Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Files corrupted: .crypt [Solved]


  • This topic is locked This topic is locked

#76
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
next...

Attached Thumbnails

  • Iaekmmc.mmc.JPG

Edited by 460jetboat, 24 June 2012 - 02:06 PM.

  • 0

Advertisements


#77
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

Hope I didn't keep you waiting too long. I want you to delete both the ieakmmc and ieakmmc.chm files from the C:\Windows\help folder.
Just right click on a file and click Delete on the menu that pops up.
Click Yes on the Delete File window.
If you get a message that you can't delete a file, let me know if it is the encrypted file.

Then extract the ieakmmc.chm file into the C:\Windows\Help folder again.
Then try to uninstall IE8 again. If you receive a message like you got the last time that a file couldn't be read or is missing, cancel the uninstall and let me know.
  • 0

#78
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
GD,
Okay, deleted the files as you requested.
Then tried the zip file and it would only install ieakmmc with the same dates as the one shown above, with the exception that it shows last access as being today.
There is no ieakmmc.chm

Upon attempting to uninstall IE it of course hangs and wants the nonexistant file.
Had to do sys. restore again to make IE work.

KEn

Edited by 460jetboat, 25 June 2012 - 01:11 PM.

  • 0

#79
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I think I see what is happening. Try this.

Extract the ieakmmc.chm file to the desktop.
That should put a folder on the desktop named ieakmmc. Open that folder.

Now right click on the ieakmmc.chm file and click Copy.

Then open the C:/Windows/Help folder and right click inside it and click Paste and see if that will put the ieakmmc.chm file there.

Edited by godawgs, 25 June 2012 - 02:34 PM.

  • 0

#80
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
GD,

Okay, check inside the zip file you told me to download. There is only one file in there. (see attachment)
I've even downloaded it again. the ieakmmc and there is no ieakmmc.chm

Ken

Attached Thumbnails

  • zipfolder.JPG

  • 0

#81
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

I'm consulting with my instructor. This is so weird. I have downloaded the ieakmmc.zip file with Firefox and IE8. When I double click on the ieakmmc.zip folder the file inside is ieakmmc.chm. When I extract the ieakmmc folder from the zipped folder the file inside is ieakmmc.chm

I'll be back.
  • 0

#82
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
LOL....how ya like me now???

could it be possible that the trojan is screwing with it?

Also, I was trying to find this file on the internet (no luck) to see if I could just copy & paste it into C:\windows\help and came across several posts that you have to uninstall SP3 before IE8 can be uninstalled, if it were installed after SP3.
You probably already know all about this, but thought I'd mention it just in case.

Would it be possible to PM/email me the ieakmmc.chm file so I could copy & paste it?

Ken

Edited by 460jetboat, 25 June 2012 - 07:28 PM.

  • 0

#83
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Well you gotta admit it's been interesting so far. I've just never come across a file with an extension inside a zipped folder downloading and the extension is gone. I don't know if this is telling us that the ransome ware that started this whole thing is still on the system or something else is going on. But I have a feeling that my instructor or one of the staff members has run into this problem before.

We'll see!
  • 0

#84
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Well, to add to this, I've created a couple of .doc files with word & loaded a few pictures to the computer since this happened and they are staying useable.....
  • 0

#85
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,


came across several posts that you have to uninstall SP3 before IE8 can be uninstalled, if it were installed after SP3.
You probably already know all about this, but thought I'd mention it just in case.

Yes, I'm aware of that, but my research shows that if SP3 was installed after IE8, there won't be an IE8 entry in Add/Remove programs. That's why you have to uninstall SP3 before you can uninstall IE8 in those cases.

I'm sorry to be the bearer of bad news here. but the consensus is that the ieakmmc.chm file not downloading properly is an indication that the ransome ware, or at least part of it, is still on the system.

Since we've looked everywhere we can think of to look and still haven't found it the only safe course now is to reformat and reinstall the system. That will remove everything and that includes the ransome ware files that are still hiding.

The best guess is when you ran ComboFix it removed the key and password that was needed to find the dropper file.

If you still want to have the ieakmmc.chm file e-mailed to you and see if it will work I will ask my instructor. But if he thought that would work, he probably would have suggested something like having you get a copy of the ieakmmc.chm file for IE8 from someone you knew and trying it.

Just let me know if you want me to ask him and I will.

Otherwise, I can help you with saving your data and the reformat and reinstall if you want me to, just let me know.

I'm sorry we couldn't save the patient this time. :upset:
  • 0

Advertisements


#86
460jetboat

460jetboat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Godawgs,

Well I cant say that this is good news...but not totally unexpected either! lol

I can't begin to tell you how much I appreciate your dilagence & assistance.

I'm going to think about how to procede for a couple of days here...I've got quite a lot of business files on here, and quite a lot of pictures too which I really hate to loose.

If you were unable to find the ransomware, and we save files, how do we know that it is not going to be in some of the files we save??



Kne
  • 0

#87
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Ken,

I can't begin to tell you how much I appreciate your dilagence & assistance.

You are welcome. I'm just sorry that we couldn't clean the system.

If you were unable to find the ransomware, and we save files, how do we know that it is not going to be in some of the files we save??

That's a good question.
The encrypted files wont let you open them so they can't re-infect. You just need to make sure that you don't back them up. Most of this type of malware injects itself in a .exe or .dll file, so don't back any of those up. The format will then wipe those files. The ransome ware puts an e-mail address on the system so you can send them your money. The format will get rid of those as well. Don't back up any html files.....these are web pages.

