[Solved] Ransome corrupted .exe, .cmd, et al

[templescroll]

Hi..its been a while!
SUMMARY:
My OO.3.4.1 which I happen to love very much...is dead in the water (it seems)
I got a Ransom virus (dont know which one; NOT Cryptlocker though)
I removed it and cleaned out what was left in the RegEdit files (I think)
Many of .doc, docs, odt, .pdf el al are now ENCRYPTED by what the virus did
In addition to these FILES...
my .exe , cmd, .com APPLICATIONS were also encrypted. (Im told the 'encryption' is just some random code at the beginning of the .file that prevents the execution of the APPLICATION or making the FILE unknown/unreadable by the application)
I can only start OO.3.4.1 in 'safe mode' and even then, it won't let me 'OPEN' a document
I can CREATE a 'NEW' document but it won't let me 'SAVE' it.
ANYWAY, moving on...
QUESTION:
Should I COMPLETELY UNINSTALL the corrupted OO.3.4.1 and download/install it again?
This will probably eliminate the problem but all my user settings , etc would be lost?
OR
should I try updating my current version to the 4.1.1 (which I hear has troubles of its own) and hope it fixes the 3.4.1 corrupted files?

[templescroll]

PS IF MY OO.3.4.1 starts in SAFE MODE ...does that mean that there is some rogue process that is embedded in the TASKS that WINDOWS prevents from STARTING in safe mode? If so, how do I find it and eliminate it?

[RoryOF]

You need to sort out why your files won't open. If they have been encrypted, then no amount of reinstalling or upgrading OpenOffice will help. If they are not encrypted, but OpenOffice has been buggered, then a reinstall.upgrade may help.

To decide the first point, I suggest you upload a small file (preferably not as far as you remember containing any sensitive information) to the Forum, so we can try it with undoubted good versions of OpenOffice. If it opens for us, then you should reinstall (preferably a later version) of OpenOffice.

[templescroll]

okay...
But I'm past the point of fixing the ENCRYPTED FILES files associated with my APPLICATIONS.
(this was just a summary of what lead to OO3.4.1 not working & my questions)
I have UNINSTALLED / DOWNLOADED /RE-INSTALLED some of my Applications and they now work!

QUESTION:
With regards to OO:
Should I merely UPDATE MY CURRENT OO3.4.1 and hope it works?
OR
UNINSTALL 3.4.1 COMPLETELY and download/re-install it?
Can you provide me with a LINK to the LAST 3 versions of OO so I can decide?
thanks for you input

[templescroll]

You need to sort out why your files won't open. If they have been encrypted, then no amount of reinstalling or upgrading OpenOffice will help. If they are not encrypted, but OpenOffice has been buggered, then a reinstall.upgrade may help.

To decide the first point, I suggest you upload a small file (preferably not as far as you remember containing any sensitive information) to the Forum, so we can try it with undoubted good versions of OpenOffice. If it opens for us, then you should reinstall (preferably a later version) of OpenOffice.

OKAY here ya go.
FYI: oddly enough some WEIRD Kapersky DE-crypt tool recovered SOME buy not ALL of my .pdf, .doc files. Im gonna try it with .jpg and .exe and .com and .cmd files next. Ya need to have a GOOD UNCORRUPTED file with the SAME extension to upload to the Kapersky TOOL to get the process started. Its not ideal but its better than nothing!

[RoryOF]

The .odt and the .doc file opened with OpenOffice 4.1.1 on Xubuntu. Adobe Reader said that the .pdf was damaged and could not be opened.

[templescroll]

The .odt and the .doc file opened with OpenOffice 4.1.1 on Xubuntu. Adobe Reader said that the .pdf was damaged and could not be opened.

oooohhh this is a good thing!
I guess I should take the leap to 4.1.1....I so scared

[templescroll]

is OO 4.1.1 the same as Xubuntu. Im confused

[RoryOF]

The Windows version of OO 4.1.1 will run on the Windows operating system just as the linux version runs on the Ubuntu operating system.

[Villeroy]

The PDF may be corrupted because it has no data in 124 kB. The doc and odt are fine. I can open both with any suitable program on my Linux system.

guess I should take the leap to 4.1.1....I so scared

I'm confident that any version of Openoffice and Word since 1997 can open your .doc file. This is not a matter of the latest word processing software. You need to wipe out the entire Windows system in order to re-install a clean system. After this radical step I would not bother about Windows anymore. I would install a real operating system. One that comes with pre-installed backup tools. One that does not require any anti-virus snake oil. A system that simply can not run any of the usual malware. A system that runs fast and stable on my 7 years old hardware.

[templescroll]

The .odt and the .doc file opened with OpenOffice 4.1.1 on Xubuntu. Adobe Reader said that the .pdf was damaged and could not be opened.

the list of EXTENSIONS affected by the Ransom is indeed LONG...so running the Kapersky tool may not be efficient, but it could be the file(s) I sent you instead of an actual UN-decrypted file. LM try a couple more okay?

