ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Maybe there are unaffected copies of some jpegs on other medium? In this case you could try to compare before- and after- states and try to figure out the algorithm. Maybe just a couple of bytes are changed or files are XOR'ed with something (you can try to use known JPEG headers to figure out the key).
As they say they received a popup asking for payment, it would indeed appear to be some cryptolocker type of exploit.
On the other hand, you say it is only jpg image files that are affected, and your original links were to a goodle drive account (thanks again for removing them so quickly) - so I wonder if it is related to the problem discussed in this thread.
Firstfire, I will check with my friend if we can find a photo that we can compare.
Habitual, will check this as soon as I have access to my computer!
Astrogeek, I don't think it is related: jpg files infected were local on my friends pc (he also corrupted his back-up hard drive when he plugged it on his machine). I just uploaded an example of corrupt jpg on my google drive so that people could try to detect what's wrong with the file or attempt to fix it, knowing it does cause any issue on non win**** systems (tried on my mac :-))
Thank you all for giving advice: I didn't expect so many useful answers, somehow I knew I was turning myself to the best !
A little update:
- virustotal didn't find anything weird about my file
- my friend will look if he can find a non corrupted version of one file to see if we can compare data contained
- his office documents were infected too (must have been tired when he explained in the first place)
- it seems he was infected by "threat finder v3", need to see if i can find more details about that (it does not seem to be included in the ransomware removal kit you provided, Habitual)
This is "ransom-ware" and is one very good reason to keep Win-doesn't anti-virus soft up to date. Backup everything, preferably to a write once CD or DVD, that you want to keep.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.