This is weird. I have a folder that all downloads go to when the finished and I open them from that "Downloads" folder. Been doing it that way for years. Last evening while "Search and Destroy" was running I went to that folder to weed out some older downloads. What I found was that all the zipfiles had been renamed with an added ".crypt" extension. I decided not to mess with it last night so after S&D finished I shut down the system and went to bed.

This morning I looked again and since it wouldn't just open the zipfiles I tried removing the added extension. The zipfiles again showed the "Izarc" icon and so I figured, I'd open one to see what had been added, if anything. Well, there's nothing in the zipfiles. Even though the "properties" shows to be the correct size, when I open it, there's nothing there. Anyone ever run into this before?

shivers running along my spine

Try adding the crypt extension back to one of the files and then right click on the file, select Properties and see what Type of file: and Opens with: tells you.

Interesting....
a quick search found references to apparently legitimate file-encryption software (a couple of different programs) that use the ".crypt" file extension and most seem to do low-level encryption with password protection. It's possible that something has innocently 'hijacked' or reassigned your file extensions ( Like Adobe did with .air files) but I couldn't find anything of this nature. If you have not installed one of these (?) there is another possibility with less-pleasant overtones:

I also found several references to a type of malware called "ransomware" which generally seems to be a trojan-type that encrypts files and then places a (normally) .txt -type file offering to decrypt your files after payment of a fee ($10 to $300)

These references are not necessarily new. The related blog on the Trend Micro site dated from 2007 http://blog.trendmicro.com/?p=12179 while another similar entry from the Russian Anti-virus software company Dr.Web was posted in 2008 (Dr.Web has an add-on approved for Firefox so it seems legit but also seemed to be of dubious support so this is info-only.)

While you may have a simple problem with a simple cure, further research may be in order...

Rob6

This doesnt sound good. I hope you get things worked out. Keep us informed Falcon.


I remember, years ago, uploading a file to AVSIM via a FTP window. I had seen a new plane upload and clicked on a file to read about it (I shouldnt have, I know) and something started turning all of my files in my computer into TXT files. I quickly unplugged my computer, but had to spend the next 2 days reloading windows, (damage had already been done). I lost my Fairchild 24 files (source files) that evening.


Lets take these freak virus makers and drop them off in North Korea in one of those prisons!

You have the Trojan.Encoder Virus...
http://multimediaforensics.com/2011/03/18/ways-to-decrypt-files-encrypted-by-trojan-encoder-virus/

http://www.techsupportforum.com/forums/f10/recover-the-file-infected-by-crypt-virus-289664.html

Well, I believe I am royally screwed. After checking through the system, many file extensions have the added ".crypt" extension, to include all "rtf, xml, doc, txt, zip" and a few other files. Because of that. . . .guess what no longer runs. . . .yep FSX, because it can no longer read necessary xml files. I did a search using a wildcard "*.crypt" and it didn't find a single file, so apparently the "crypt" extension is basically invisible to any type of search including "Adaware, Search and Destroy, Malwarebyte and my personal favorite (because I actually paid for this about 2 months ago) "Avast Antivirus Software". . . .which reminds me every time it initializes at boot-up, that my system is "Secure". So much for keeping an eye on my system. . .thanks avast.

Damn!

I've pretty much given up on Avast! an AVG. Anyone who owns Windows Vista or Windows 7 should get copies of Microsoft Security Essentials. The program is quite low priority, but seems to be very powerful. It's protected my systems for the last couple of years successfully.

I've pretty much given up on Avast! an AVG. Anyone who owns Windows Vista or Windows 7 should get copies of Microsoft Security Essentials. The program is quite low priority, but seems to be very powerful. It's protected my systems for the last couple of years successfully.

