Solved! File extension error

Sidebar Sidebar
A

archarunvetrivel

Dec 5, 2018
3
0
10
Hi, I am a windows 10 user and I am lately facing a problem with my few pdf files which seems to have automatically changed its extensions to ".NJFITAVTX" in addition to .pdf

For Ex: "xxyyzz.pdf" got changed to "xxyyzz.pdf.NJFITAVTX"

I am unable to open those pdf files and I also found a NJFITAVTX-DECRYPT.txt file in that same folder

I tried renaming the file to .pdf yet the file says corrupted while opening.

So, could I use read my pdf normally again by removing this extension and yet read the file at the same time

Couldn''t find any similar problems anywhere on the net, so please let me know if there is a solution to this

Thanks
 
Solution
stdragon
Depends on if the encryption key was made public / reverse engineered, leaked...etc by anti-virus vendors. If so, they might be able to be decrypted. Otherwise, they files are lost forever unless you have a backup of them.

I recommend installing Bitdefender AV and performing a full scan. Oh, and cross your fingers.
Sort by date Sort by votes
stdragon

stdragon

Proper
Apr 5, 2018
94
0
160
Depends on if the encryption key was made public / reverse engineered, leaked...etc by anti-virus vendors. If so, they might be able to be decrypted. Otherwise, they files are lost forever unless you have a backup of them.

I recommend installing Bitdefender AV and performing a full scan. Oh, and cross your fingers.
 
Upvote 0 Downvote
Solution
stdragon

stdragon

Proper
Apr 5, 2018
94
0
160
Most ransomware don't install rootkits unless aiming to completely hijack the OS with a ransom message and instructions upon boot. But for the majority, they run from a browser and execute remaining only in RAM. None of the binaries of the malware stay on the system so as to explicitly prevent reverse engineering. Many of the ransomware kits in fact look to see if it's running on a VM and terminate; again, to prevent reverse engineering.

Simply rebooting the machine will terminate the ransomware process, but that still leaves the files encrypted. And just because the file hasn't been renamed yet doesn't mean the files haven't been encrypted too. There is an order to the process so as to provide little identification of the damage until the very end...by design. They go so far as to whack all VSS copies, external drives and all enumerated volumes, and even trigger after-hours or low activity so it has time to silently grind away at the data before being interrupted.

TLDR; Ransomware is ENGINEERED to destroy data. Entire suites of the "platform" are sold on the dark web. Coded by some of the best programmers in the world.

 
Upvote 0 Downvote
USAFRet

USAFRet

Illustrious
Moderator
Mar 16, 2013
7,439
110
40,290
^^^^
Yep.

Unless there is an already published decryption routine for that specific ransomware variant, you have two options:

1. Recover from the backup you made before this happened.
2. Accept the total loss of your data, and start over.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

I
Question Methods to restore corrupted combined program files made into zip files
Replies
11
Views
3K
Laptop Tech Support
COLGeek
COLGeek
JMCeditor
  • Locked
  • Question
Solved! Vegas Video Editor Finished Renders Not Playing In Any Media Player
Replies
1
Views
7K
Apps General Discussion
COLGeek
COLGeek
B
  • Solved
Solved! Editable Pdf file
Replies
1
Views
2K
Apps General Discussion
COLGeek
COLGeek
Unknown_Email
  • Locked
  • Solved
Solved! Cannot delete files from SD card.
Replies
3
Views
24K
Android Smartphones
mejustsayin
mejustsayin
B
  • Solved
files changed to .losers extention
Replies
12
Views
5K
Antivirus / Security / Privacy
Saga Lout
Saga Lout

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom