Possible Security issue

[JustGeorge 1,658]

This method produced a result for me: https://superuser.com/questions/58878/how-to-list-encrypted-files-in-windows-7

On my machine, the encryption.txt file was generated in the root of my user Dir.

 

Quote

 

 

 

open a cmd prompt

Enter the command: cipher /s:c:\ > encryption.txt

Open the file "encryption.txt"

To find encrypted folders, search for "will be encrypted"

To find encrypted files, search for "E" at the beginning of a line

Without parameters, Cipher lists state of the current directory and all files in it. The /s parameter tells it to recurse, and c:\ gives it the starting point. From there, "> ..." just redirects the output.

Cipher's output for encrypted files and folders look like this:

 Listing c:\Dev\Encrypted\
 New files added to this directory will be encrypted.

E Default.aspx
E Default.aspx.cs
E Default.aspx.designer.cs

Cipher's output for normal files and folders look like this:

 Listing c:\Dev\Plaintext\
 New files added to this directory will not be encrypted.

U Default.aspx
U Default.aspx.cs
U Default.aspx.designer.cs

Hope that helps.

 

Also from same page...

 

Quote

 

cipher /u /n /h will find and list all encrypted files on your hard drives (as mivk commented on the other answer) without need for any additional filtering (that could go wrong). Credits for this also go to this tutorial where I found this answer.

Note: If there are no encrypted files on the system (any disk), the command returns immediately with the response:

The system cannot find the file specified.

This is not an error. It means there are no encrypted files. It seems in this case this info is cached somehow.

Important note: This does not list all encrypted files! Apparently it only lists files belonging to the current user who is running the command.

 

 

 

 

 

Edited May 14, 2017 by slamfire92

[Joe User 491]

11 hours ago, slamfire92 said:

Note: If there are no encrypted files on the system (any disk), the command returns immediately with the response:

The system cannot find the file specified.

This is not an error. It means there are no encrypted files. It seems in this case this info is cached somehow.

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

[bikeman25 63]

Well Ended up using Western Digital Secure Erase SSD boot drive, and did a clean install, so far the problem hasn't returned,  exact cause still an unknown, being very careful what I click on/reinstall at this point.

 

Scanning other house hold PC's for any infections as well,  external drives as well, so far nothing found with Avast Free on other system boot scan, eset online scan, Malwarebytes Free.    I think soon I can declare those other drives clean lol and systems

 

one more drive to check still though, and then might check all the other flash drives.

 

Should I reinstall Avast on this system?   Or will I be fine on my main AMD FX system with Windows Defender

 

 

 

[JustGeorge 1,658]

20 minutes ago, Joe User said:

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

"Keyboard Error Press any key to continue"

"Something went wrong"

 

Sometimes you just have to conclude that they're intentionally messing with us  

 

 

Edited May 14, 2017 by slamfire92

[bikeman25 63]

Lmao, they could be intentionally messing with users,  heck this morning during the Secure erase of SSD procedure, after I got the drive out of frozen state, Monitor stayed dark, so I went and took shower lmao, and came back and finally showed on screen done, i'm like really great programming where monitor won't even wake up during a task lol.  

 

As for system operating fine so far, no weird popups yet, but a lot more to reinstall,  just formatted the secondary drive, I didn't zero wipe it as not sure which program works with Toshiba drives lol

 

 

I just hope all the problems are done with,  Printer full software did reinstall though, so that's progress lol

 

 

Not sure on staying with Defender though, as every other PC uses Avast in the household, but if it's best to stay with Defender, then will

 

 

[JustGeorge 1,658]

5 minutes ago, bikeman25 said:

Lmao, they could be intentionally messing with users,  heck this morning during the Secure erase of SSD procedure, after I got the drive out of frozen state, Monitor stayed dark, so I went and took shower lmao, and came back and finally showed on screen done, i'm like really great programming where monitor won't even wake up during a task lol.  

 

As for system operating fine so far, no weird popups yet, but a lot more to reinstall,  just formatted the secondary drive, I didn't zero wipe it as not sure which program works with Toshiba drives lol

 

 

I just hope all the problems are done with,  Printer full software did reinstall though, so that's progress lol

 

 

Not sure on staying with Defender though, as every other PC uses Avast in the household, but if it's best to stay with Defender, then will

 

 

Create a system image after setting everything up, so you don't have to go through this again:

 

 

 

[bikeman25 63]

Will do most definitely create one once all back in order.   Hopes I never have to go thru this again, and all is well now.   been up since 6a.m. running scans, and checking things, and such,  Eventually 

replacing secondary drive with a Western Digital as well so can use same diagnostic tools as all the other Western Digital drives use, but that's months away when I have money lol.  

