suspected malware/virus. I used Spybot S&D which didn't help. Found and used Malwarebytes and CCleaner which did seem to work. I realized though, my .jpegs on the desktop wouldn't open but others in My Docs did. Now it seems all .jpg and .pdf files don't open. I can still see thumbnails which leads me to believe there is still something there - encryption maybe? Anyways I realize I may have already gone too far without guidance, please help. Thanks in advance, Jim.
 
#2 ·
Hi and welcome. :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
 
#6 ·
Your computer seems to have been infected by a Ransomware Virus.

IDTool:

Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
  • Enter the IDTool directory, right-click on
    icon and select
    Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
Please include that in your next reply.

Please download the attached file (see below) and save it in the same directory as FRST.
  • Temporarily turn your security programs real time protection.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
 

Attachments

#9 ·
Yes. The computer was infected with Cryptowall.

Unfortunately, we still unable to reverse the damages done by this virus. All your files, in all drives are encrypted, but there is no easy way to decrypt these files. You can read about this virus here:

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

BleepingComputer.com has created a small utility that will find the Registry key created by CryptoWall and then export its list of encrypted files to a text file for you. This tool will also allow you to backup the encrypted files to another location in the event that you want to archive the encrypted files and reformat the machine.If you wish to generate a list of files that have been encrypted, you can download the ListCWall tool.

ListCwall can be downloaded from this URL: http://www.bleepingcomputer.com/download/listcwall/

To use the tool, simply double-click on it and let the program run. ListCwall will search for the registry key that contains the list of the encrypted files and then export them to the ListCwall.txt file on your desktop.

There is an active CryptoWall support topic, which contains discussion and the experiences of a variety of IT consultants, end users, and companies who have been affected by CryptoWall. If you are interested in this infection or wish to ask questions about it, please visit the CryptoWall support topic. Once at the topic, and if you are a member, you can ask or answer questions and subscribe in order to get notifications when someone adds more information to the topic.

http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
 
#15 ·
Seems that no file was encrypted, or a security program removed the list.

We need to remove the tools we've used during cleaning your machine

  1. Download Delfix from here
  2. Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore

  3. Click Run

Let me know if there something else I can do for you.
 
#18 ·
To remove ESET quarantine, click Start -> My Computer-> Local Disk (C:), and then click Program Files-> ESET-> ESET Online Scanner. Click on OnlineScannerApp. Start a scan and stop it. Click on Delete Quarantine, then on Finish.

Remove any other tool left.
 
#21 ·
Every file on the ListCwall.txt is encrypted. You can backup those files, in case we are able to find a solution in the near future or delete them. I don't believe there is good document to backup in your system. This is Windows XP. No support is available for this Operating System.

Reformatting shouldn't be an option, chances are the OS wont activate.

So, let me know.
 
#22 ·
So, sounds like time for a major overhaul. New OS and back up anything I don't have elsewhere. Much of it can be purged, like music and old school file from my kids. Some pictures are valuable, I'll keep the faith for those to come alive again some day.

To be clear though, I am in good health at the moment? Thanks.
 
#23 ·
I believe the computer is in good health. I would recommend AVAST as an Antivirus.

Here are some suggestions.

  1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
  2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
For information and guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top