I have many photos that won't come up anymore after scan

June 3, 2016 at 08:53:29
Specs: Windows 7
Recently, a window popped up on my monitor asking me if I wanted to scan my J-Drive (external hard drive). After that, all my precious photos cannot be viewed anymore. I was offered some type of fix but I won't download that due to the weird language (grammar) used.

See More: I have many photos that wont come up anymore after scan

Report •


#1
June 3, 2016 at 09:53:02
Were you asked to pay?

Can you still access the drive and at least see the photo files?


Report •

#2
June 3, 2016 at 11:32:42
Sounds like a Ransomware scam (which can be very difficult indeed to overcome). I hope you didn't go for the scan.

Always pop back and let us know the outcome - thanks


Report •

#3
June 4, 2016 at 01:40:27
Did you go for the scan?
Its a Ransomware. Its eaten up (encrypted) all your photos.
A reply about furthur info would not only be greatly appreciated but is also necessary for you because you are in a risk of losing all your data.

Regards,
Jay Sarma
Musician and Computer Geek


Report •

Related Solutions

#4
June 4, 2016 at 04:29:37
A decent host file might keep you away from sites like that in the first place.

http://winhelp2002.mvps.org/hosts.htm

Lee


Report •

#5
June 4, 2016 at 18:05:05
Can you see the photos but are unable to view them, or have they disappeared completely?

If you can't find the photos it is possible that the attributes have been changed to hide them from you.

There are two changes that need to be made to make hidden files and folders appear. Here's a guide:

http://www.howtogeek.com/howto/wind...

The two changes are first select "Show hidden files and folders" and second deselect "Hide protected operating system files”. click apply, ok and exit close out of the window.

Go to the location where your photos are and see if they reappear. If they're there and the folder appears to be an opaque yellow colour this means the folder attributes were changed.



Report •

#6
June 4, 2016 at 19:23:35
Re #5
I dn't think a Ransomware would just change extensions and have popcorn.
They does this byte alteration stuff, I've seen it with my own eyes.

Report •

#7
June 4, 2016 at 20:03:00
Hi Jay.

You're right there are some fairly nasty malware that use encryption to take possession of files and folders then try and extort money in return for the key.

There are also fake AV scanners that simply change the attributes of folders to try and bluff a user out of money. They rely on the user to be either not very good with computers or seek decent help. This code will be simpler and a lot quicker than code using encryption to wreak havoc.

Jay have a read of differing behaviors of malware:
https://www.raymond.cc/blog/reset-s...

Edit: I wasn't talking about file extensions but rather attributes. Still close enough and I'm sure there is malware that will change file extensions to help do it's evil bidding.

message edited by btk1w1


Report •

#8
June 5, 2016 at 11:41:45
Hello, btk1w1,
If you can remember, we had this discussion before :) I told you I was researching on malwares, remember?
Well, the link says everything I know. But again, the bad guys are always ahead of the good guys.
Ransomware would not just change attributes/extensions. Comparing a clean file with a ransom-hit file on any hex editor, an alteration on bytes would be noticed, that's what makes the file unaccessable, in other words, "encrypted".

Report •

#9
June 5, 2016 at 14:45:58
Jay we are going to have to agree to disagree.

There are many thousands of malware in the wild that use varying techniques to compromise an OS.

Many of them are written by script kiddies on school holidays that neither have the knowledge or ability to write complex code.

It is highly possible that the OP may just be facing hidden folders, but if it is as bad as you think there is little hope of recovery without paying a ransom. So it is at this point I offer real hope and not doom and gloom because not all malware encrypts data.

Edit: we should consider the OP and not hijack their thread.

message edited by btk1w1


Report •

#10
June 5, 2016 at 16:03:21
"Edit: we should consider the OP and not hijack their thread."

Exactly....


Report •

#11
June 5, 2016 at 18:41:03
"It is highly possible that the OP may just be facing hidden folders, but if it is as bad as you think thereis little hope of recovery without paying a ransom"
But the OP hasn't replied yet!
"Edit: we should consider the OP and not hijack their thread."
Lol, hijack is the coolest term in this sentence :p Yes, I agree to you :)

Let's just wait for the OP to reply.


Report •

#12
June 5, 2016 at 21:16:24
Wouldn't seem like ransomware since it asked to do a scan. If it's just lost/deleted/corrupted files the discussion here might help:

http://www.computing.net/answers/ha...


Report •

#13
June 6, 2016 at 19:15:08
My sister just lost all her email and very much more leaving it on facebook while washing dogs. Came back to $600 ransom notice, said it was a flash update that started it but I have no faith that she can make such a call accurately, so it's gonna be happening to a whole lot more people. She is horrible about keeping up to date with security updates though, it's almost against her religion it seems. My sister and OP are not XP though, so wrong group?

She is going to get a new hard drive and start over hoping in the meantime someone can unravel the mess on the current hard drive.

Lee


Report •

#14
June 7, 2016 at 00:36:07
Re #13
If only I had access to that drive... oh, luck!
Yes, boot a live linux containing GParted, delete all partitions and reformat everything to NTFS. Not even the 's' of the word "sign" of the Ransomware would be present there.
Hope it helps :)
P.S. do post a question for queries next time.

