Hello All,
I am helping a cousin who recently fell victim to the Microsoft Impersonation Scam. I have managed to get the computer itself entirely back to the land of the living. It is a Windows 7 Home Premium 64-bit and there are two separate users on the machine. The machine has been scanned for malware by malwarebytes, and a full rootkit scan has been done as well, and all of that comes back clean. Spybot S&D isn't finding anything, either. I have been working with Malwarebytes.org using farbar and so far that is looking just fine as well.
For the user who was not the one logged in when the scam attack took place all documents seem to be fine. This is not true, though, for the MS-Word documents under the user who was logged in, and it doesn't matter whether they're .docx, .doc, or .rtf except in one small detail. If you attempt to open a .doc file or a .rtf you get the following dialog:
If you attempt to open a .docx you get a message that it cannot be opened because the file is corrupt. After you click OK you get a follow up dialog that says there is readable content and you can try to recover it if you trust the file. On the machine that was originally attacked I thought, "What the heck?," and tried to recover - it just comes right back to the "file is corrupt message." I have no intention of trying this on my own laptop, though I have tried opening the files in MS-Word 2010 (which is what the .docx files on the other machine were created with) and the results are exactly the same.
Does anyone know how these vermin corrupt MS-Word document files and whether there is something out there that would allow me to "disinfect" them so they'll be functional again?
Thank you in advance for any assistance you can offer.