.ZIP can't extract cuz "7 Zip" APPLICATION says file is EMPTY
.JPG can't upload either cuz error message says: ITS NOT POSSIBLE TO DETERMING DIMENSIONS OF THE IMAGE
when I click on the image I get "dimensions 0.0" even though the IMAGE is 52K.
I my IMAGES are just DEFAULT 'flowers'...Photo Gallery says corrupted image, can't open
But Like I said:
I'm mostly interested in just UNINSTALLING/DOWNLOADING/REINSTALLING "OpenOffice
QUESTION
whats the best way to UNINSTALL and DOWNLOAD and REINSTALL Open Office?
thanks for all your help!

[templescroll]

The PDF may be corrupted because it has no data in 124 kB. The doc and odt are fine. I can open both with any suitable program on my Linux system.

guess I should take the leap to 4.1.1....I so scared

I'm confident that any version of Openoffice and Word since 1997 can open your .doc file. This is not a matter of the latest word processing software. You need to wipe out the entire Windows system in order to re-install a clean system. After this radical step I would not bother about Windows anymore. I would install a real operating system. One that comes with pre-installed backup tools. One that does not require any anti-virus snake oil. A system that simply can not run any of the usual malware. A system that runs fast and stable on my 7 years old hardware.

LOL thank you!
I got ya beat...my Window system VISTA Home Premium Edition was assembled by my son before he went off to college...IN 2005! I havent had TOO much trouble w/trojans & viruses cuz I try to keep it clean! But then I migrated over to GOOGLE CHROME browser in lieu of IE Browser I been using for YEARS! (per my son's admonishing) and BAM!! within a month I get this this nasty TROJAN. I think w/ IE I was covert/under the radar of hackers who just couldn't be bothered with losers who still use IE, LOL!!!
What do you recommend as an operating system that you currently use "past 7 years" ? thanks

[RoryOF]

villeroy and I (and others on the Forum) use versions of linux. However, linux does require more hands-on at a lower level than Windows.
My preference is for Xubuntu, On an older machine this runs very well.

[Villeroy]

It is unlikely that you catch a virus because of your browser preference. You click a wrong link, open some mail attachment, download some software (e.g. OpenOffice) from untrusted sources and if you are running the right operating system (Windows) the malware starts its job. Of course, it is possible to harden a Windows system. But nobody does this on private machines. The usual "solution" to the problem seems to be: erase and start from scratch or buy a brand new computer with the latest Windows (best Windows ever with new security architecture, blah, blah, blah). I wiped off MS Windows 13 years ago and never looked back.

[templescroll]

okay...ya got my attention. what do you use? Do you want to send me a screen shot of your OS? That would be cool I guess.

• XUbuntu

which I know absolutely nothing about

• OO 4.1.1

which I hear has some issues but is working ...unlike mine.

• can I play games & download EVERYTHING I currently use on MS WINDOWS?

***still waiting for reply on the UNINSTALLING/DOWNLOADING/RE INSTALLING of OO 3.4.1 OR 4.1.1.
This is my quick-patch-fix to my current situation...so I can work on my resume that I currently cannot access/update.
I will still consider your advice of "system wipe" when urgency is not such an issue.
thanks Villeroy

[templescroll]

villeroy and I (and others on the Forum) use versions of linux. However, linux does require more hands-on at a lower level than Windows.
My preference is for Xubuntu, On an older machine this runs very well.

I can be "hands-on at a lower level" I just need this FIXer upper for now to get going...so I can run my OpenOffice.

[TheGurkha]

Wipe your PC, re-install the OS of your choice and then restore your backups.

It's the only way to be sure.

[RoryOF]

Uninstall by Control Panel, Programs, Remove
Download only from
http://www.openoffice.org/download
which will redirect to SourceForge computers where the files are stored.

Xubuntu details and screenshots at http://xubuntu.org/
No Windows program will run on linux, but there are usually equivalents for linux.

[templescroll]

Uninstall by Control Panel, Programs, Remove
Download only from
http://www.openoffice.org/download
which will redirect to SourceForge computers where the files are stored.

Xubuntu details and screenshots at http://xubuntu.org/
No Windows program will run on linux, but there are usually equivalents for linux.

yayh! thank you thank you.
so the MS Windows 'UNINSTALL' will take out EVERYTHING connected w/the corrupted OO I currently am troubleshooting?
OR
should I run some 'cleaner' afterwards BEFORE installing/downloading from SourceForge?

[Villeroy]

Phone up your son! You don't get it. Uninstalling Windows will wipe out everything on the whole corrupted computer. After this radical step, all you can start is no longer on your hard disk. You may start the install routine of a licensed Windows CD/DVD to rebuild a Windows system or some other operating system's CD/DVD to install an alternative (and more fool proof) operating system. First of all you need some CD/DVD (or other medium) containing the new operating system. This is not for computer illiterates!

