Over 1 million tech questions and answers.

.ubozbsdl virus extension

Q: .ubozbsdl virus extension

my allfiles viz. mp4, pdf, word, jpg, are chenged to .ubozbsdl virus extension. not open any.
need immediate help.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: .ubozbsdl virus extension

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 42.8

Following the Avast saga few days ago with Win32elf-MZG The following file C:\Program file\Alwil Solftware\Avast\Data\Moved
shows that the SDHelper.dll is infected: SDHelper.dll.vir
Research shows not to open a .vir file, but doesnt say how we can get rid of it. Any help welcome. In meantime tried several antivirus with no results. Attached is HJT log in case you need it. Thanks in advance. HJT log below in case you need it, thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:55 PM, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexp... Read more

Read other answers
RELEVANCY SCORE 42.8

So having two browsers is great and all, that being chrome and firefox, and often using chrome i forget certain things on firefox like how insecure it seems to be! It seems that I have found an extension that acts as a virus of some sort. It's called "Relevant Knowledge". Like any self respecting virus you cant just "get rid" of it quite easily as I have found and it wont let me uninstall it from the firefox browser but I can disable it. However using avast I was able to find it, the virus locates itself in the program files folder and is easy to find, but I could not delete some of the components all of the way, even when using avast to locate and delete some of the components. I am not really sure what this thing is capable of doing but I know of leaving things around for to long when they seems "harmless" and next thing you know you have a brick for a hard drive. So basically after this anecdote, how do I delete it?

A:Firefox Extension virus!!!

Taken from another thread, same subject, by a member here:"The surest way is to post an DDSog and have them be certain there is nothing left.as this malwrae has backdoor capabilities.We need a deeper look. Please go here....Preparation Guide and execute Steps 6 - 9.Create a DDS log and post it in the new topic explained in Step 9, which is Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html If Gmer won't run,skip it and move on."Louis

Read other 1 answers
RELEVANCY SCORE 42.8

Hi i have a serious problem with a virus who passed at my system i send you my hijack log it is very urgent i can't remove this virus and it is very difficult to find when i scan with my antivirus which is not working anymore . Logfile of HijackThis v1.99.1Scan saved at 23:27:30, on 05/10/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\WinZip\winzip32.exeC:\DOCUME~1\Eleni\LOCALS~1\Temp\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.frR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.frR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO3 - Toolbar: Yahoo... Read more

A:Virus extension eraseme_exe

Hi Eleni and welcome to Bleeping. Sorry for the long wait, we've been a little busy around here of late.If you still need help with this, can I ask you to post a fresh log in THIS thread please as the state of play is likely to have changed by now.Keeping Track of Your TopicPlease subscribe to this thread by clicking 'Track this topic' at the top of the thread. Enable email notification to subscribed threads via your Bleeping My Control Panel above. Keep ALL future replies in this thread please.

Read other 2 answers
RELEVANCY SCORE 42.8

Well, fl studio file extension .flp, misteiously losz its default program.
It was not even in control panel >> default programs, extension was missing from windows.

In folder I did not changed to view file extensions, every other extension was not showed, but lets say PROJECT.FLP was showing like this in folder, and was threated like no extension, was threated like if it is just PROJECT and no fullstop and extension behind.

I fixed problem, but now when trying to reproduce again, and if I delete asocciation it will show just PROJECT, not PROJECT.FLP, that was weird problem and I would like to know why this happened?

Read other answers
RELEVANCY SCORE 42.4

Hello Friends
My computer recently got a strange virus
Change the extension of all files (Word, Excel, Photoshop, etc.)

File extensions such as:
10.93.DOCX.kbuibxd
amar.XLSX.kbuibxd
khorasan.XLSM.kbuibxd

Note: Only files with uppercase extensions

Please help me because I have lost important files <email address removed>

Even after changing the file extension, the file is corrupted and can not be opened

A:The virus has changed the file extension.

ebrahim.n65,

Hi and welcome to TSF.

Please note that this is under the supervision of an expert analyst.

Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs (dds.txt, attach.txt and gmer.txt) mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post.

Please Read! "Who is Helping you?"

