17 replies to this topic

[shahz]

all my microsoft office files have the .crypt ext some how. e.g abc.doc.crypt or abc.xls.crypt or abc.ppt.crypt. I tried renaming it and opening it, but its showing encrypted data...how can this problem be resolved..any help would be greatly appreciated.As for the AV, i tried AVG/NOD, bt they dont detect anything.

Thanks,

[tommie gorman]

Try this out.
http://filehippo.com...perantispyware/

It gets a lot of shit out. And try it in safe mode too.

Also try a restore point to a time before it happened.

[shahz]

Have tried the restore point already...it did not work. Will try out this software and let u know..

Thanks,

[xs1]

http://www.safer-net...ors/index.html  - spybot dearch n destroy
http://free.avg.com/ - avg free 

    Always a good first start.

[shahz]

tried spybot...did not work

[Elemental Xero]

Tried reinstalling office?

[coolbuster2007]

Quote

all my microsoft office files have the .crypt ext some how. e.g abc.doc.crypt or abc.xls.crypt or abc.ppt.crypt. I tried renaming it and opening it, but its showing encrypted data...how can this problem be resolved..any help would be greatly appreciated.As for the AV, i tried AVG/NOD, bt they dont detect anything.

Thanks,

did you play an online poker game somewhere?

would you mind posting a HijackThis Log, through that we can possibly suggest a fix 

[shahz]

im currently far away from my computer....il post hijack logs as soon as i can.

n no i did not play poker online

[shahz]

@Elemental : reinstalling office did not work.

[Elemental Xero]

Mind if I ask whats actually going on thats causingy our problem?

From what I found crypt goes along with programming, but can also have Trojans attached to the file commonly in Office.
Any symptoms to your problems?

[coolbuster2007]

Quote

im currently far away from my computer....il post hijack logs as soon as i can.

n no i did not play poker online

maybe offline  hahah. kidding aside. please post a HijackThis Log at your most convenient time 

[shahz]

@Coolbuster
here is the HijackThis log as requested....sorry for the delay

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:47 AM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:PROGRA~1GrisoftAVG7avgcc.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1GrisoftAVG7avgw.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.0.170:6588
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.0.1225.9868swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User '?')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User '?')
O4 - HKUSS-1-5-21-515967899-616249376-1801674531-500..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User '?')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User '?')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe

--
End of file - 4760 bytes

[Conuck]

You have a couple problems. Go here and paste your log,  it will read it and put X,s where the problems are.

http://www.hijackthis.de/

[shahz]

fixed 2 errors....but still no luck...i have thousands of microsoft office files....all with the same problem. .. any other suggestions ? 

[Conuck]

I don't know either what to do except reformat and start fresh!

[coolbuster2007]

your HijackThis log seems fine except this entry

1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.0.170:6588

what is the proxy for, mind if I ask

[shahz]

sharing internet.

[Diehard]

if its only your office files, check This out and check settings in MS Office
http://netsecurity.a...q_encryptms.htm

If you have any of these settings then just reverse them



Or this which gives explanation about .crypt extensions
http://www.bestsoftw...d-riuyvdeu.html

I know this is talking about the program but it does give an insite and after reading this it seem like They are not reversable