Another +1 for MSE. Prior to this I'd tried every AV on the market. I settled with Kaspersky in the end and when my time limit ran out a couple of years ago,tried the switch to the freeware MSE. I've got it installed on all of my Windows systems now and have never had any bugs invade them .:icon_lol:

I've been running Kapersky for a few years, and for awhile had MSE going concurrently. But, it seems Kapersky and MSE don't like each other, so MSE went byebye. I do like MSE, but Kap is better I think.

Sorry to hear about this, Ed.

. . . . .Sorry to hear about this, Ed.
Thanks. It appears that I might have to completely wash the HDD's clean and start over because it hit not only the drive that the OS is loaded on but also the one that FSX is loaded on. I thought about doing a restore, but with a virus, I don't know if that will work.

It seems that some version of Trojan.encoder is the likely culprit but I can find no simple, public fix. A variety of AV sites list one or more variants affecting various types of files and with varying nastiness !

One thing to consider is that by piecemeal messing with the culprit it may get worse (for example):
http://community.norton.com/t5/Norton-Internet-Security-Norton/Trojan-Encoder-33-FileError-22001/td-p/51805

Even the standard process of automatically identify/stop/quarantine/remove can make it difficult or impossible to restore the corrupted files.

From what I can see Ed, if you have a commercial AV program, go straight to their support desk and let them do their magic. I don't know how good the support is for freeware AV programs or whether you'd even get help in near-real time

. . . . . . .From what I can see Ed, if you have a commercial AV program, go straight to their support desk and let them do their magic. I don't know how good the support is for freeware AV programs or whether you'd even get help in near-real time
Yep already did and after some scanning of a few of the infected files, they determined that this is a totally new kid on the block. It's "Ransomware" but this version is new aparently, it affects your computer files and leaves behind a ransome note which basically advises you that for $300 they will send you the decoder for your files. If they don't receive the money, or an answer within a specific time period, then in some cases the virus will begin deleting one file every 30 minutes until the problem is corrected to their satisfaction. lol

Another minor problem is that as far as starting over is concerned, I am limited to whatever I have backed up on Cd's and DVD's because even though the computer itself is not affected and actually shows no outward signs of being in trouble, the virus renamed ever single file I would have needed to back up, such as zip's, pdf's, rtf's, xml's, docs, txt and so on. I have accumulated so much software that it would be virtually impossible to get everything. I will transfer what I can to DVD's, especially all my scenery work and liveries, but everything else. . . . . .I've backed up the PST file from MS Outlook and that has just about every license and proof of purchase to everything I own. . . .oh yea, I almost forgot. . . .all the key files from vendors like Flight1 and a few others. . . .all those were renamed as well, so I can't even grab those to hang onto, lol.

I will most likely be gone starting sometime today until I can get my system cleaned (reformatting both drives). FSX no longer functions and that's about 90% of where I spend my time. The encryption virus hit so many files that backing up is useless at this point. It would take longer to weed out what's good and what's not than to just start over. I'm attempting to transfer as much as possible to DVD's right now, but just the sheer number of things I have loaded (utilities, tweaks, addons,) dictates that a lot will be lost and then re-found/re-discovered over time after I start reinstalling stuff. Adios!!:salute:

Hi Falcon, come back soon!

Ed, wow, what a thing to have happen.
Considering the new-ness of the infiltration, I would think that the Adware,spyware,malware companies would be all over this one.
It makes me all nervous to read what you're going through knowing that it could potentially happen to my system also.
I, like others had mentioned have tried several pay and free anti-(insert name here) programs over the years.
Since I upgraded from XP Pro to Windows 7 Ultimate, I heard about Microsoft Security Essentials. And after reading in-depth about how affective it was, decided to try it.
I've been using it from day one on the new machine. Haven't had a bit of troubles like other programs I've used in the past.
Of course, like anything they all eventually get exploited. So far it's been rock solid in all aspects.

I honestly would hate to be in your position. I have to one extent or another.
But after my experiences I started backing things up on dual external drives that have off/on switches that I control. Off when not needed.

What a mess.
Good Luck.

OB