[OT] files that have strange suffixation

Matthias Rebbe | M-R-D matthias_livecode_150811 at m-r-d.de
Sun Dec 27 11:09:45 EST 2015


You need to run the Norton tools on the infected Windows pc.

Matthias

> Am 27.12.2015 um 16:51 schrieb Richmond <richmondmathewson at gmail.com>:
> 
> On 27/12/15 17:36, Matthias Rebbe | M-R-D wrote:
>> 
>> Richmond,
>> 
>>> Am 27.12.2015 um 16:22 schrieb Richmond <richmondmathewson at gmail.com>:
>>> 
>>> One of my employees is in the sh*t as she has been running a computer with Windows XP and
>>> NO virus protection, and NOT backing up her files; so ALL the photos of her kids over the last 8 years have
>>> "gone down the tubes".
>>> 
>>> Having hooked her hard drive up to my Linux box I can see that all her JPG files have had ".xtxxxdn" attached to the
>>> end of their names
>> Are the jpeg file okay and only their names end with xtxxxdn?
>> 
>>> (NO, removing '.xtxxxdn' is insufficient), and likewise with DOC files.
>> What does that mean? Is it not possible?
>> 
>> Did you try to move the ipegs to an usb stick for example and tried to remove the suffix under Mac OS X or Linux?
>> 
>> 
>>> I can find no reference to '.xtxxxdn' on the internet and wonder if anyone on the Use-List can help me, as one small
>>> family would have a much happier Christmas if I could get all their family photos back.
>>> 
>> You could try if the free Norton Rescue tools still run under XP.
>> 
>> https://security.symantec.com/nbrt/overview.aspx?lcid=1031&NUCLANG=en-us
>> 
>> 
>>> Richmond.
>> I keep my fingers crossed.
>> 
>> Matthias
>> 
>> 
> Thank you very much for your suggestions.
> 
> I have tried removing the suffixation on Linux and am still unable to open the JPEGS:
> 
> "Not a JPEG file: starts with 0x9f 0xe1"
> 
> "Not a JPEG file: starts with 0x5f 0x13"
> 
> as you can see from those 2 example it looks as though the virus has written stuff at the start of
> the files.
> 
> I do not have access to a machine running Windows (I have machines running Linux, Mac OS 10.5 and Mac OS 9.2).
> 
> However, I will try to see if the free Norton Rescue tools will run under WINE 1.9.
> 
> Best, Richmond.
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the Use-livecode mailing list