Encryption or Permissions?

[Guest]

Sirs
Following an ‘attack’ a number of files (mostly JPEG) have become encrypted
(Properties> Advanced), these are in folders where other JPEG files have not
been affected. (Encrypted file names appear in Green text and cannot be
previewed or thumb nailed) I am the only administrator of my machine, I have
ownership of the files and I have full permissions ( but so does a group /
user titled ‘Administrators’)
Any attempt to uncheck the Encrypt box leads to ‘Access denied’ as does any
attempt to inherit permissions from parent. I would be ever so grateful for
a solution as these are family photos.

 

[Malke]

Sirs
Following an ‘attack’ a number of files (mostly JPEG) have become
encrypted (Properties> Advanced), these are in folders where other
JPEG files have not
been affected. (Encrypted file names appear in Green text and cannot
be previewed or thumb nailed) I am the only administrator of my
machine, I have ownership of the files and I have full permissions (
but so does a group /
user titled ‘Administrators’)
Any attempt to uncheck the Encrypt box leads to ‘Access denied’ as
does any
attempt to inherit permissions from parent. I would be ever so
grateful for a solution as these are family photos.

We need more information about the "attack". There has been some malware
that basically holds the victim up for ransom by encrypting data. You
then have to pay the malware owner to unencrypt your data. Here are a
couple of articles about this:

http://www.viruslist.com/en/analysis?pubid=184012401
http://www.sophos.com/pressoffice/news/articles/2006/03/zippo.html

Malke

 

[Guest]

Malke.
Thanks for your info. The Attack went something like this,
About 2 months ago I switched on and the Windows One Care ( had 90 day trial
for over 7 months) threw up a subscription warning followed by warning that
firewall is switched off. (Firewall off and now controlled by group policy)
Windows Defender 'wiped' completely from machine. Removed One Care did
Panda, Ewido & Kapersky scans, found 3 Trojans that were dealt with by Ewido
& Panda.
Reset firewall using MS support and installed Panda I S 2007

I didn’t notice any of the File changes until some days later. On my slave
drive, amongst other folders have one marked personal, within this I have My
Pictures and this too has a folder called Personal it is in this folder that
many files have been affected. Mostly JPEG (although some Word documents and
some Photoplus) files similarly affected. No other folder has this problem (
that I have found) . Tried resetting permissions but no joy ( have tried to
track solution through Tech Support but nothing I have tried as worked so far
and stupidly I didnt back up the slave drive files
Had no emails or other suspicious activity since!

Makes no sense to me!

 

[Malke]

Malke.
Thanks for your info. The Attack went something like this,
About 2 months ago I switched on and the Windows One Care ( had 90 day
trial
for over 7 months) threw up a subscription warning followed by
warning that firewall is switched off. (Firewall off and now
controlled by group policy)
Windows Defender 'wiped' completely from machine. Removed One Care
did Panda, Ewido & Kapersky scans, found 3 Trojans that were dealt
with by Ewido & Panda.
Reset firewall using MS support and installed Panda I S 2007

I didn’t notice any of the File changes until some days later. On my
slave drive, amongst other folders have one marked personal, within
this I have My Pictures and this too has a folder called Personal it
is in this folder that
many files have been affected. Mostly JPEG (although some Word
documents and
some Photoplus) files similarly affected. No other folder has this
problem (
that I have found) . Tried resetting permissions but no joy ( have
tried to track solution through Tech Support but nothing I have tried
as worked so far and stupidly I didnt back up the slave drive files
Had no emails or other suspicious activity since!

Unfortunately, you didn't include the name of any of the trojans. Read
the links I gave you and see if the solutions there help. Resetting
permissions will not be useful if the files were really encrypted. You
need to find out what ransomeware you had and deal with that. I would
contact either Kaspersky or Sophos since they have the most experience
with this. Another possibility is that the people at Elcomsoft might be
able to help - http://www.elcomsoft.com/

If none of that works, then I'm afraid you've lost the data.

Malke