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Thanks. I can begin working on removing your malware when you submit those logs.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 42.4

Hello FriendsMy computer recently got a strange virusChange the extension of all files (Word, Excel, Photoshop, etc.) File extensions such as:10.93.DOCX.kbuibxdamar.XLSX.kbuibxdkhorasan.XLSM.kbuibxd Note: Only files with uppercase extensions Please help me because I have lost important files (email address deleted) Even after changing the file extension, the file is corrupted and can not be opened

A:virus has changed the file extension.

You also posted your issue today here https://forums.malwarebytes.org/index.php?/topic/164658-the-virus-has-changed-the-file-extension/You should only seek malware removal help at one forum.We ask that you select one forum from those where you sought help and ask the others to close your topics.Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.By Multi Posting you are utilizing the time of two (or more) trained helpers. Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they are researching the log of someone who is already being helped, then their time and effort is going to waste.Understandably this causes a certain amount of bad feeling and frustrationFrom the helper who has needlessly spent time researching your log and compiling and posting instructions.From others who have to wait longer for their problems to be addressed.Advice from two separate helpers can cause problems.A helper at one place has no idea what a helper somewhere else is doing. Different helpers may use different methods to combat your infection. While each one is safe to use, problems can arise if you follow the advice of both together. Some of the tools used are very powerful and have to be used in a specific way and in some c... Read more

Read other 3 answers
RELEVANCY SCORE 42.4

Hello Friends
My computer recently got a strange virus
Change the extension of all files (Word, Excel, Photoshop, etc.)

File extensions such as:
10.93.DOCX.kbuibxd
amar.XLSX.kbuibxd
khorasan.XLSM.kbuibxd

Note: Only files with uppercase extensions

Please help me because I have lost important files

Even after changing the file extension, the file is corrupted and can not be opened

A:The virus has changed the file extension

Probably, the best hope is: any prior to this unfortunate occurance backup. If no backup/restore, then you will have to remake the files. It is remotely possible that a System Restore Point might bring back some but not all your files.

Read other 7 answers
RELEVANCY SCORE 42.4

I was asked to help a friend with an infected computer. It was slow, anti malware programs would not run even in safe mode, Google searches were re directed, regedit would not run, etc etc. The owner needed it up and running ASAP so I suggested a fresh install. I tried to save the personal files and found that all the .jpg, .doc, .pdf and .zip files had the extra extension .encrypt and would not open. Only files with .gif and .tif were not affected.

I did a fresh install of XP Home but could only save .gif and .tif files that were not changed.

I have been searching and posting all over the web to no avail to find out how to unencrypt files like this.

If it happened once chances are it will happen again and I would like to find out if this was caused by an infection and what to do about it.

Any help will be greatly appreciated.

A:File extension changed by virus?

Was the infection, by chance, Filefix.exe?

Read other 3 answers
RELEVANCY SCORE 42.4

Hey there,
 
My docx files on my jump drive have an (echkmwl) extension. It's gibberish code when I open my word docs in Word or Wordpad. Instead of a document that's supposed to be 7 pages, it's 365 pages. Google search returns zero. Is this a virus?
 
If anyone could help, It would be greatly appreciated.
 
Thanks,
 
Martin

A:DOCX.echkmwl extension. Is this a virus?

Hello there,The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolder, TorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQThere is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.To avoid confusion, I have asked a Moderator to close this topic.

Read other 1 answers
RELEVANCY SCORE 42.4

Hello Everyone,
 
I've recently saved a picture from the internet to my computer. It told me the download failed and instead of one file, I got 3 (see picture). Does anyone know what this is? How do I get rid of them? I can't delete them. 
 
Thank you

A:Is this a virus or corrupted files? (.+-4 extension?)

What was the website, and what was the picture of?

Read other 3 answers
RELEVANCY SCORE 42.4

I have a user whose network files are suddenly ending in .axx, showing typical encryption virus signs (network drives, alphabetical order, strange start timeetc). googling it shows this is an axcrypt extension.  which virus is this, and how do I remove it? Thanks. 

A:virus using Axcrypt .axx extension on all documents

I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Read other 15 answers
RELEVANCY SCORE 42.4

In Mid August 2016 a Zepto malware virus got into my computer and converted 16+ years of stored photos to a zepto file extension (it also did the same with some Word documents and PDF files).   I have been told that, as yet, there isn't a solution to convert them back to jpegs, etc., but what is also extremely annoying having lost all those memories, is that the photos shared on the Cloud from before the date of the virus getting into my PC, are not accessible to me either. Can anyone help me to recover these treasured photos (of course not wishing to be blackmailed by the people who gave me the virus in the first place)? A not too techy answer would be be very much appreciated.  Thank you. 