Report •

#15
June 7, 2016 at 06:48:06
Many times on these boards we seem to get folk who post questions then vanish, rather like some kids game. Maybe they believe we need practice at answering questions.

Always pop back and let us know the outcome - thanks


Report •

#16
June 7, 2016 at 06:54:48
naaaah.., I just posts em to pass the tyme... between rounds of tea 'n cake...

Report •

#17
June 7, 2016 at 19:11:45
Naaah, I post near my friends to show them how geeky I'm at computing stuff....

Report •

#18
June 7, 2016 at 23:40:41
I kinda like to think they are deep in the process of fixing it and can't get back to us. I first noticed this trend on 'missing command.com' posts, they would start out hot and heavy and then poof they gone. They gone to the store to buy another computer with an entirely different OS and never will be back.

jaysarma987 - what is on the hard drive is the part to be recovered in #13, your advice to format C: doesn't seem to be of much help recovering the ransomed data. #13 is also not a query - it's a notice that ransomware has found a better way to install itself just recently and there might be a rash of these incidents. My sister is very good at finding these things, if it happened to her, it's happening to thousands of others too.

Lee


Report •

#19
June 9, 2016 at 13:15:54
melee5 may be right about the whereabouts of the OP. This is their only post here and it is now 6 days without any response from them. Problem may have been solved. Courtesy is something some don't learn.

Report •

#20
June 9, 2016 at 18:28:39
"Courtesy is something some don't learn."
Lol, yes, funny but true.

Report •

#21
June 10, 2016 at 20:32:59
Since April 08, 2016 any Flash 21.0.0.213 & 18.0.0.343 ESR or lower versions have been exploited hard by the above ransomware. I'm not up to date but I do have firefox stopped from even checking for updates as well as the same deal on flash.

Lee


Report •

#22
June 11, 2016 at 00:35:47
The only reason why I prefer to use internet on Linux, is, no infection. Worse that can happen, Linux gone crazy. No prob, my hard disk where all the data is kept, was safely unmounted. Delete the OS partition, reinstall!! For windows apps not to run on Linux, I've never installed Wine.
Safe browsing! :D
Comments?

Report •

#23
June 11, 2016 at 07:02:59
As the poster seems to have left us I guess its safe to chat about asides.

melee5

Re #4
It's years since I used Hosts so thought I would add the one you suggested (on Windows 10). I then immediately ran into annoying back button issues in browsers. Also I had the "can't display page" messages instead of adverts. In the old days eDexter sorted out these issues but it didn't seem to work on Win 10 - too ancient I suppose. My conclusion was that Adblock and similar worked far better although I accept that they do little for security.
EDIT: I do still use SpywareBlaster which gives some passive protection..

Re #21.
Maybe I'm dozy but as you suggested that lower versions of flash are exploited by ransomware then I couldn't understand why stopping Firefox and Flash updates appeared to be your answer. The current flash version is 21,0,0,242.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#24
June 11, 2016 at 20:52:13
Re #23
Simple concept.
I guess he would consider staying in a version between 18 and 21. :)
Sometimes we have to agree to 'agree'.
Lol
I made that one up

Report •

#25
June 12, 2016 at 04:40:57
I think I'm just not understanding the way the version figures are presented and therefore exactly what is intended. If there are two ways of reading things I can be quite expert at choosing the wrong one LOL.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#26
June 12, 2016 at 14:44:32
I kinda do that myself some. Not dozy at all, what you don't know is that I do the interwebby thing with flash turned off because I don't want to be bothered by a commercial or a virus not to mention having my bandwidth choked to death. With the browser unable to check for updates along with flash I don't have any surprise downloads happening. By my sister's account she wasn't even in the room and flash decided to update itself when the SHTF. That's scary to me. I feel safe because I'm not idling on facebook with flash turned on or able to update itself in any possible way. Yes, I'm at risk, but my safe behavior is safe enough until I get busy updating what I want to in the order I want to. My flash version is 16.0.0.296, we go for a year between these wholesale flash attacks and I don't need to be bothered every other week when there is nothing wrong with the way flash has been working. Now there is something very wrong and I will update soon.

ESR is Extended Service Release, that version is still 18 and they were still supporting it with updates even though there were higher versions for the public at large, but this might be the game changer and the death knell for 18. I wish I could get paid to write exploitable holes in my own software...

XP still working good with a decent Host file, on very rare occasions when I'm off on a tangent hunting something I don't even really need, I will hit a page that won't connect. Takes a few tries before I recall a very good reason why that might be happening, and just as often firefox will alert me to a reported dogy site too. I'm sure they have their very own Host file system but they do use MS Host as well. I can imagine that Win 10 does it different, I'm not looking forward to it either. Maybe by the time I'm forced to do that, they will have some of the larger humps mowed down a bit.

Lee


Report •

#27
June 12, 2016 at 15:11:20
melee5

All crystal clear now - thanks very much for the amplification.

I too hung on quite a time in the hope that Win 10 would be less "humpy". I guess it is but, in my opinion, still has a way to go to match the reliability of either XP or Win 7.

Always pop back and let us know the outcome - thanks


Report •


Ask Question