Received a fax email with a .SCR attachment. (Tyron_automotive_group_ltd.scr it changed to a .CAB after it was opened)
Someone opened the file and all Word, Excel, PowerPoint, JPG and PDF file got renamed with a .seiznzb extension.
Example: Wordfile.docx.seiznzb
The attached email file icon then changed from a yellow filing cabinet (.SCR) to a zip icon image (.CAB) ??
The email has been deleted since.

I did a full scan and boottime scan with Avast and scanned the PC with several other Anti Spyware/Malware software.
The PC looks like it is clean now but all above mentioned files are corrupt.
I tried to rename the files back to their original names but I get an error message saying the file is unknown or corrupt.
In all the Office files a window opens and ask what type of Text encoding must be used, it defaults to Windows (Default) - Western European (Windows).
The preview is just random characters and symbols.
I have tried some of the other options with no luck.

Is there any way to recover/fix these files??

Do you still have that attachment (dont open/run) upload as is to www.virustotal.com if scanned before, click rescan
post link to scan result here

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Farbar Recovery Scan Tool logs

That is an encrypter that you have I am afraid and it has the appearance of a new one

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png
Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.

[*]Enter the IDTool directory, right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/IDToolbyNathan.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree
[*]Wait patiently until the tool will collect necessary data
[*]Once the main console is loaded, please press Rescan Computer and Generate a New Report.
[*]When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
[*]Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience

Please include that contents in your next reply.

The email attachment disappeared after the boottime scan.

Installed the IDTool and followed all the steps. Dont pickup anything. Below is what I get.

Infection Detection Tool v1.6 - Nathan Scott

Date/Time: 2015-04-17 08:48:36 PM
Operating System: Windows 8
Service Pack: N/A
Version Number: 6.2
Product Type: Workstation

[Detected Flags]

I have seached the internet but can’t find anything related to the seiznzb file renaming problem/infection.

No alas it is a new encrypter, did you get a page come up demanding money ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

No popup’s or anything. It just change all the files to .seiznzb

Scan files attached.

None of the usual suspects are present. Do you have a backup or image that you could use ?

Do you have a copy of the dropper (.scr) at all ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Task: {95F60049-7B49-4597-AC35-4D88B15CF2A5} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

https://dl.dropbox.com/u/73555776/liveusb_ru.jpg

[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

https://dl.dropboxusercontent.com/u/73555776/Live%20boot%20screen.png

[*]Use arrow keys to select DrWeb-LiveCD (Default)

https://dl.dropboxusercontent.com/u/73555776/drwebselect.JPG

[*]Press select objects for scanning

https://dl.dropboxusercontent.com/u/73555776/drwebfolders.JPG

[*]When the system is loaded, check the disks or folders you want to scan, and click on Start.

[*]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so

https://dl.dropboxusercontent.com/u/73555776/drwebscan.JPG

[*]When it has completed

https://dl.dropboxusercontent.com/u/73555776/drwebscancomplete.JPG

[]Select Open Report and copy to the USB
[]Once completed reboot to normal windows, and attach the report here