Read other answers
RELEVANCY SCORE 42.4

First, I thank anyone who has time to take a look and even attempt to help with this issue. It has been driving me insane for a week now.
The first sign of trouble was the dreaded random double underlined linked words.
I ran multiple scans of my laptop (running on Windows 7) and thought the issue was cleared. After a day of no issues, the problem returned. I then checked my FireFox (which I use at all times) extensions and add ons, and found something called "Shop-Up".
This extension will allow me to click on "remove". It appears to be gone, the random word links are gone, but upon next reboot, it is all returned. I tried multiple restore dates, none have cleared any of this at all.
I found a page .. somewhere (didn't think to save it grrrr), saying this is connneted to "yontoo".
I went into control Panal, and both programs were listed. Yontoo, uninstalled. Shop-Up, will not.
So, I researched a bit more and found this walk through page:http://www.ehow.com/how_5972350_remove-control-panel-won_t-delete.html
 
I have followed these steps multiple times and found both Yontoo and Shop-Up files hidden this way. Some can be deleted, some not.
Tonight, I went to reboot my laptop and it refused to load again in normal mode.
I went to SafeMode, booted, did a restore, again, and it then rebooted normally. Upon rebooting, I now had a desktop for Error Expert 1.5, which, I have never seen before on my system and don't recall downloading.
Now this program, not only will not uninstall,... Read more

A:Yontoo / Shop-Up (FF Extension) Virus?

Hello -
I have requested that those logs be removed as I think they are totally unrelated -
 
Please read this topic from our quietman7 that explains your description of the problem -
 
Are the double-underlined random words that you are referring to like the example provided in this topic (Post #1)?
If so, this is called in-text advertising and it is very common. Kontera, Text Enhance and Vibrant are are some of the more popular advertising networks that provide in-text advertising and information services.
The double-underlined word is actually a keyword embedded within text of a web page. The keyword is intended to provide consumers with information that is related to what they are reading. When hovering your mouse over this keyword, a pop up ad is displayed with a preview of the ad the text links to. This process works by allowing webmasters to insert JavaScript code into web pages that displays relevant advertisements from an inventory of advertisers.
 
This script scans a web page and dynamically modifies keywords an advertiser has targeted on the page and double-underlines them. The words and the double-lines under them are usually blue in color but it is not uncommon for them to appear in various other colors such as red or green.
The full content of the post is linked below =>
http://www.bleepingcomputer.com/forums/t/510043/chrome-has-double-underlined-words-which-links-to-monstermarketplacecom-etc/#entry3175693
 
Tell us if this explains your ... Read more

Read other 2 answers
RELEVANCY SCORE 42

Hi

My files in the computer - extensions has been changed.

Eg :Test.xls is changed test.xls.rblczpc

I am herewith sending the photo - as word document file.

Please go through and help to me solve the problem

Regards
Ram

A:File Extension Changed - Trojan Virus

Moving thread to Security Center >> Virus/Trojan/Spyware Help
Please read the following article and post the requested documents here.
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Read other 2 answers
RELEVANCY SCORE 42

As you all can see, I got infected by a virus called BackDoor.Win32.Hupigon.Emv which creates a shell extension in Windows Explorer that causes the virus to reinstall itself when C drive is opened. I would appreciate some help on removing this annoying shell extension to rid me of my virus woes
 

Read other answers
RELEVANCY SCORE 42
A:Virus/Spyware Attack change extension

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 7 answers
RELEVANCY SCORE 42

This extension is messing with my browzer from a week , "Unable to connect to proxy server" ( I can't open any website )
This extension is installed by enterprise policy and (This extension is managed and cannot be removed or disabled)
I've already tried the follow programs
Adwcleaner
Malwarebytes anti-Malware
JRT
 
I've also tried resetting , reinstalling the google chrome ( It came back when i opened my email id - maybe because the extensions were saved in my account )

A:MS Updater Virus (Google Chrome Extension)

Hello and welcome.
Your problem may need the browsers reset. Please read these, and note that Internet Explorer 11 should be on your computer.
 