Other than that you can back up any photographs, docs, business files, ect.


These are the files from your My Documents and Desktop folders that OTL found. There may be other files that are encrypted. I would try to open any picture or business file that I wanted to back up and see if it will open. If it doesn't open, don't back it up.

The files that are part of Windows that the malware has infected will be removed with the Format.

[2012/05/31 14:45:07 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image005.jpg.crypt
[2012/05/31 14:45:06 | 000,237,734 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image004.jpg.crypt
[2012/05/31 14:45:05 | 000,321,763 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image001.jpg.crypt
[2012/05/31 14:45:05 | 000,310,995 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image003.jpg.crypt
[2012/05/31 14:45:05 | 000,283,585 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\image002.jpg.crypt
[2012/05/31 14:45:04 | 000,557,850 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Denise_&_Barbara[1].jpg.crypt
[2012/05/31 14:45:04 | 000,278,089 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\HULL-71053.jpg.crypt
[2012/05/31 14:45:04 | 000,237,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ferryreceipts.jpg.crypt
[2012/05/31 14:45:04 | 000,038,467 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\ATT00001.jpg.crypt
[2012/05/31 14:35:05 | 000,008,403 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\windshield relay.jpg.crypt
[2012/05/31 14:35:04 | 000,702,847 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\R1100RS Engine Schematic.jpg.crypt
[2012/05/31 14:35:03 | 000,152,027 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Motorcycle's covered.jpg.crypt
[2012/05/31 14:35:02 | 000,107,479 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\HULL-71053.jpg.crypt
[2012/05/31 14:35:02 | 000,047,782 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\KensN20SchematicEM1.jpg.crypt
[2012/05/31 14:35:01 | 000,065,173 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Ford Valve Adjust.jpg.crypt
[2012/05/31 14:35:00 | 000,052,158 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\electrK11.jpg.crypt
[2012/05/31 14:34:59 | 000,048,213 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\ceiling_cat.jpg.crypt
[2012/05/31 14:20:48 | 000,000,257 | ---- | M] () -- C:\user.js.crypt
[2012/05/31 14:15:39 | 002,847,409 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Timely Tips 1974-1979 Manual 9-51610_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,465,860 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering and Front Axle Manual 9-50392_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,319,151 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Steering & Axle Manual 9-50391_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,304,730 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\E-Z Clutch Manual 9-51081_watermarked.pdf.crypt
[2012/05/31 14:15:39 | 000,155,936 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\17 Eggs and Vegetables Breakfast.pdf.crypt
[2012/05/31 14:15:17 | 001,966,636 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\WhatYouMustKnow_PresentationNotes.pdf.crypt
[2012/05/31 14:15:15 | 020,521,787 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-homedefense.pdf.crypt
[2012/05/31 14:15:03 | 021,412,620 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\uscca-holster.pdf.crypt
[2012/05/31 14:14:59 | 001,402,884 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\pistol_accuracy_made_easy.pdf.crypt
[2012/05/31 14:14:58 | 000,661,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Marlin rifle.pdf.crypt
[2012/05/31 14:14:58 | 000,479,469 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Piaa910.pdf.crypt
[2012/05/31 14:14:58 | 000,364,975 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Oilhead_Maintenance_2-25-02.pdf.crypt
[2012/05/31 14:14:57 | 002,005,560 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\IBR2011.pdf.crypt
[2012/05/31 14:14:57 | 000,133,090 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Engine oils that meet Audi Oil Quality Standards 502 00 - 505 01 - and 504 00 - 507 00.pdf.crypt
[2012/05/31 14:14:57 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Fehlercodes VAG english.pdf.crypt
[2012/05/31 14:14:56 | 001,372,959 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\automatic_self_defense.pdf.crypt
[2012/05/31 14:14:56 | 000,541,002 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\61 026 92 (2531) Eletrically adjustable whindshield K1100LT [EDocFind.com].pdf.crypt
[2012/05/31 14:14:56 | 000,346,012 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\2010_Invite_2.pdf.crypt
[2012/05/31 14:14:55 | 003,557,952 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\15-foot-sail.pdf.crypt
[2012/05/31 14:10:06 | 000,071,879 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm.crypt
[2012/05/31 14:10:06 | 000,046,153 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm.crypt
[2012/05/31 14:01:57 | 000,015,497 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\SPF to Bloomsburg.htm.crypt
[2012/05/31 14:01:47 | 000,165,987 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Nestle Dessert corse Dark baking chocolate 200g International shipping.htm.crypt
[2012/05/31 14:01:47 | 000,055,131 | ---- | M] () -- C:\Documents and Settings\Ken Foster\Desktop\Words.htm.crypt
[2012/05/31 13:58:39 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\Ken Foster\My Documents\Audi Advertisment.rtf.crypt


You will need to reinstall any programs that you want after the format and reinstall, So don't back up any Program File directories because the programs likely will not work with just a copy and paste.

If you decide to do this and you want, I can link you to some step by step directions, but whatever directions you follow, there are a couple of things that you need to do:

1.Before you format and reinstall, download the Windows XP SP3 stand alone installation and save it to a memory stick (USB drive), or some other medium so you can install the SP3 as soon as you have reinstalled windows..
2. Disconnect your computer from the internet so there's no possibility that it will become infected before you install the XP SP3. Then you can reconnect it.

Let me know if you have any other questions.
  • 0

#88
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP