Page 1 of 2 12 LastLast

  1. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #1

    Windows 10 is suddenly encrypting files


    Yesterday I spent some time consolidating files from three external hard drives down to two. Somewhere along the line Windows started prompting me to backup my encryption key. I have no idea why, since I didn't ask for any encryption. Bitlocker is off for all drives.

    Then I performed a full backup of my D (data) drive using the "copy hard drive" function in Paragon Hard Disk Manager. And, as I have done before, I replaced my existing D drive with the backup.

    I've used that software many times to make the backup and I've never specified encryption in the process. I don't even know if it's possible in Paragon. Yet, somehow, I have encrypted files on the (new) D drive, so every time I boot up I get a prompt to backup the key. I actually did the key backup once, figuring "what the heck," but the prompt still appears.

    I ran cipher /u to see what might be encrypted and got a list of encrypted files on the (new) D drive, and Windows reports that every one of them "could not be decrypted." About half are PDFs in my Documents folder, and others are various file types in other folders.

    Also, when I run a search in File Explorer on that drive, when the requested files come up they have blank icons, no folder path, and don't do anything when I double-click them.

    What's going on here? The logical assumption would be that I encrypted some files, but I can't begin to imagine how, or why only some of the files on that drive are encrypted. I hope putting the first D drive back in the computer will take care of this in the short term, but that won't tell me how any files were encrypted. I don't want to encrypt any files right now, and I want this nonsense to stop.

    EDIT: It seems that entire folders were encrypted. I tried decrypting a few of them, and the results are hit-or-miss. Some work, but others don't, and there's no explanation.
      My System SpecsSystem Spec


  2. Joined : Oct 2014
    Posts : 46
    Windows 11
       19 Feb 2016 #2

    With all these stories of cryptoware in the news lately, I'd be worried. You might want to run something like this, just to be sure: Malwarebytes Anti-Ransomware. Here's a good write-up on the topic, if you're not familiar.

      My System SpecsSystem Spec


  3. Joined : Aug 2015
    Posts : 395
    Windows 10 Pro x64 1607
       19 Feb 2016 #3

    I've been reading forums on this problem and it looks like there are some programs that can cause automatic encryption of files, and that you have to go and manually decrypt the files, or uninstall the program causing it.

    You may want to install a clean copy of Windows on a clean hard disk if you have a separate hard disk for testing.

    Looks like a lot of unknowns here
      My System SpecsSystem Spec


  4. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #4

    Michael said: View Post
    With all these stories of cryptoware in the news lately, I'd be worried. You might want to run something like this, just to be sure: Malwarebytes Anti-Ransomware. Here's a good write-up on the topic, if you're not familiar.
    I downloaded and installed that program, and it says I'm protected, but if there's already cryptoware on my PC I'll be darned if I know where it is. I installed a few new programs recently; I'll uninstall them to be safe.

    EDIT: By the time I got through uninstalling a few programs, Anti-Ransomware reported a piece of ransomware that was added to my User folder, or a sub-folder of it. I don't know if there are any more, but it looks like this software is on the job. I'd rather not go through the trouble of a fresh 10 install, but it's on the back burner, if needed.

    BTW, reverting to the previous D drive didn't help. The same files are encrypted there, and I can't seem to decrypt them. Some folders will decrypt, but the files won't, and some folders don't decrypt at all. I can't even copy them to another drive to get them off my main drive.

    I'm very worried now......
      My System SpecsSystem Spec


  5. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #5

    Another update: I can decrypt folders, but not files. And I can't move the files off that drive to another that won't stay in the computer. This is very frustrating.

    BTW, I found the original encryption key, but my password didn't work. I sent that key to the recycle bin and copied the key I created with the backup to the same location, but although my password is recognized, I still can't decrypt any files.
      My System SpecsSystem Spec


  6. Joined : Aug 2015
    Posts : 395
    Windows 10 Pro x64 1607
       19 Feb 2016 #6

    You may need to do a fresh install if all else fails, which is what it looks like.