Reset Chrome browser settings - Chrome Help - Google HelpHow to reset Internet Explorer browser settings - Microsoft SupportRefresh Firefox - reset add-ons and settings | Firefox Help
And be sure that all Microsoft Updates are installed...
 
Regards -

Read other 10 answers
RELEVANCY SCORE 42

Hello. My files have got additional .crypted extensions and I can not open them and can not read my documents. Google shows me it can be Nemucod 2 virus, which is distributed now. If there is a decryption tool for it, please write me the download page.
I found on a german site: http://www.virus-entferner.de/2016/08/20/nemucod-crypted-ransomware-virus-entfernen/ that The Windows OS provides a built-in option of recovering previous versions of files. I tried. Without success. May be my PC is old? (6 years)

thanks
 

Read other answers
RELEVANCY SCORE 42

Hello all,

I have this extension called "search solutions" and I cannot manually remove it because it says it is managed by a system administrator. I've tried to scan with malwarebytes and superantispyware and no such luck.

What can I do to fix this? Are there scanners that are free that can actually remove this for me?

Thanks.

A:Chrome Virus Extension Refuses To Be Removed

Looking at this on the Google product forums,

The Search Solutions Extension is a virus

The one solution that was offered that seems to have worked is,



Which points to the Chrome Policy Remover in this link,

Why can't I remove a "Enterprise Installed Extension"?



Which is a .bat file,


Code:
@echo off

IF NOT EXIST %WINDIR%\System32\GroupPolicy goto next

echo Deleting GroupPolicy folder...
RD /S /Q "%WINDIR%\System32\GroupPolicy" || goto error
echo.

:next
IF NOT EXIST %WINDIR%\System32\GroupPolicyUsers goto next2

echo Deleting GroupPolicyUsers folder...
RD /S /Q "%WINDIR%\System32\GroupPolicyUsers" || goto error
echo.

:next2
gpupdate /force

pause
exit

:error
echo.
echo An unexpected error has occurred. ?Have opened the program as an administrator (right click, run as administrator)?
echo.
pause
exit

Read other 3 answers
RELEVANCY SCORE 42

Hello all,

I have this extension called "search solutions" and I cannot manually remove it because it says it is managed by a system administrator. I've tried to scan with malwarebytes and superantispyware and no such luck.

What can I do to fix this? Are there scanners that are free that can actually remove this for me?

Thanks.

A:Chrome Virus Extension Refuses To Be Removed

Looking at this on the Google product forums,

The Search Solutions Extension is a virus

The one solution that was offered that seems to have worked is,



Which points to the Chrome Policy Remover in this link,

Why can't I remove a "Enterprise Installed Extension"?



Which is a .bat file,


Code:
@echo off

IF NOT EXIST %WINDIR%\System32\GroupPolicy goto next

echo Deleting GroupPolicy folder...
RD /S /Q "%WINDIR%\System32\GroupPolicy" || goto error
echo.

:next
IF NOT EXIST %WINDIR%\System32\GroupPolicyUsers goto next2

echo Deleting GroupPolicyUsers folder...
RD /S /Q "%WINDIR%\System32\GroupPolicyUsers" || goto error
echo.

:next2
gpupdate /force

pause
exit

:error
echo.
echo An unexpected error has occurred. ?Have opened the program as an administrator (right click, run as administrator)?
echo.
pause
exit

Read other 3 answers
RELEVANCY SCORE 42

So I mustve downloaded something but ive got an extension on my google chrome now called "SavePages" and basically it constantly pops up adverts whenever I click somewhere on a page.
The extension cant be deleted and i have tried to follow this : http://howtoremove.guide/ads-by-lyrics-removal/
But none of the files shown in it are actually on my computer. Any help would be great
Thanks

A:Google Chrome Extension Virus "Ads By Lyrics"

Hello Oscar19Ross and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do&... Read more

Read other 16 answers
RELEVANCY SCORE 41.6

Hello,
My computer has been hacked with some kind of encryption virus and most of the files are
encrypted with '.crypted' extension. Could anyone please suggest what needs to be done to remove
the virus. This attack happened after a couple of days of the "dllhost" virus attack, and when my
computer's wi-fi was left on for a couple of hours (dllhost was active and attracting more viruses only when I my internet connection was on). I have taken outside help to remove the "dllhost" virus but unfortunately they were not able to decrypt the files.
Any help or suggestions are appreciated.
Thanks.
 

