Thread: [Solved] FileError_22001 - New virus??
View Single Post
 
Old 12-20-2008, 09:17 AM
Spectreofwar Spectreofwar is offline
Novice
  
Join Date: Dec 2008
Posts: 2
Spectreofwar is on a distinguished road
Default
Quote:
Originally Posted by Grogan View Post
I sure hope that these keys are found on the PC when the program is run there. I instructed them not to delete anything, just in case.

I did not find the trojan that caused this on their PC. I found and removed some common malware, but nothing that would cause this. I kept it for days, and in my opinion the system is clean of any active malware. I can usually tell when a system is jacked. It's not exhibiting any suspicious behaviour, all scans (Avira Antvir, Nod32, Kaspersky, Malwarebytes, Superantispyware, Spybot S&D, A Squared etc.) come up clean now. No sinister root kit activities. I did my usual manual hunting and poking too both on and off system. I spent an insane amount of time on this, but I really wanted to find the culprit and more importantly, a solution.

I think this was some sort of "hit and run" trojan. Did its dirty work, and then buggered off. I found evidence in their temporary internet files of a possible route for this catastrophe, but I can't be sure. (I tried to download the malware executable the malicious javascript was pointing to but the server wasn't responding)
I used Malwarebytes (as McAffee was useless in this case to allow in and not detect -- even after a couple weeks -- this intruder) to remove a couple harmful registry files and one unknown... but I'm not sure if the unknown was this particular virus or not. I'm of a mind to agree with you that it was a 'Hit and run' virus as I was able to upload new photos safely without alteration shortly after infection, and those images remained unencrypted.

When I found the encrypted files in these new folders I left them, as they were the exact same sizes as all my other files that went "missing," just in case something like this happened. Unfortunately I'm not familiar with which item would be the 'key' to use, but Dr. Web had no problem finding it and decrypting my information and restoring it.

A friend of mine also tried to recreate the issue to try and solve it, with no success. I'd guess that the key, and the ability to fix the infection, rests solely on the infected computer.

-J
Reply With Quote