10-25-2009 07:06 PM - last edited on 10-25-2009 08:36 PM by JerryM
I have Norton Internet Security 2010 installed on my computer. Tonight I had my computer restart abruptly, and when it rebooted, all of my files, documents, mp3's, videos, links, .exe files, etc. have changed to a .viCrypt extension. Deleting the .viCrypt extension does not make the file usable. Norton does not recognize that there is a problem. I have scanned with NIS, Superantispyware, and malwarebytes to no avail. There is a company who seems to be the source of this issue who offers a fix for about $80. I just don't understand why NIS doesn't even recognize that there is a problem. Does anyone have any suggestions? Please help.
<<edit: subject edited for more clarity>>
Solved! Go to Solution.
10-25-2009 09:03 PM
Go to safe mode
Then open sys restore and restore to a 2 days older date
This should rectify ur prob as mine was corrected by this step, let us know if it helps.
10-25-2009 11:04 PM
Did you run any files before you encounter the problem?
If so, that may be the culprit.
If you remember and still have the file, can you send the file to us for analysis?
You can submit the file via https://submit.symantec.com/websubmit/retail.cgi.
Please reply this message with tracking # you received.
10-26-2009 01:28 AM
Do not change any more file extensions as this may prevent the file from being unencrypted. Removal of the malware will not correct the file extensions. There are links to two possible fixes, both programs offering trials. Only small numbers of files can be corrected at one time in the trial versions.
I would recommend reading the information on the site carefully to make an informed decision.
10-26-2009 05:54 AM - last edited on 10-27-2009 05:44 PM by shannons
Thank you for all the ideas. Here we go...
I tried to restore the system to the way it was before this, when it reboots it says unable to restore system, despite having daily restore points. I tried several different restore points, all with the same failure.
I believe that equisysltd is the releaser of this malware due to their advertising on every post that names .vicrypt. It is certainly not professional advertising.
Unvicrypt does not work on this, I already tried it. It is unable to change a single file back to normal.
I downloaded 3 files, all from Softpedia, right before this happened. The files are here: [Removed]
I personally believe it is the first file on that list.
I am working from my laptop as I have isolated the other computer from my network/the internet to prevent any further issues, so I do not have the files, and I am unwilling to download them to my laptop and risk the same thing.
On another note, the computer is running windows xp sp3, norton IS 2010, and I have not had a virus since the late 1990's. I downloaded these files from softpedia, which I used to trust, and scanned them with NIS, which i used to trust, before I opened them.
That computer has all of my school work on it, and all of my photos. I will format and reinstall, I just need some way to recover those files.
10-26-2009 06:05 AM
Try sys restore in only safe mode, coz norton prevents sys restore in normal mode.
Had u tried it in safe mode or normal mode?
10-26-2009 06:18 AM
10-26-2009 06:19 AM
Ya but after that encryption thing, he might not be able to turn off tamper prot or may be he has not done it.
In safe mode all other util other than norton are not blocking sys restore, so its better to restore using safe mode than normal.
10-26-2009 06:20 AM