#46
|
|||
|
|||
Quote:
|
#47
|
|||
|
|||
Thanks strij, Max, Matrix, and bob.g! It worked!! All 13808 of my .xls and .doc files have been recovered. You are truly a LIFE SAVER! I cannot imagine what I would have done if this fix hadn't come along! Cheers guys, Jim - Australia
|
#48
|
|||
|
|||
Good point and thank you ! I hate this stupid virus ..... I don't enjoy other viruses but the really insidious part is the inability to fix the files even after cleansing or restoring the machine.
|
#49
|
|||
|
|||
Still cannot get beyond first key though, and I am wondering if there is a solution for a machine that has already been cleaned of the virus. Wedding photos at stake
|
#50
|
|||
|
|||
Has anyone though of using system restore to restore to a previous date where the registry key was there and the system was infected ?
of course, usually when you cure a system from a virus you disable the system restore but in some case it might have been forgotten. Still not sure this will enable you to decrypt the files but it might be something to try. Anyone think this would be a possible avenue to look at? |
#51
|
|||
|
|||
Thank you!!
Thank you bob.g, strij, and Matrix, and all those who have worked on a solution to the FileError_22001 virus. I was able to restore all of my files today!! I am extremely grateful! Happy Holidays!!
|
#52
|
|||
|
|||
Quote:
I would think Microsoft would step up and try to help in this since this virus was obviously targeted to their users mainly, and their IE Vulnerability was the cause. They are being awful quiet about it. |
#53
|
|||
|
|||
My computer was infected with this on December 5th and I was DEVESTATED to find all my photos of my 2 babies (13 months and 1 month) GONE ... I didn't have anything backed up and I literally wanted to cry as file after file appeared as "FileError_22001" ... I consulted a few tech savvy friends who hadn't heard of anything, but promised me they'd look into it. I downloaded and ran trial versions Norton and McAfee antiviruses, but nothing could determine anything but a few tracking cookies was amiss on my computer. I left it for DAYS, scared that if I did anything, more files would get messed up.
I then started searching online and came up with this forum. I have been checking in about once a week for the past month or so, and now I had to register to say a HUGE thank you to whoever it was that was able to figure this out. I was (fortunately) advised NOT to delete anything, as this was still really new and perhaps someone would be able to find something (and if not, well, the files are lost anyway). I had high hopes every time I checked the forums, but until today, I was left disappointed and not at all hopeful. I sincerely hope that you are all able to find what you need (main keys, etc) to run this AMAZING tool on your machines. All but a handful of my 28500+ photos are back and I'm about to go looking at my .doc's and other files (nothing majorly important, so no real loss if they're gone). One question ... what are the files that have been placed on my desktop? All of my photos are still in their original folders and locations. Thanks again. You guys are lifesavers!! Merry Christmas to every and all the best through the holidays and into the new year! ~ Krystina |
#54
|
|||
|
|||
Still looking for solution
This mess occurred to wife's comp on 12/7/08.
She was looking up items on the internet (recipes). Took a break for an hour or so, and when she came back, said she was having problems. Some were the classics others have written about. McAfee had been installed and updated since the system was new, and apparently was catching whatever it was that was trying to get through, but not completely. Her system would start up, then McAfee would would flash a few warnings, similar to but not complete, text such as: Generic Rootkit.d (File) Location c:\Windows\new_drv.sys Program Client Server Runtime Process Location C:\WINDOWS\9129837.exe Then suddenly a small screen would appear with text containing the following: System is Shutting Down Initiated by NT Authority\ System C:WINDOWS\System32\services.exe Terminated unexpectedly....... Status Code 1073741819 The system would in fact shut down, then automatically restart and go through the same series all over again. The McAfee log shows on 12/7 Eight cases of generic rootkit.d (Trojan) found and deleted. On 12/8 Seven cases of the same generic rootkit.d (Trojan) found and deleted. The only way to stop the constant shutting down and restart was to interrupt the restart and start in safe mode. Once in safe mode, the only way that I was able to get a good startup without the errors was to revert to an earlier good start point. Ran my own complete scan with McAfee - nothing found Worked direct with McAfee, who scanned even further - nothing found Worked with Microsoft who further scanned - nothing found Still getting the file error_22001 on all word, excel, and jpeg files. Ran fixes suggested here, with the response: UNABLE TO FIND FIRST KEY - PC IS NOT INFECTED It sounds like McAfee did about 95% of its job, but in doing so, deleted the virus. By deleting the virus, I apparently have come up with the same problem as others, the lack of, or unable to find the first key. Has anyone had any further luck on a fix in such a situation? Any help greatly appreciated... Pulling out what few hairs I have left. |
#55
|
|||
|
|||
I have used Malwarebytes to successfully remove the virus and like many others, I cannot restore all of my files due to the response: UNABLE TO FIND FIRST KEY - PC IS NOT INFECTED. My Malwarebytes program does have all of the virus objects listed under the quarantine tab, so I am wondering if someone knows if I could restore one of these items and then run the restore program to get back all of my files. My question is, does anyone know where the keys are stored?