Read other answers
RELEVANCY SCORE 41.6

ive had some viruses lately and i think they damaged my icons

txt file and bat files show up as the icon for a file extension that is not known

i tried lots of programs and none worked please help me

also reg files dont work i click on them and they dont import

Windows Registry Editor Version 5.00 and

REGEDIT4 dont work either

thx in advance
 

A:Txt and Bat extension show up as the not known file extension icon

http://www.dougknox.com/xp/file_assoc.htm

there all the file defaults, use the ones you need, also you should download hijackthis so a mod can tell you whether your computer is still infected

Download 'Hijack This!
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

*Save HJTInstall.exe to your desktop.
*Doubleclick on the HJTInstall.exe icon on your desktop.
*By default it will install to C:\Program Files\Trend Micro\HijackThis .
*Click on Install.
*It will create a HijackThis icon on the desktop.
*Once installed, it will launch Hijackthis.
*Click on the Do a system scan and save a logfile button. It will scan and the log *should open in notepad.
*Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents *of the log.
*go to this thread and post the contents
*DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 2 answers
RELEVANCY SCORE 41.6

Plz help it out
my all ms-office files automatic change to screen saver extension and the file becames not accessable. Also hide extension,and i am unable to change doc,xls etc extension.

A:Ms-office files extension change to .SCR extension

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 41.2

Hi Everyone, I was working on my friends laptop that had a virus. I'm not sure what it was but we ended up backing up the info in the user folder (Pictures, Docs, etc...) and reinstalling Windows 7.
The computer is working fine but, seemingly, all the files I back up now have an added ".tatsyfc" at the end of them, making the computer thing that ",tatsyfc" is a file type. Even after deleting the ,tatsyfc and typing the correct file type (PDF, DOCX, JPEG, etc..) the files won't work, citing corruption. 
I've removed many viruses before but haven't encountered this yet.
 
Any information that could help me resolve this would be greatly appreciated, thanks in advance :D

A:Weird file type extension on files due to virus .TATSYFC

The newest variants of CTB Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolder, Torrent Locker (fake Cryptolocker) or Cryptowall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQThere is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.ThanksThe BC Staff

Read other 1 answers
RELEVANCY SCORE 41.2

Last monday, an unknown virus wreaked havoc on our corparate network, encrypting all files it could find on network shares. This includes jpg, doc, docx, pdf and more of the regular types of files. All these files have been encrypted and the filename renamed from "filename.xxx" to "[email protected]".
 
Has anybody encountered this before? And more important, is there a way to recover the files? Curious thing is that we didn't get any ransomware notification.
 
TIA!

A:Unknown virus encrypted files with "[email protected]" extension

This ransomware infection may be related to this discussion topic:New crypto ransomware <extension>.id-<number>[email protected] the above topic...My client had many files (PDF, DOCX, and JPG) encrypted by the [email protected] ransomware. Yesterday I tried the Kaspersky RakhniDecryptor decryption tool. After 16 hrs on a Core i7 with 14GB of RAM, the tool successfully decrypted all files. The tool requires you to provide an encrypted file with a supported extension, and [email protected] is among them. Your mileage may vary, but it's worth a try.Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that support topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.ThanksThe BC Staff

Read other 1 answers
RELEVANCY SCORE 41.2

Two days ago, I opened my computer to see a ransomware message which displayed the following:

Your Id: 22

YOUR COMPUTER IS BLOCKED. All your documents, text files and databases are securely encrypted.
You can unblock your computer by completing three easy steps.

STEP 1: Buy a MoneyPak in amount of $50 at the nearest store.

STEP2: Fill out the fields on the black screen on your cumputer. Otherwise send as an e-mail at [email protected] Indicate your ID in the message title and provide MoneyPak number.

STEP 3: Check your e-mail. We will send you a program to remove the malware and decrypt your files once payment is verified. Your computer will roll back to the ordinary state.

Q: How I can make sure that you can really decipher my files?

A: You can send ONE any ciphered file on email [email protected] (Indicate your ID and /test decrypt/ phrase in the message title), in the response message you receive the deciphered file.