[templescroll]

Uninstall by Control Panel, Programs, Remove
Download only from
http://www.openoffice.org/download
which will redirect to SourceForge computers where the files are stored.
[*]
Xubuntu details and screenshots at http://xubuntu.org/
No Windows program will run on linux, but there are usually equivalents for linux.

yayh! thank you thank you.
so the MS Windows 'UNINSTALL' will take out EVERYTHING connected w/the corrupted OO I currently am troubleshooting?
OR
should I run some 'cleaner' afterwards BEFORE installing/downloading from SourceForge?

I am preparing to UNINSTALL O.o3.4.1 and all its COMPONENTS from my computer's hard-drive.
I have 4 PROFILES - 1,2,3,4
I have hard-drives - C: E: F: G: H: (C: is the main drive, I just have the other drives installed from my old computer that I use to store .docs/.jpgs /.mp4 n stuff)
I'll go to my desktop (c:drive) and click START-->control panel-->programs-->and scroll down to OPENOFFICE 3.4.1-->remove
QUESTION:
Any pointers before I begin?
Will the UNINSTALL (as mentioned in quote) remove ALL THE COMPONENTS associated with Open Office 3.4.1 that were installed when I downloaded the program a couple years ago?
(including the the DICT extension I added at a much later date)
Do I need to go into all the drives/profiles and delete stuff left behind?

[RoryOF]

Uninstalling OpenOffice by the Control Panel will leave the User Profile, which contains the dictionaries. If you wish to be more drastic in the uninstall you should investigate something like CCleaner, used at its most aggressive. After a Ransom attack my instinct would be to do a complete operating system install to a fresh hard drive, leaving the old drive(s) untouched, until I had transferred as much valuable work as possible from them to the new drive(s). A major consideration would be to stop infection of the new drive from the old.

No matter what you (or anybody) does there will be data loss; only you can decide what on your old drives is of greatest significance and if it is worth the effort. If you have a life's work, such as a diary or book in progress, that in my view might be worth the effort of recovery, but otherwise it may be easiest to start from scratch with a fresh operating system install.

An alternative might be to pay the ransom - I cannot say whether this will clean your data - is there honour among ransomers? You might also approach a data recovery company, which process is likely to be very, very expensive and only partially successful (if at all).

The ultimate decision on what to do is yours - we can only make suggestions in good faith, not knowing your exact setup. No matter what anyone suggests there will be data loss.

[Villeroy]

But what he installed was not Apache OpenOffice. He installed some malware bundle.

[templescroll]

Uninstalling OpenOffice by the Control Panel will leave the User Profile, which contains the dictionaries. If you wish to be more drastic in the uninstall you should investigate something like CCleaner, used at its most aggressive. After a Ransom attack my instinct would be to do a complete operating system install to a fresh hard drive, leaving the old drive(s) untouched, until I had transferred as much valuable work as possible from them to the new drive(s). A major consideration would be to stop infection of the new drive from the old.

No matter what you (or anybody) does there will be data loss; only you can decide what on your old drives is of greatest significance and if it is worth the effort. If you have a life's work, such as a diary or book in progress, that in my view might be worth the effort of recovery, but otherwise it may be easiest to start from scratch with a fresh operating system install.

An alternative might be to pay the ransom - I cannot say whether this will clean your data - is there honour among ransomers? You might also approach a data recovery company, which process is likely to be very, very expensive and only partially successful (if at all).

The ultimate decision on what to do is yours - we can only make suggestions in good faith, not knowing your exact setup. No matter what anyone suggests there will be data loss.

ok thanks. Does Oo3.4.1 install DICT on ALL the profiles? Or just the C: drive? Can you send me a LIST of the DICT files (3.4.1) so I can CHECK the profiles for fragments left behind. Will DICT be the ONLY stuff left behind? I've used CCleaner many times before...just not on 'aggressive mode'.

[RoryOF]

I haven't got an installation of OO 3.4.1. I'm using OO 4.1.1; on Xubuntu my customised dictionary files live in folder in the OO User Profile
/4/user/wordbook/

The normal dictionaries are in a directory like this (again under the User Profile)
/4/user/uno_packages/cache/uno_packages/sv4rk63d.tmp_/dict-en(1).oxt/en_CA.dic

[templescroll]

THNX Will EACH of my USER profiles I show on BOOTUP have the DICT file(s) or just the profile I used when I installed OO? The other profiles also USE OO.

[Bill]

THNX :) Will EACH of my USER profiles I show on BOOTUP have the DICT file(s) or just the profile I used when I installed OO? The other profiles also USE OO.

Ys if you installed "for all users". No if you installed only for the user installing AOO.

[templescroll]

I haven't got an installation of OO 3.4.1. I'm using OO 4.1.1; on Xubuntu my customised dictionary files live in folder in the OO User Profile
/4/user/wordbook/

The normal dictionaries are in a directory like this (again under the User Profile)
/4/user/uno_packages/cache/uno_packages/sv4rk63d.tmp_/dict-en(1).oxt/en_CA.dic

Hi Rory

• I cleaned everything out!

• I'm ready to install oo 4.1.1

• should I start a NEW thread...cuz the ransom thingy is 'resolved' (sort of) I just need to DOWNLOAD the new Oo 4.1.1