 

 

Might stay with Defender for Antivirus protection 

 

 

 

 

 

[The Evil Overlord 18,441]

12 hours ago, bikeman25 said:

Does secure erasing the SSD shorten it's life though?   First ever SSD, so nervous on killing it too soon,

Can't say for sure, but my Kingston ssd is 4 or 5 years old now (possibly older), and I've reformatted it a few times, ssd life still recons it's good for another 6 years (I doubt it personally, but time will tell)

Spoiler

 

[bikeman25 63]

Yeah mine don't really support SSD life lol, states unable to determine life span lol,  but rating in Western Digitals Lifeguard program shows 99 percent life rating, so guess its ok still, But does show Healthy though, so guess that's just fine then lol

 

 

 

[goretsky 1,049]

Hello,

 

One thing to check in the future (if it happens again) is whether your security software has some kind of anti-ransomware feature, whether or not it is enabled, and if it is compatible with your build of Windows 10  If so, that could have been what was blocking Cipher (filename: CIPHER.EXE) and/or causing the EFS dialog to appear.

Regards,

Aryeh Goretsky

[bikeman25 63]

Avast did have Behavior shield, though I don't see it happening on upstairs Desktop that is also Running same version of Windows 10 Pro Creators 1703 Build 15063.296, but i'll go up and check that one again 

 

 

[adrynalyne 12,141]

2 hours ago, Joe User said:

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

I don't get an error, nor does it show any encrypted files on my drive. I do have them, but I'm not using efs for it. 

[adrynalyne 12,141]

2 hours ago, The Evil Overlord said:

Can't say for sure, but my Kingston ssd is 4 or 5 years old now (possibly older), and I've reformatted it a few times, ssd life still recons it's good for another 6 years (I doubt it personally, but time will tell)

  Hide contents

 

Secure erasing I believe also writes zeroes to the drive which could potentially lower life span, but I don't know by how much. A regular format doesn't do such things. 

[bikeman25 63]

Secure Erasing of SSD was done thru Western Digital SSD Dashboard bootable usb, unknown if it wrote zeros or not, since Monitor went black during the process, the drive was in frozen locked state, PC went into suspend mode, 20 seconds later, woke it back up, and then had no monitor picture, so no idea what it actually did after I pressed enter (as a guess to continue), then plugged in Windows 10 Pro 64bit USB drive, and did the install.   

 

SSD dashboard shows 99 percent for life remaining, same as before as of right now

 

 

[JustGeorge 1,658]

20 minutes ago, adrynalyne said:

I don't get an error, nor does it show any encrypted files on my drive. I do have them, but I'm not using efs for it. 

Whats the hash of your cipher.exe?

 

Just tested on my PC @ work. Same result as the other 3 I've tried.

[+DonC 607]

I'm getting:

 

 

The first time I ran the cipher command, I got the error message but not the second time.

 

(SHA256 hash included)

 

Edit: This is on Windows 10 Home.

[JustGeorge 1,658]

 

 

Edited May 14, 2017 by slamfire92

[+DonC 607]

1 minute ago, slamfire92 said:

Here's mine:

Here's mine:

Oh wait, this machine isn't on the Creators Update since it's about to go in for repair and it's likely the drive will be reset to a factory image. (My version string starts with 10.0.14)

[adrynalyne 12,141]

40 minutes ago, slamfire92 said:

Whats the hash of your cipher.exe?

 

Just tested on my PC @ work. Same result as the other 3 I've tried.

I'm not at home to see. I'll post it later. 

[adrynalyne 12,141]

4 hours ago, slamfire92 said:

 

 

 

[JustGeorge 1,658]

Well they match, so its not that.

 

 

 

 

 

[bikeman25 63]

Well System running perfectly fine now,  Getting System Image done in a moment here, Perhaps i got something when i was testing myself using Defender for Antivirus protection or left over infection from previous one,  plan on checking all flash drives with secondary system later on before connecting to this one.

 

Thank you everyone for the replies and help in this matter so appreciate it

 

Really thought i was a safe surfer, not sure if previous issue was indeed infection or something accidently encrypted, but anyhow everything is working fine now, so relieved in that matter