Q: Where can I purchase a MoneyPak?

A: MoneyPak can be purchased at thousands of stores nationwide, including major retailers such as Walmart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger and Meijer.

Q: How do I buy a MoneyPak at the store?

A: Pick up a MoneyPak from the Prepaid Product Section or Green Dot display and take it to the register. The cashier will collect your cash and load it onto the MoneyPak.
https://www.moneypak.com/StoreLocator.aspx - here you

At the time my computer was using Microsoft security essent... Read more

A:ransomware virus has encrypted all JPG and media files with a .crypt extension

What Microsoft security essentials labeled the virus:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:c:\users\edwards\appdata\roaming\vsdsrv32.exe
runkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\vsdsrv
regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\vsdsrv

Get more information about this item online.

Read other 3 answers
RELEVANCY SCORE 41.2

Hi guys,
 
Earlier today, i have installed some sort of minecraft mod from http://www.zilliontoolkitusa.info/v1539/?product_name=Mouse+Tweaks+Mod+for+Minecraft+1.6.4%2C+1.6.2+and+1.5.2&filesize=XX&product_title=Mouse+Tweaks+Mod+for+Minecraft+1.6.4%2C+1.6.2+and+1.5.2&installer_file_name=minecraftdl_34267&reffer=http%3A%2F%2Fwww.mediafire.com%2F%3Fbsw77o276yhodwx&uuid=tXsengiL57SgcflcIZjEMEgigsnhiC1RFdLLIJNBxdW518uRUJj3bHwRa2ihnZaHpXJlC8RNlJaf9tqCkgH4vlVKw3an3o3x8fttE2qVlt2O3lDV0eJxn756lYwiCWl8nG4QTspa1jqwCthoaCKe11YbNAMgjpSiEoihWM5yy6IMas32gUwozcZEL5xoLdHMnpbeJdLuHG4WVUqE7FPuLAKfaU2OYExaGV20EpL43AL9AkKh4RcgTmkyrkrgWRTLFewbqKCKwwulSsq6N9lyeUmoinl6UQWBleFUNNhMfoKv22LCpeXQW5E2JE1nxIfZG9yKZy39JhhF7e2FpZC9lP7PGuga49faSstpY0UCh0mz8Nol3YyGjutf5HQ8z7ps4fEkFz12dSYWYfT1eV0l93aWTgMcJYVxhg19VZL3X4wM737NxwUlMIwkzLHFRGsuJNVBuAPa6UeqmrSWdrhEOWLPH3Bvep5ICILpdKm91hiDndd5LdCgvTUfGtrutNL6NpNk7H6ZQwJQiJzkXUYazzO6jJymtE1wEn3X3xw4Nfpppa1x8oVmECg0jiXANNUNb7OEbCCDSKV7e6zBRy8AmwesyRxkYJQBXaEwmsBiZgu4L5wsoVmsqL3GhasPl90BieKnOJn3U11uD71kEa1Vcz2KMy5ehyESvAufqn7ZSsSnCVs7WWBucSTBexI2Ipq0xLNgLuhJEjE2GKgWqOkVnEspfrXlHTtT7fncgqg3dIuINYhW73w99bVB1HwwazG0kdi3B3A7lLXZagC1gbzSFh985tfqwF6J6rReAjCgTR5cA602OmCGuAss9Zpd9G8PrkWnVAMtCWoUQL683iuxgmHjJiDlA8rG7CyiWe247EqxhImZHUZuOYVlCTQDWj20b6Zs5Gr9uYzE42DlPpxMZuETeZ4Y9lv8WBjAc0NuYJkgfhCC40F61sHFLTTUD9NExdbPigg4mtPvjFCicr2iFVzt8oB2g8Erf6d1D8wTCEOP9OIPTgYQv7r7HzIjE3Txj52ubkI0sDnaGgNQcaPQu769tpsRdwJqjIDNyD6s8COYuq8LO0YOIoO7SJyMGeNblaiG9GBo3KayD... Read more

A:Downloaded an installer, no virus detected but unknown extension appeared

You can use the two programs linked below to find and remove adware. Allow them to remove whatever they find.
Please post the scan results logs for both programs back here.
AdwCleaner Download
Junkware Removal Tool Download
 
You can block the third party/ ad/ tracking cookies from installing on your computer.
Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET
 
Cleanup your temp files, logs, etc. using Ccleaner. Be sure to UNcheck offers for Yahoo Toolbar and others. No need to use the Registry Cleaner...and it could cause a new problem.
CCleaner - PC Optimization and Cleaning - Free Download

Read other 1 answers
RELEVANCY SCORE 41.2

I ran SuperAntispyware. It found some cookies and a PUP.StartNow.toolbar. Then restarted to complete the disinfection. Windows (Media Center) would never load. I restarted in safe mode, ran Superantispyware again found EXE file association error. Had software repair, restart, still no load. Back to safe mode, attempted every EXE file association fixes I could find, still no load. I have run the DDS tool and can post the log, if needed. Also, I ran the Malware Antimaleware and it found nothing. Please help.

A:Virus?? - exe file extension not work. Safe mode-works

Please post the DDS log as a reply to this topic and I'll merge it to your post above and remove my reply so your topic won't get lost.

Orange Blossom

Read other 3 answers
RELEVANCY SCORE 40.8

Hi, I'm rajesh. and new in this forum, recently some virus infected my windows 7 and windows server data, the virus changed extension to tvnjkam. All my docx, xlxs,jpg,pdf files have extension like "file name.docx.tvnjklm" I have renamed the file by removing added extension but when tried to open the file it says corrupted.after going through some forums it understood it might be infected with ransom ware, so I tried many Antivirus rescue disk but there is positive results so far. Is there any way to restore corrupted files to original state. Thanks Rajesh

A:virus changed file extension and the files shows corrupted while opening

Hi rajeshshinde1795 It seems that you have been infected with a variant of the CTB-Locker/Ctritroni Cryptoware. When it's done encrypting files, it appends an extension to them composed of random generated characters. If you want to read more about CTB-Locker and Critrino, you can visit the FAQ hosted on BleepingComputer at the link below.CTB Locker and Critroni Ransomware Information Guide and FAQThere's also a Support thread currently open and on-going for this infection. In order to keep all the information centralized and avoid having hundreds of threads created for the same issue, you should post in this thread if you need assistance. You can also ask your questions there.CTB Locker or DecryptAllFiles.txt Encrypting Ransomware sets extension to .CTBLGood luck.

Read other 2 answers
RELEVANCY SCORE 40

I got a idea for a Chrome extension, but no where to request it. When you install extensions in Chrome it places all the extensions to the right side of the address bar. My idea is to have a extension bar below the bookmark bar that automatically hides it's self when the mouse isn't hovering over. You can keep the chrome browser screen estate but not have your extensions obstruct room, making things look cleaner.

A:Chrome Extension Idea - Extension Bar

Google Chrome Forums

Read other 1 answers
RELEVANCY SCORE 29.6

Hi; everyone I have opened Dll file as text how can I return it to original extension?
?

A:Dll Extension

Go into the folder where you opened the dll. Hit alt, a bar should appear. Now hit tools->folder options. View tab, uncheck "hide extensions for known file types"

Now rename the file _____.txt to ______.dll.

Or

Open the file in notepad and save it as ____.dll

Read other 15 answers
RELEVANCY SCORE 29.6

hello I have two 2GB files in My Documents with the extension .gi, which I think might stand for global image or similar. I can't open them and want to know what they are so that I can delete them and recover the space if they are not essential. Any ideas please?
I wondered if they might be to do with Acronis backup, or possibly the temporary folder for files burned to DVD - I don't know where to find that in W7 as yet

A:.gi extension

As you rightly guessed, they are image files. You should be able to open them with any CD/DVD writing software such as ultraiso or roxio or isobuster and check whether you need them. Acronis backup files have .tib extension.

Read other 2 answers
RELEVANCY SCORE 29.6

Hey all.
We have a letter in .doc format, but our tender software will only accept it as a .CEN format. I havent found anything for this file type, so does anyone know what is is, or more importantly, how to convert to it? Cheers all
 

Read other answers
RELEVANCY SCORE 29.6

Hello,

I'm running Windows 2000 and sometime during the past couple of months the extension .ink has appeared.

For example, on the desktop I have a folder "Shortcut to Rotas" showing as
"Shortcut to Rotas.ink".

