Super sneaky spy ware

valiant81 · Guru

Super sneaky spy ware

Baz421 · Guru

valiant81 wrote:

Any way one to keep a eye out for, funny thing is that the bug also comes up with a page saying that my computer is locked and if a follow a certain link and pay over money ( ??? ) they will unlock my computer and restore my files.
Funny is i'm using this computer now and can still surf the net, look at the couple of forums that I'm on ( like this one ) and not a problem so far. It's just my photos that have suffered.

-- Edited by valiant81 on Tuesday 22nd of March 2016 08:34:34 PM

Sorry to hear about the problem.

I was only reading a very informative article in a book I think I borrowed, and the so called bug may just be a phurphy (bait) to lead you to download some software "fix".

Your photo problem may be totally different.

EDIT recover paivj I couldn't see this anywhere including Microsoft.

When I had a bad virus I rang McAfee (I was with them - now Kaspersky) BUT Mc Afee gave me a special one off virus scan and it got rid of whatever it was. This was after several remote access tries by their staff.

-- Edited by Baz421 on Tuesday 22nd of March 2016 09:03:55 PM

Baz421 · Guru

Read this as it says you can't convert jpeg to mp3. Maybe some other file extension??????

http://www.file-extensions.org/convert-jpg-to-mp3

Anyway have you opened in safe mode and tried to turn the PC's clock back????

Mutley · Senior Member

Baz421 wrote:
Read this as it says you can't convert jpeg to mp3. Maybe some other file extension??????
http://www.file-extensions.org/convert-jpg-to-mp3
Anyway have you opened in safe mode and tried to turn the PC's clock back????

Spot on Baz, you can't convert jpeg's to MP3's even if you want to.

Valiant, as Baz says, there is NO reference to recover paivj ANYWHERE on the net, if it was a problem, it would be all over the net. I think you have a PC problem, not a virus or malware. At a guess, I'd say that you have an old computer, with a well worn hard drive?

What OS are you running mate? If Windows 8, you can't do the ol' system recovery thingo, but anything before that you should be able to. Your external hard drive is a pretty clever piece of kit & will have backed up your files intact somewhere if you keep it switched on all the time (if not,you should). You just have to find them, search through the folders in your external hard drive.

Once you have them back, I'd recommend that you save them on 2 computers - I save ours on a laptop while travelling & transfer them to the PC once we get home, for peace of mind!

Bushpie · Guru

You mention using Vista ....... This is no longer supported by windows so your problem may be tied in with this .......the last microsoft update for vista was well over twelve months ago.

You would need to reload your computer with a more up to date operating system.......

If you have photos on a seperate hard drive will they show up on someone elses computer with say window7 or 8

Hylife · Guru

Ransom ware viruses have been going around for over 5 years now and still folks believe that they are safe from stupid behaviour if they use an antivirus program.
Car insurance will not stop you from crashing if you don't drive properly and with due care.
Antivirus programs can only do so much but if you recklessly open files you get viruses.
You can only get a virus from a file. You cannot get a virus from an email message which is just text.

This is what I do for a living and over 80% of my work is cleaning up viruses. AV can only protect what is on your PC not what is on someone elses PC. When you are on the web you are not protected for files on web sites. A favourite method of delivery is from a fake email porporting to be from a coutier company requiring you to eith open up a zip file (the zip if OK but the contents were not) or click a link to a web site which then requires you to open up a file.

UNDERSTAND THIS! If you run files over the internet instead of saving them first, your AV program CANNOT scan them and you WILL get infected.
The most common source is web based email such as Gmail or hotmail or yahoomail or your ISP mail from a web interface.
NEVER run files over the internet unless you can 100% trust the source and any mail from courier companies should be deleted immediately as the knock on your door and card you when away, NOT by email.

The bad news I have for you is that the virus is very easy to clean up but your files are permanently GONE. They will have been encrypted by the virus. The viruses choose a random encryption key and use 256bit encryption. This is uncrackable even using all the supercomputers on the planet it would take 1,000s of years. If you paid the ransom even the virus writer cannot de-crypt your files.

These viruses seearch all drives attached to your PC including external drives and mapped network drives and usually target picture files and MS office files such as doc and xls.

