Page 5 of 5 First ... 345
  • Jump to page:
    #61
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    1
    Rep Power
    0

    windows update restore


    so i've removed the filefix infection from the computer with Grinler's help, but before i worry about the corrupted files i'd love to turn windows update back on but all attempts still fail -


    any advice?
  2. #62
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0
    Originally Posted by aschap
    so i've removed the filefix infection from the computer with Grinler's help, but before i worry about the corrupted files i'd love to turn windows update back on but all attempts still fail -


    any advice?
    Try: http:_SlashSlash_support.microsoft.com/?kbid=326686

    Replace "_SlashSlash_" with "//" . . .forum rules won't allow me to post URL's . . I guess that begs the question as to why I'd even bother helping someone here??????
  4. #63
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    It took two days to remove this virus


    I saw this windows file protection pop up that said my ms office and media files were corrupt. I clicked on the message bubble and it took me to the file fix professional 2009 web site. It looked fishy and cost money so I closed the browser and went on with my business thinking i'd deal with it later. I tried to open a ms word document but it said the software was corrupt and it closed then opened a box containing a very long list of files that it thought were corrupt. Moments later the original pop-up appeared again. I opened the browser to start a google search for the problem and it immediately went to a random financial website (firefox was hijacked) windows defender popped up and said I had a virus. I started to scan my system for the virus but after a few moment a pop up appeared and said my computer was going to shut down in 60 seconds. Every subsequent attempt to remove the virus started the shut down process again. I started doing start->run->shutdown -a. that worked for a while. I'd have to do it every 30 seconds because the virus scan couldn't complete. Plus the virus kept mutating and would stop telling me when the computer was going to shut down. The system would just top responding and restart automatically. Eventually, the virus started to remove the explorer bar when it was going to shut down so I couldn't do anything but watch the system restart. After extensive research, I discovered what files were causing the trouble but the virus locked them so I couldn't delete them manually. I tried to use fileAssassin. That allowed me to remove a few files but they would be reinstalled. Things deteriated to the point that I couldn't even use safe boot. I had to use the xp cd's recovery program and reinstall the infected os files. When my computer was back up and usable i still had the viruses and windows file protection popup. i updated my virus software malwarebytes' anti-malware and super antispyware. I needed both because they detected different viruses. After going back and forth between scanning with the anti-virus programs in normal os mode then scanning in safe-boot i finally removed the viruses. I had several. The virus also changed my internet setting so nothing could connect to the internet. Everything was set to use a proxy and a few different ports and ip addresses. I reinstalled sp3 and checked the the files that were affected. Everything seems fine now. I have never had such an aggressive virus. I think the key is DO NOT CLICK ON THE 'WINDOWS FILE PROTECTION' MESSAGE. If that message comes up close all your programs. update your virus protection software and 'DISCONNECT FROM THE INTERNET'. Run your virus protection program. This virus moves fast and infects everything.
  6. #64
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    181
    Rep Power
    11
    The guide at BC was updated to include a tool that will scan a folder or drive, find encrypted files, and clean them automatically using the technique that Julia graciously supplied.

    The guide can be found here:

    http://www.bleepingcomputer.com/forums/topic212357.html
  8. #65
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    4
    Rep Power
    0
    Thanks so much for your efforts. I can't believe I got my files back!
  10. #66
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    181
    Rep Power
    11
    Looking for feedback to make sure the file decryptor is working properly. Anyone run into any issues or does it appear to be working for you?
  12. #67
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    8
    Rep Power
    0
    Originally Posted by Grinler
    Looking for feedback to make sure the file decryptor is working properly. Anyone run into any issues or does it appear to be working for you?
    First, I'd like to express my deepest gratitude to Julia Wolf, Grinler, and everyone else who worked to defeat this most destructive malware attack, and to develop a tool to enable us to restore our corrupted data files.

    I am in the process of using the tool to repair my damaged files, and have been successful with all affected formats (.doc, .jpeg, .pdf and .mp3). As to the operation of the tool, I have observed that while in use it commands 100% of CPU resources, thus one can't really do anything else on the computer at the same time; also, whereas both the encrypting operation of the virus and the decrypting operation of the Filefix Pro "cure" seemed to do their work almost instantaneously, the "anti-filefix" tool takes substantially more time to work, with the time increasing along with file size. For example, decryption of a .jpg of about 5 MB takes 30 seconds to a minute to complete. (I have quite a few photos to process, so I have been running the tool overnight.)
  14. #68
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    181
    Rep Power
    11
    I will see what I can do about speeding up, but no promises there.
  16. #69
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    4
    Rep Power
    0
    Originally Posted by Grinler
    I will see what I can do about speeding up, but no promises there.
    Filefix itself reads a 0x10000 byte chunk of the file at a time, decrypts it in memory, and writes it back out... Just FYI

    Here are my notes about the decryption algorithm implementation in Filefix Pro:

    http:/ /blog.fireeye.com/research/2009/03/filefix-professional-2009-cryptanalysis.html
  18. #70
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    181
    Rep Power
    11
    Thanks Julia. Will pass the info along to Bobby.
  20. #71
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    This is great. Thank you!!!


    I ran Anti-FileFix and it de-encrypted the rest of my files.

    Thank you so much for this.

    [QUOTE=Grinler]The guide at BC was updated to include a tool that will scan a folder or drive, find encrypted files, and clean them automatically using the technique that Julia graciously supplied.
  22. #72
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    181
    Rep Power
    11
    Originally Posted by roo42
    For example, decryption of a .jpg of about 5 MB takes 30 seconds to a minute to complete. (I have quite a few photos to process, so I have been running the tool overnight.)
    The tool has been optimized and should run much faster now. If you are still decrypting files, please redownload it and use the newer version.
  24. #73
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2009
    Posts
    1
    Rep Power
    0
    I am using the Anti-Filefix and its not working I am not sure whats going on, I selected folder than scan and fix. Though nothing is being decoded.
  26. #74
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2009
    Posts
    1
    Rep Power
    0
    Originally Posted by Lordeluna_2dark
    I am using the Anti-Filefix and its not working I am not sure whats going on, I selected folder than scan and fix. Though nothing is being decoded.
    me too
Page 5 of 5 First ... 345
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo