Hello everyone I havn't used this site since I was a teenager but have ran into a problem recently and need help. Problem - Some of my files are showing up with green font and it's telling me they are encrypted and I can't open or copy them. I've never used encryption, never encrypted any of my files, I have no idea how this happened. I've been running this computer for 8 years and been using the same license of windows 7 for the last 5. I format and reimage the computer one a year and when I did this earlier today I come to find many of my files like this, WTF is going on??? I've been researching it for hours and tried changing the file owner, tried deselecting the encryption option but it tells me I don't have the permission to do this. I'm really stuck here, these are After Effects files I need for work and my own computer is locking me out of using them... They were created on this computer, never shared with another computer, I've never used encryption, I don't even have a password on my user account. What is going on??? Thanks
Sounds like you have a ransomware virus. It will slowly encrypt your files and then force you to pay a ransom to decrypt them. First thing I would do is backup anything important that is not currently encrypted. It's probably best to do this without running your OS. Perhaps using a Linux live image. Alternatively you might be able to put it in a safe mode level that would allow you to run the OS without the encryption program running. But I don't know how or if that would work. Naturally running the OS with this kind of malware will allow it to further encrypt your files. So avoid doing that if possible.
After you have backed up your data (on separate media to any other backups you may already have), you might want to let the ransomware run it's course, if you can afford to live wiyhout your PC for a while - when it finishes, it will throw up a notice to tell you how screwed you are and where to send the ransom - not helpful in itself, but you may learn which ransomware it is, because some have already had keys released. Needless to say, do not connect any other devices to your PC while it is up and running the encryption.
I disagree; this doesn't sound like ransomware. Ransomware uses its own encryption to lock you out from your files, whereas the files being listed in green means that Windows' built-in encryption has locked them. I don't know of any ransomware that works that way. Try launching a privileged Explorer session or logging in under the administrator account directly, right-clicking on the files and deselecting the encryption option that way. Assuming you haven't encrypted the files and forgotten about it, there are a few glitches that can make Windows mistakenly think files are encrypted - the main one being using Windows' built in compression software to extract a zip archive create on a macOS machine. You can also try disabling encryption altogether by creating the registry key NtfsDisableEncryption in HKLM\System\CurrentControlSet\Control\FileSystem with a value of 1. If that doesn't work, try looking for shadow copies of the files pre-encryption using Shadow Explorer - or just restore from backup. You do have backups, right? Oh, and check the hard drive's SMART stats; assuming your drive is eight years old, it's entirely possible it's actually corrupting stuff and Windows just thinks they're encrypted.
Oh, aye: first rule of faffing around with important files is to faff around with a *duplicate* of the important files!