NEVER EVER leave your backup drive permanently attached to your PC. That is like keeping the spare keys to the car in the glovebox. When you are locked out you cant get to the keys. Always, plugin, backup, unplug and put away somewhere safe.

Nothing can bring back your files, sorry. :( but there is 3 FREE tools I can recommend will remove these viruses from your PC but you will need to know if your windows is 32 bit or 64 bit. (right click My Computer/Computer/This PC, and choose properties).

1 AVGfree antivirus http://www.avg.com/us-en/download.prd-afh-free

2. Malwarebytes antimalware https://www.malwarebytes.org/dl-confirm/

3. Hitman Pro http://www.surfright.nl/en/downloads/

Desert Dweller · Guru

Buy a decent virus protection like Norton next time & you won't have any problems in the future. We've had it installed on our home PC & laptop for over 10 years, never had a problem. It tends to be a bit bossy sometimes but hey, it's looking after your interests & doing what you bought it to do. Downloading ''free protection'' programs is fraught with danger.

dorian · Guru

As Hylife has said, the "bug" looks like a ransomware virus. You should stop using your computer, transfer your hard drives to a safe computer environment, and copy the damaged files to another drive.

You can safely examine a damaged file with a hex editor. There are several freeware editors. I like HxD.

The start of a JPG file might look like this:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 04 B0  ......JFIF.....

An MP3 file might look like this:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  49 44 33 02 00 00 00 00 11 34 54 54 32 00 00 16  ID3......4TT2...
00000010  00 45 76 65 72 79 74 68 69 6E 67 20 41 62 6F 75  .Everything Abou
00000020  74 20 59 6F 75 00 54 50 31 00 00 0E 00 55 67 6C  t You.TP1....Ugl
00000030  79 20 4B 69 64 20 4A 6F 65 00 54 43 4D 00 00 0E  y Kid Joe.TCM...

Baz421 · Guru

Is it a ransom ware bug as you allude.

If he can still use the computer, where do you solve the problem please?

03_Troopy · Guru

It may have just renamed all the files as mp3 files. Try changing the suffix on one to jpg and see if you can open it.

PeterD · Guru

Bushpie wrote:
You mention using Vista ....... This is no longer supported by windows so your problem may be tied in with this .......the last microsoft update for vista was well over twelve months ago.

Says who? If you had been maintaining your system and including Service Pack 1 then you have support until April 11, 2017 - See this link.

-- Edited by PeterD on Thursday 24th of March 2016 09:18:49 PM

rockylizard · Guru

Gday...

confuse this is what that link shows Peter -

End of extended support is

Windows Vista

Service Pack 2

April 10, 2012

April 11, 2017

Cheers - John

Hylife · Guru

Desert Dweller wrote:
Buy a decent virus protection like Norton next time & you won't have any problems in the future. We've had it installed on our home PC & laptop for over 10 years, never had a problem. It tends to be a bit bossy sometimes but hey, it's looking after your interests & doing what you bought it to do. Downloading ''free protection'' programs is fraught with danger.

Nortons like all other AV products wont protect you against website files if you don't save them to your PC first. Your AV protects YOUR PC, not other computers. If you are using a web browser you are looking at files on another computer and I am sorry to tell you that your AV cant possibly scan someone elses computer.

Almost everyone that I visit for virus problems uses in most cases a reputable AV product but they stupidly open files directly over the web.

JeffRae · Guru

Some of these bugs are easy to remove. Sometimes if you look in the control panel under add/remove programs you may find the rogue program in there. Try uninstalling it to see what happens

You may also have changed the default program that was associated with photos (eg Windows photo viewer) to a program that plays mp3's (eg Media player)

Try right clicking on a jpg file and select properties, under the general tab you can change file association

JeffRae

before the box · Member

Valiant81,,,,,,just a thought as i had similar problem and i believe MP3 is a music side and your pictures may be in a music file with a music background playing as mine went to a slide progrham

-- Edited by before the box on Friday 25th of March 2016 04:33:58 PM

Baz421 · Guru

valiant81 - what happened with this problem please????

I see you have been on line many times since we replied and tried to assist you