Found lots of encrypted files! How did that happen and how to decrypt!

  1. Posts : 17
    Windows 10 Pro x64

    Found lots of encrypted files! How did that happen and how to decrypt!

    I was doing a backup of a hard drive and to my surprise there were +-400 files that could not be copied because they are encrypted!?
    The thing is...I never did that so first, how could that have happened and second, how can I decrypt them?

    As found on a youtube video, I tried using cipher /D in the Command Prompt but that didn't work...any ideas?

    Windows 10 x64
    v10.0.14393 Build 14393
      My Computer

  2. Posts : 27,656
    Windows 10 Pro x64 Version 21H1

    I've never heard of a file not being copied because it is encrypted. I copy encrypted files.

    What is the full error message provided?

    Do you recognize name of files?

    Is there something common in the naming? (Might help pin down origin)

    One thing that encrypts files is Ransomware. That is how it works. Did your AV give any hints as to a battle it may have fought? Is there any thing in quarantine in any of your AV product?

    Your running Version 1607 which is out of date by years. Any particular reason? You are at least six versions behind.

      My Computer

  3. Posts : 6,969
    windows 10

    Whats the extension of the files it may tell us what's done it
      My Computer

  4. Posts : 17
    Windows 10 Pro x64
    Thread Starter

    Caledon Ken... it's an LTSB version of Windows because I don't like being forced to update to every little gimmicky feature in Windows but...maybe I'm paying the price now!

    What is the full error message provided?
    It's the message that's displayed by my backup software:" Cannot copy file. Access Denied. The file is NTFS encrypted and so cannot be copied using the Backup Read/Write copy method".

    I then checked the properties of some of the files and they are in fact encrypted!

    The name of the files are completely unaffected. They look absolutely normal and it affects any type of files (audio, pdf, system, etc...). Access to all the affected files is blocked.

    I just have the default Windows protection (Firewall & Windows Defender) but in almost 25 years of being online, I've virtually almost never encountered any threat because I practice the usual precautions of never opening unknown email attachment, I run a online viruscan on almost any download executable file, etc...

    I'm not excluding it could be a ransomware attack but since I've never had one, I'm posting here to in fact try to understand the cause. Sometimes, there are known issues with Windows and I just thought this might be one of them...maybe...hopefully! .

    - - - Updated - - -

    One very odd thing is, I can't run the cipher /u /n command at all (I tried on my laptop and it works fine!).
    I get a message "the system cannot find the file specified"??
    I wanted to see if any additional files had gotten encrypted since I noticed the problem. Right now, as a precaution, I shut off the internet access on the PC and I'm writing from my laptop.
      My Computer

  5. Posts : 27,656
    Windows 10 Pro x64 Version 21H1

    Well you very much sound like you know what you are doing. I just mentioned ransomware as that is one thing that does this kind of dirty work.

    What happens when you try to open say a pdf?
      My Computer

  6. Posts : 17
    Windows 10 Pro x64
    Thread Starter

    I deleted the only affected pdf (unimportant file) but with all my audio files, they just won't play, no message.

    However, I've been running Windows Defender and one of the detections could be of interest: Trojan:HTML/Adpoup.A
    I couldn't find any info on it but reason why it's interesting, is that it's also among the encrypted files that couldn't be copied. I mean, I had +-1,6M files to copy and of the 400 files, most are contained in 3, 4 folders (so every single file in the folder is encrypted)...except that Trojan file which resides alone and was also detected by the backup software as a virus.

    Although, it could be wishful thinking because if I look at the log times of when the copy errors occurred in the backup software, many errors happened before the Trojan detection so....still searching I guess.

    - - - Updated - - -

    Yikes! Just found this thread...sounds eerily like my story! I just downloaded Malwarebytes, will run a scan as soon as Windows Defender finishes

    - - - Updated - - -

    Malwarebytes didn't help either. But I'm seeing it's not an unusual problem, many other users report something similar...just need to stumble on the solution.
      My Computer

  7. Posts : 27,656
    Windows 10 Pro x64 Version 21H1

    Well in that thread the member found a couple of things, although nothing finite.

    Mentioned finding virus / Trojan, then some talk of Avast.

    Are you using Avast or have you ever used?
      My Computer

  8. Posts : 17
    Windows 10 Pro x64
    Thread Starter

    No, I don't use Avast, never have.
    I'm still searching,I found again more similar posts like this one too. Although not exactly the same problem, but some of the symptoms. In this post, it's the fact that the user is unable to run cipher u/ n/ in command prompt and gets the same message as me: "the system cannot find the file specified".

    So, still hunting around for an explanation or solution....
      My Computer

  9. Posts : 27,656
    Windows 10 Pro x64 Version 21H1

    Interesting. Again lots of mentions about Avast and Ransomware.

    I haven't seen lots of threads with a Windows issue but anything is always possible.
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:46.
Find Us

Windows 10 Forums