Under "Start", there is:

Windows Update.ink
Set Program Access and Defaults.ink

Under "Programs", there is:

Yahoo Messenger.ink
Acrobat Reader 5.0.ink
Digiguide.ink
Windows Media Player.ink

and so on.

I would be interested in any ideas you might have as to why this is happening.

Thank you.

Bye,
Penny.
 

A:.ink extension

Read other 9 answers
RELEVANCY SCORE 29.6

I can't open a file with the extension .sig. Can anybody help

A:.sig extension

hi what program is the file associated with

cheers brad

Read other 4 answers
RELEVANCY SCORE 29.6

OK i created a back up of my personal files and i had to restore my computer from new so now i dont have nero to open up my back up DVDs, so i was wondering if theres any other way to open the extension *.nba
 

A:extension help

Why dont you just install nero again and restore the disc that way? If you backed it up with that one particular application, there is a large likelyhood you will need that application to open the backups again.
 

Read other 3 answers
RELEVANCY SCORE 29.6

Can I extend my notebook RAM upto 16GB? And, can I change the GPU unit?  

Read other answers
RELEVANCY SCORE 29.6

I cannot load anything with an .swf extension. I have downloaded the latest versions of macromedia flash. I have an AMD 333 processor. Could my machine be too slow for this extension? What happens is it starts to load but just will not finish. Any suggestions?

A:.swf extension

You mean load in your browser right? What browser are you using?

Read other 3 answers
RELEVANCY SCORE 29.6

i have n15-259TX hp notebook with 4 GB ram,can i extend the ram upto 8 gb?????

A:ram extension

Hi, Yes, currently your machine has 4Gb in one slot:      http://support.hp.com/us-en/product/HP-Pavilion-15-Notebook-PC-series/6529948/model/6867322/document... You can add 4GB on the second slot and please buy the same RAM on the first slot to get full benefit of dual channels. Regards.

Read other 1 answers
RELEVANCY SCORE 29.6

This is very iritating, but now, when I put AudioCD in drive it shows me .cda extensions each 1Kb in size. This makes me unable to convert it to mp3 and other because they don,t recognize audio tracks.How to solve this problem
 

A:.cda extension

Read other 8 answers
RELEVANCY SCORE 29.6

Apperantly my system has been tampered with (through the internet) and all of my document files have been changed to a .wps extensions. I changed some of the extensions back to .doc and I found that this posses another problem that may be some type of virus that gets triggered if I make changes to my document. There are some obvious misspelled words and if I correct the word then the whole document will looks like it's misspelled by the red underline mark. Also, most of the documents I've looked at and changed to back to .doc were three pages at most and now they seem to be from 10 to 20 pages (lots of page breaks inserted).

thanks for your input

Jesse

 

A:What is a .wps extension?

Check these 2 sites, one of them should give you the ext and what program uses it and what it is.

http://fileformat.virtualave.net/ext/ext_a.htm
http://www.wintip.f2s.com/indexmain.html
 

Read other 3 answers
RELEVANCY SCORE 29.6

What do I need to do to convert a slideshow with an .ssp extension into a file with a more common extension (that most people can open)? I want to email a short slideshow of my pics to some friends.
 

A:.ssp extension

What created the file with that extension?
 

Read other 3 answers
RELEVANCY SCORE 29.6

A friend received a file with an AWW extension and can't open it, I have tried to locate info re this extension for her with no results. Can you help? Thanks in advance
 

A:The AWW extension

might be an Ability Write file - word processor
http://www.ability.com/sales/products/write.php?ln=en

they offer a trial download
but i'd try changing the extension to .doc or .txt first and see if word or wordpad can open it

http://filext.com/detaillist.php?extdetail=aww found it, nice little wbepage for finding file extensions
 

Read other 2 answers
RELEVANCY SCORE 29.6

I have a family tree that was saved to disc that has an ext of .pro. I have searched to see what program opens it with no luck. The relative I got it from passed away and none of the family can help me out. I will gladly send it to anyone who thinks they can help.

Lost
 

A:.pro extension

PRO Source code file (Prolog)
PRO Configuration file (Pro/Engineer)
PRO Graphics profile file (DOS)
PRO Project file (Terramodel)
 

Read other 1 answers