|
#56
|
|||
|
|||
STRIJ, I swear I can kiss you!! It worked! I got every file back!!! I am so happy I am beside myself!!! Thank you, Thank you, Thank you, Thank you forever and ever!!
|
#57
|
|||
|
|||
Hi
First I have to give credit where credit is due - there is a user by the name of duffpaddy (David Lipman) FileError_22001 Fix Follow his instructions and life becomes good. I just recovered my files by using the dr web tool and am in the process of running the malware search and destroy tool from malwarebytes.org excerpt from the forum posted by duffpaddy ************************************************ It is a case of Cryptovirology and DrWeb calls it "Trojan.Encoder.33" and has a tool for decryption. ftp://ftp.drweb.com/pub/drweb/windows/te33decrypt.exe 10% of the files can be decrypted based upon a key in the Registry. The other 90% can be decrypted through a predictable key. -- Dave Generic Trojan / Adware Infestation Removal Procedures Multi-AV - Multi-AV Scanning Tool - PCtipp.ch - Downloads ******** end of excerpt******************* Good Luck Marc |
#58
|
|||
|
|||
Another discussion
Here is another solution - again not my work just directing other unfortunate souls such as myself
Trojan.Encoder.33 (FileError_22001) - Norton Internet Security / Norton AntiVirus - Norton Community Excerpt from the above link Hi Guys This Infection has a catch 22 situation as the tool from Dr Web to decrypt the original files needs the infection to still be on the system, well the registry keys, though you can stop it from running in Msconfig. In saying that if your Security software like Norton has the Malware flagged as High Risk then the infection is removed automatically without asking the user what to do, and there is the Problem. If the Registry Keys are removed by Norton or by people doing the usual scanning with SuperAntispyware or Malwarebytes, then the decrypter doesn't work. Steps to take as long as Norton hasn't removed the infection. 1. Use "Msconfig" to deselect the startup process in the startup tab, The process you are looking for looks something like "43718D7A.exe" Then apply and restart the PC. After the Trojan should not be active. 2. Backup the 2 folders with the encrypted original files \Documents and Settings\<username>\Local Settings\Application Data\CDD, \Documents and Settings\<username>\Local Settings\Application Data\FLR. To pendrive, CD or DVD etc. In case the decryption goes bad. 3. Now use the Dr Web decrypting tool to decrypt the .fcd files in the folders above back to their original state. If the tool doesn't work when in your account try when logged in via the others users accounts if any available. 4. Once you have your original files back, back them up for safety, once you are satisfied all your photos etc are back. 5. Remove the Trojan completely Quads Message Edited by Quads on 12-23-2008 09:25 AM |
#59
|
|||
|
|||
I thought I would post the actual information listed within the Malware quarantine tab to see if anyone knows which registry values might be able to be restored and then recover the files:
1) Vendor: Rootkit.Agent Category: Registry Key Items: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\new_drv 2) Vendor: Rootkit.Agent Category: Registry Key Items: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n ew_drv 3) Vendor: Trojan.Agent Category: Registry Key Items: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ttool(Data: C:\WINDOWS\9129837.exe) |
#60
|
|||
|
|||
Quote:
Seems like people are moving on and all of us are stuck with thousands of lost files. Disappointing that most of the big name virus programs(And MICROSOFT) didn't do their job in stopping this virus in the first place i'll tell you one thing - I am now running Mozilla Firefox as a browser - so much better than IE7 and none of the security vulnerabilities now. |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Possible virus in Microsoft Word which alters the formatting of documents | Shirley Munro | Word | 8 | 09-18-2010 12:37 AM |
Help-overwriting files-could it be macro virus? | Timpotty | Word | 0 | 03-06-2009 04:28 PM |
Possible Virus in Word which alters formatting of entire document | Shirley Munro | Word | 2 | 02-09-2009 02:43 PM |