Virus has affected Photos

Good morning,

               I appear to have a virus that has affected some but not all of my photos. The virus leaves the following message in place of the photo " ASK GOOGLE "W32:PEMILU FIND OUT HOW TO GET YOUR PICTURES BACK". I have tried searching for info regarding these symptoms but find nothing.

Please help.

Thanks in advance,

John

I’d guess your files have been encrypted by a virus.

The usual tactic is to demand a ransom before supplying a key which will unlock the files.

I have no idea what virus encrypted your files, because the ransom message doesn’t lead anywhere, but it might be something like this:

http://bbsi.com/wp/?p=123

Try one of your files on the decrypter here

https://filefix.fireeye.com/

Frank,

    Thanks for the quick response. The photos infected appear to only be the .jpg files, so far there are no .tiff, .psd or RAW files that show the same problem. I did try the decrypter that you offered (thank you) however it did not work as the file came back as a line description only. I run XP Pro and when scanned with Avast or Malwarebytes both scan clean.

John

I would also like to add that this infection of my .jpg files appears for now to be contained to my “C” drive and all photos on my second internal drive “D” appear to be fine.

John

Try a scan with DrWeb CureIT!
or Kaspersky Virus removal Tool

Or try some online scans. (Disable avast! while scanning.)

F-Secure
BitDefender
Trend Micro Housecall
ESET Online Scanner

Good morning,

I have tried the various scan programs that you have suggested and while some of them found problems and fixed the problem I still have a virus that removes my jpg & mp3 files. The file is replaced with a suugestion to " ASK Google w32:PEMILU 2009 ". I also found some posts when searching the phrase that looked like it may be dowadup, so I tried removing it but the scanner said "no dowadup found. I appreciate all the help you have already provided Frank, any others you can think of??

John

I did a search and found your posting. I have the exact same issue, but it seems no one anywhere has any information on this.
My job is as a Computer Consultant, and I haven’t ever run across anything like this.

It appears that it makes a modification to these files, and there is no recovery, except to get rid of it.

I used a combination of virus removal software packages to get rid of it.

  1. Symantec Endpoint Protection
  2. Ad Aware (PROFESSIONAL). This must be used to protect the virus from re-creating itself in your registry.
    Make sure it is set to do that as well
  3. MalwareBytes.org software (Also utilizing the purchased edition, so I have realtime protection)

Between these 3 and 12 hours of work, I have cleaned my pc of this wicked virus.
Problem is no matter what, I can not get the pictures repaired.
I see my Excel spreadsheets and some movies also that were manipulated.

I have used also 2 different delete and partition recovery software packages to see if it is anywhere on my pc.

They are not.
Apparently the original is destroyed at the point of infection/manipulation of that file.

Hope this helps some,

Bergie Buse

Hi bbuse,

Well you use admin rights to work this tool to remove it:
http://tc.versiontracker.com/product/redir/lid/1441980/MSNVirus.exeMSN%20Photo%20Virus%20Remover

polonus