Text Files Turned To Gibberish

Heerlo · Oct 27, 2014

So I happened to look at one of the many text files on my PC, and found that it has been corrupted into complete gibberish, with many strange characters replacing what had been written(example at bottom of post). Upon further examination, I discovered that evidently all my .txt and .rtf files have the same problem.

So does anyone have any idea what could've caused something like this and how to fix it? I have alot of documents that I'd like to keep. I Googled this, but couldn't find anyone else who had experienced this problem. Any help would be appreciated.

aimeeandbeatles · Oct 27, 2014

Do you have another word processor to test it with?

Heerlo · Oct 27, 2014

I downloaded a freeware text-reader program, but it has the same problem.

I think I may have been hacked, because I received a suspicious email on October 17. That same day, a certain text file was created on my PC(though unknown to me at the time) that mentioned my files being corrupted. Allegedly trying to help me, the instructions led me to a site that wanted me to pay for something that evidently cost a thousand dollars to buy, but supposedly would fix my problem. I, of course, didn't go through with it. Evidently, these people who hacked me then pretended to try to help me fix it, probably just wanting my money.

So if anyone knows a way to reverse this that doesn't cost a thousand dollars, please let me know. :crazyeye:

aimeeandbeatles · Oct 27, 2014

Ah, sounds like a rogueware. I expect it corrupted/possibly replaced your files -what happens to your files looks an awful lot like what happens if you open a random file in a text editor. From now on, make sure to keep a backup and be careful with this crap. You can try MalwareBytes Anti-Malware (hasn't failed me yet), but your best bet here is to go for a system wipe. Whatever you do, don't pay it - it won't work and it just encourages them.

Heerlo · Oct 27, 2014

Thanks for the advice.

The email said that I had a voice mail, but when I downloaded it the file had the screensaver extension. Looking back, doing anything at all with that email wasn't smart, but my curiosity got the better of me. I deleted it, but evidently the damage had already been done.

Another question: Since I deleted it, do you think there's any chance these people might still have access to my files?

aimeeandbeatles · Oct 28, 2014

If there's malware still on the system, they probably can get access to it or continue screwing up things. As I said, best bet is a system wipe.

Off-topic a bit: seeing as you seem to be a writer, you might want to check out FocusWriter.

Heerlo · Oct 28, 2014

I've discovered that a good many other files were effected by this, as well as a number of copies of the text file that's supposedly there to help you.

Nothing else seems abnormal yet, but I'm gonna keep my eyes peeled for anything suspicious.

Yes, I have done some writing, though mostly just Civ stories here on the forums. I have thought before about getting deeper into writing, so I might check that out some time.

warpus · Oct 28, 2014

This was just sent around at my work by the head of IT:

ALERT:
This week some Western academic and business units have been hit hard by a new variation of ransomware known as 'Cryptowall'. This has resulted in a loss of important data or financial loss.

http://www.techrepublic.com/article/cryptowall-what-it-is-and-how-to-protect-your-systems/

Ransomware is software which scans a computer encrypting all data files it finds, basically hijacking the data. Unless backups exist, this data is unrecoverable unless payment is made to the virus author.

Sounds like this might be what you're experiencing.

Heerlo · Oct 28, 2014

Yep, that definitely looks like the same thing. I'm trying to find a way to remove it if possible.

Quintillus · Oct 28, 2014

Yeah, it sounds like ransomware to me. There was a pretty nasty one in 2013 that would encrypt files, and charge a $300 ransom to unlock them. The nasty thing is that even if you are able to remove it with anti-virus software, your files are often still encrypted.

At this point, your best bet may be to re-install Windows. If you do have an external backup hard drive or flash drive, do NOT connect it until you are 100% sure the malware is removed, as if it is still present it may very well start encrypting your backup as well. If you have existing unaffected files that you would like to back up before taking the nuclear option (re-installing), you'd probably be best to burn them to CD or DVD or something of that sort - but not an existing drive you use for backup.

aimeeandbeatles · Oct 28, 2014

I remember that. CryptoLocker I think?
I think that they said you had to pay up within a limited amount of time or they'd delete the key and then you'd be crap-outta-luck.

Quintillus · Oct 29, 2014

aimeeandbeatles said:
I remember that. CryptoLocker I think?
I think that they said you had to pay up within a limited amount of time or they'd delete the key and then you'd be crap-outta-luck.

Yeah, that was the name of it. And that's how it operated, too. I think it was 3 days? After that they'd delete the key from their servers, so even if you tried to pay after that you were out of luck.

aimeeandbeatles · Oct 29, 2014

I remember there being one silver lining though: It added a registry key to execute the malicious stuff at startup. If you caught it in time and removed it from the registry it wouldn't run at all. Also some security firm got a hold of the keys and is providing the decryption for free.

Text Files Turned To Gibberish

Heerlo

Jedi Master Hearlo

Attachments

aimeeandbeatles

watermelon

Heerlo

Jedi Master Hearlo

aimeeandbeatles

watermelon

Heerlo

Jedi Master Hearlo

aimeeandbeatles

watermelon

Heerlo

Jedi Master Hearlo

warpus

In pork I trust

Heerlo

Jedi Master Hearlo

Quintillus

Archiving Civ3 Content

aimeeandbeatles

watermelon

Quintillus

Archiving Civ3 Content

aimeeandbeatles

watermelon

Similar threads