    Plus the fresh install is easy. Since your system was already activated, just boot from the disk, skip the product key page and the system will automatically activate itself after install.
      My System SpecsSystem Spec


  7. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #7

    A fresh install may be easy, but it's time-consuming and tedious. I'd rather not go to that trouble, but if that's what I have to do, then that's what I'll do.

    Just one thing: how would a clean install let me decrypt those files?
      My System SpecsSystem Spec


  8. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #8

    UPDATE:

    I found the problem, and it's a virus or trojan. It must be. In addition to the item found by Malwarebytes Anti-Ransomware, there was a PFX file called cert_info.pfx in the Documents folder of my D drive. I suspect this was a new encryption key installed by the virus and that it overtook the original key.

    I deleted the file, but it appears to be too late for my 10 installation. I still have 7 on a separate drive, so I plugged it in and was able to decrypt all of the encrypted files and folders.

    I'm still worried because some of the encrypted files contain personal information which I should have encrypted -- or, better yet, should have removed from that drive and stored elsewhere. My wife and I will need to keep an eye out for identity theft.

    In the meantime, I'm back on 7, and if I want to run 10 again, I'll need to do a fresh install.

    Thanks again for your help.
    Last edited by cpmusic; 19 Feb 2016 at 12:48.
      My System SpecsSystem Spec


  9. Joined : Oct 2014
    Posts : 46
    Windows 11
       19 Feb 2016 #9

    Glad you caught it before all was lost. I make sure to do occasional backups to external drives that I otherwise keep disconnected from the computer, especially for this reason. These crypto viruses will eventually encrypt every file they can get access to.

    Stay vigilant!
      My System SpecsSystem Spec


  10. Joined : Oct 2015
    Posts : 66
    Windows 10 Pro 64-bit
       19 Feb 2016 #10

    Thanks! As it turns out, the file that the anti-ransomware program found was au_.exe, which is part of some uninstall routines. I learned this first by Googling the file, but it really hit home when I was deleting a program after the anti-ransomware quarantined the file, and the uninstall crashed as a result.

    However, I'm sure that PFX file was the troublemaker since it didn't exist on my 7 installation and 7 decrypted the files with ease. I also copied the personal files to a separate hard drive, and then encrypted and hid those files on my main data drive.

    (I also prefer 7's way of signaling encryption with green font instead of 10's signal of a teeny-tiny sub-icon, but that's another matter.)

    It may be coincidence, but it seems that this trouble started after I uninstalled Avast and let Windows Defender take over. I've gone back to Avast, and I ran a detailed scan of my entire system. I also ran Malwarebytes standard program. Avast found problems with a handful of files I recognized, and it fixed them. Malwarebytes found nothing new. Since the anti-ransomware program had a false positive I couldn't undo, I'm leaving it alone for now.
      My System SpecsSystem Spec


 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Can I shut down my PC while BitLocker is encrypting?
What would happen if my computer shuts down while BitLocker is encrypting my data partition drive? It takes ages! I am running Windows 10 Pro Thank you very much in advance
AntiVirus, Firewalls and System Security
Solved Windows 10 Weather App Disappears suddenly.
I have recently upgraded from Windows 8.1 Pro to Windows 10 Pro and everything was fine then. But recently I am experiencing an issue which is Windows weather app dissapears/close suddenly when kept open for a few seconds. Any help will be...
Software and Apps
Cannot start any program suddenly on Windows 10
Hello, I just upgrade to Windows 10 from Windows 8.1 two days ago. I installed Microsoft Office Home & Student 2013 last night. Office seems working fine. However, this morning I cannot start any program, such as Adobe Reader and Google...
General Support
Suddenly can't run bat files as administrator
New, weird, behavior -- If I right click on a bat file, and Run as Administrator, all I get is a brief flash (perhaps a command window?). Just double clicking on it runs as expected (though not elevated, which is what I need). If I open an...
General Support
Windows 10 - Suddenly Crashing On Startup
Hi all, I have started experiencing some problems over the last few days in relation to the startup of Windows 10. I'm not overly sure why, but recently when I have been starting the computer for the first time in any given day, the wheel that...
Performance & Maintenance
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:29.
Find Us
Twitter Facebook Google+



Windows 10 Forums