Viruses

[Richard Kreiss]

Yes,

This Trojan encrypts files with the following extensions: 
.	*.accdb *.arw *.bay *.cdr *.cer *.crt *.crw *.dbf *.dcr *.der *.dng
*.doc *.docm *.docx *.dwg *.dxf *.dxg *.eps *.erf *.indd *.kdc
.	*.mdb *.mdf *.mef *.mrw *.nef *.nrw *.odb *.odc *.odm *.odp *.ods
*.odt *.orf *.pdd *.pef *.pem *.pfx *.pptm *.ppt *.pptx *.psd*.pst
.	*.ptx *.raf *.raw *.rtf *.rwl *.srf *.srw
*.wpd*.wps*.xlk*.xlsb*.xlsm *.xlsx *.xls ????????.jpe ????????.jpg img_*.jpg

These are the files which were attacked.

It look like I will have to copy their system to mine a bit more often.

I keep copies of clients filepro programs & data on my system.  My two most
active client's data is more up to date tan some of my older less active
clients.

This has saved some of them as they either did not backup their systems or
their backups were no good.

The main problem with backups, besides not doing them, is making sure that
they are good and can be reinstalled.  It makes no sense to backup ones
system and then not have a copy of the backup program to use in reinstall
the backup.

Richard


> -----Original Message-----
> From: filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com
> [mailto:filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com] On
> Behalf Of Walter D Vaughan Jr
> Sent: Monday, September 16, 2013 9:18 AM
> To: filePro Mailing List
> Subject: RE: Viruses
> 
> Richard, was their problem different than this?
> 
> http://answers.microsoft.com/en-us/windows/forum/windows_7-
> windows_update/of
> fice-files-dont-open-after-windows-7-update/07567ae1-c935-4971-8ba0-
> fab733dd
> d5f5
> 
> > What was the name of the virus, and how did they remove it?
> >
> > I have seen of a few machines that after this past week's Patch
> > Tuesday, after a reboot the "Open With" was changed from Microsoft
> > Word or Excel to just Microsoft Office which of course made most
> > office documents look like they were gone/broken/etc. The problem was
> never with the data files.
> > Changing the "Open with" back to the proper application seemed to have
> > fixed it in their cases.
> >
> >
> > > -----Original Message-----
> > > On Behalf Of  Richard Kreiss
> > > Sent: Sunday, September 15, 2013 9:25 PM
> > > To: filepro-list at lists.celestial.com
> > > Subject: Ot: Viruses
> > >
> > > One of my clients early Friday morning to advise me to stay off of
> > > their system.  They were being attacked by a virus that was
> > > encrypting or making unreadable a large list of Office type of
> > > documents and photo
> > formats.
> > They
> > > eventually found the machine from which the virus infected their
system.
> > >
> > > Luckily  filePro was not damaged by this attacked except for an old
> > > mdb
> > file.
> > >
> > > They did have backups which were made to a NAS.  However even the
> > > files on the NAS were attacked.
> > >
> > > The suggestion I made to him, and it is not original with me, was to
> > backup his
> > > system to the NAS and the backup the NAS to tape.  His comment to me
> > > was tape is old school.  My answer was that the tape would not have
> > > been attacked.  Yes, if he backed up on Friday it would have been
> > > infected
> > files.
> > > However, the backup for that day would not have been made.
> > >
> > > Just a suggestion.
> > >
> > > By the way, they are running Windows Defender and Malwarebytes,
> > > which missed the particular virus attacking their system.
> > >
> > >
> > > Richard Kreiss
> > > GCC Consulting
> > >
> > > Office: 410-653-2813
> > >
> > >
> > > _______________________________________________
> > > Filepro-list mailing list
> > > Filepro-list at lists.celestial.com
> > > Subscribe/Unsubscribe/Subscription Changes
> > > http://mailman.celestial.com/mailman/listinfo/filepro-list
> >
> > _______________________________________________
> > Filepro-list mailing list
> > Filepro-list at lists.celestial.com
> > Subscribe/Unsubscribe/Subscription Changes
> > http://mailman.celestial.com/mailman/listinfo/filepro-list
> 
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list