1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

.jgpg Thumbnails show but won't open after malware removal

Discussion in 'Virus & Other Malware Removal' started by nomadman2001, Mar 29, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, x86 Family 15 Model 107 Stepping 1
    Processor Count: 2
    RAM: 1791 Mb
    Graphics Card: ATI Radeon HD 3200 Graphics, 700 Mb
    Hard Drives: C: Total - 610475 MB, Free - 489520 MB;
    Motherboard: ASUSTeK Computer INC., M3A78-EM
    Antivirus: None

    PC slowed to a crawl so I suspected malware/virus. I used Spybot S&D which didn't help. Found and used Malwarebytes and CCleaner which did seem to work. I realized though, my .jpegs on the desktop wouldn't open but others in My Docs did. Now it seems all .jpg and .pdf files don't open. I can still see thumbnails which leads me to believe there is still something there - encryption maybe? Anyways I realize I may have already gone too far without guidance, please help. Thanks in advance, Jim.
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi and welcome. :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    Will do, and thank you!
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
  5. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    I ran FRST and attached the resulting files. Thanks again.
     

    Attached Files:

  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Your computer seems to have been infected by a Ransomware Virus.

    IDTool:

    [​IMG] Scan with IDTool

    Please download IDTool by Nathan and save the file to the desktop.
    It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
    • Enter the IDTool directory, right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
    • Wait patiently until the cool will collect necessary data.
    • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
    • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
    • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
    Please include that in your next reply.


    Please download the attached file (see below) and save it in the same directory as FRST.
    • Temporarily turn your security programs real time protection.
    • Start FRST with Administrator privileges.
    • Press the Fix button.
    • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
      Please copy and paste its contents in your next reply.
     

    Attached Files:

  7. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    Ran through the steps as directed. Attached are the log files. Thank you.
     

    Attached Files:

  8. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    It seemed odd that the ID Tool log was empty so after the reboot performed by FRST after pressing "Fix", I ran the ID Tool again and got this: (attached). Thank you.
     

    Attached Files:

  9. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Yes. The computer was infected with Cryptowall.

    Unfortunately, we still unable to reverse the damages done by this virus. All your files, in all drives are encrypted, but there is no easy way to decrypt these files. You can read about this virus here:

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

    BleepingComputer.com has created a small utility that will find the Registry key created by CryptoWall and then export its list of encrypted files to a text file for you. This tool will also allow you to backup the encrypted files to another location in the event that you want to archive the encrypted files and reformat the machine.If you wish to generate a list of files that have been encrypted, you can download the ListCWall tool.

    ListCwall can be downloaded from this URL: http://www.bleepingcomputer.com/download/listcwall/

    To use the tool, simply double-click on it and let the program run. ListCwall will search for the registry key that contains the list of the encrypted files and then export them to the ListCwall.txt file on your desktop.

    There is an active CryptoWall support topic, which contains discussion and the experiences of a variety of IT consultants, end users, and companies who have been affected by CryptoWall. If you are interested in this infection or wish to ask questions about it, please visit the CryptoWall support topic. Once at the topic, and if you are a member, you can ask or answer questions and subscribe in order to get notifications when someone adds more information to the topic.

    http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/

    • Run the ESET Online Scanner.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.
     
  10. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    Thank you, I will proceed with the latest directions. You said my computer "was" infected with Cryptowall (no idea why I'm capitalizing that!) - does that mean it's now gone or should I still plan on a complete format and OS reload?
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Read this article. Although we may able to locate the culprit and remove it, it is wrong to believe that the computer will be completely clean.

    If you ran ListCwall, how much damage was done?
     
  12. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    Looks like quite a bit of damage here.
     

    Attached Files:

  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    How is it doing performance wise?
     
  14. nomadman2001

    nomadman2001 Thread Starter

    Joined:
    Mar 27, 2015
    Messages:
    13
    seems fine
     

    Attached Files:

  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Seems that no file was encrypted, or a security program removed the list.

    We need to remove the tools we've used during cleaning your machine

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      [​IMG]
    3. Click Run

    Let me know if there something else I can do for you.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145662

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice