We have a Microsoft Windows server, we find all files changed to an extension .ETH file (Specially the AutoCAD files .dwg files).
As the following:
All files converted to .id-26E67253.[helpfilerestore#india.com].ETH.
Also, If I tried to connect any flash USB to the computer, all files inside the USB Drive hacked also.
I just need any suggestion, how can I get my old files, and how can I fix the virus or hacking?
It is a ransomware named Dharma.
Check this link Dharma Ransomware
Related
I recently watched this video of Forcepoint DLP. The guy over there, applied an encryption policy (which encrypts files copied to USB) to files which are on USB. In windows explorer, files are shown as not encrypted but they are actually. The interesting thing is when he ejects USB and inserts to another pc (which has no DLP endpoint software of Forcepoint), files are shown with .ws suffix. Which specification of WINAPI provides this? Thanks in advance.
I am now facing a great problem. I don't know how many files has come to my computer with unknown extensions (such as: .pxv,.cf)
I don't need these files. Can you give any command by which all the files of such extension in my computer will gone forever?
I can't seem to find any way to open an old .OBD file. Our company has around a hundred of these binders that were created a long time ago by another company that we took over. They were created using Office 97 on some old machines that don't exist any more.
Our current machines run Windows 7 or later, with Microsoft Office 2010 and later. Is there a way to open these .OBD files? I've tried the Unbind.exe program that some people mentioned on other forums, but it won't run in Windows 7 with any compatibility settings. 7-zip was able to sort of look into the binders, but the files that were extracted aren't readable by any Office software.
We looked into using pywin32 to talk through COM and use Office to do the unbinding automatically, but we still need some program to actually do the unbinding.
Does anyone have any solutions? Thanks.
EDIT: I figured out the problem. The unbind.exe application (available from Microsoft) works, but only when run in a 32-bit OS. Using compatibility mode from a 64-bit OS doesn't seem to work. I was able to use a virtual machine on our servers that was set up for something else. If you don't have a 32-bit environment handy, I'm not sure on how to get around this.
I had 4 Microsoft binder (*.obd) files I wanted to open and didn't have access to a 32bit Windows computer. Please note that this method does not retain the original file names of the documents. Using Windows 10 64 bit I used 7Zip to extract the obd files to folders. Inside the folders were subfolders numbered 1, 2, 3 etc. In the subfolders were data files called WordDocument, Book and PowerPoint Document. I renamed WordDocument files to filename subfolder.doc, renamed Book files to filename subfolder.xls and renamed PowerPoint Document files to filename subfolder.ppt. Then I opened .doc files in Word 2019 and resaved as .docx files. Then I opened .xls files in LibreOffice Calc v7.2 and resaved as .xlsx files. I didn't have any luck with .ppt files. In my case I had to change Word 2019 protected view settings (File, Options, Trust Center, Trust Center Settings..., File Block Settings, untick Word 2, 6.0 & 95). Hope someone finds this info useful.
I'm trying to write a restore script for an embedded PC running Windows XP, the idea is, to plug in an restore USB flash drive, boot it and copy an image from the flash drive to the PC. That's working fine so far. However each embedded PC has an individual license file, which needs to be preserved.
I'm trying to copy these files to flash drive, restore the image and copy them back to the PC.
If I copy them using Windows Explorer, they are are ok.
If I copy them using command lines "copy" or "xcopy" they break. The also break when I use C# and File.Copy, so I guess there are some attributes which are not covered.
Any ideas how to copy these files without the need to log in (they usally don't have any kind of display or keyboard)?
Note that the license files are bound to hardware id, i'm not trying to pirate anything.
I am able to write to a .txt file in Windows Phone 7. I know I can read this file programmatically, but how will I be able to get this file to a PC? Where exactly is the file stored on the phone?
The SDK comes with the Isolated Storage Explorer tool which allows you to read and write files from Isolated Storage. Learn about it's usage at http://msdn.microsoft.com/en-us/library/hh286408(v=vs.92).aspx
This assumes that you're wanting to do this with files you're creating for dev/testing purposes.
If you want to make an application which allows you to create files which users can access from teh PC you're out of luck. Instead you'd need to look at emailing the info from the file or distributing the file via the web.