Possible Security issue

[JustGeorge]

This method produced a result for me: https://superuser.com/questions/58878/how-to-list-encrypted-files-in-windows-7

On my machine, the encryption.txt file was generated in the root of my user Dir.

 

  Quote

 

 

 

open a cmd prompt

Enter the command: cipher /s:c:\ > encryption.txt

Open the file "encryption.txt"

To find encrypted folders, search for "will be encrypted"

To find encrypted files, search for "E" at the beginning of a line

Without parameters, Cipher lists state of the current directory and all files in it. The /s parameter tells it to recurse, and c:\ gives it the starting point. From there, "> ..." just redirects the output.

Cipher's output for encrypted files and folders look like this:

 Listing c:\Dev\Encrypted\
 New files added to this directory will be encrypted.

E Default.aspx
E Default.aspx.cs
E Default.aspx.designer.cs

Cipher's output for normal files and folders look like this:

 Listing c:\Dev\Plaintext\
 New files added to this directory will not be encrypted.

U Default.aspx
U Default.aspx.cs
U Default.aspx.designer.cs

Hope that helps.

 

Expand  

Also from same page...

 

  Quote

 

cipher /u /n /h will find and list all encrypted files on your hard drives (as mivk commented on the other answer) without need for any additional filtering (that could go wrong). Credits for this also go to this tutorial where I found this answer.

Note: If there are no encrypted files on the system (any disk), the command returns immediately with the response:

The system cannot find the file specified.

This is not an error. It means there are no encrypted files. It seems in this case this info is cached somehow.

Important note: This does not list all encrypted files! Apparently it only lists files belonging to the current user who is running the command.

 

 

 

 

Expand  

 

Edited May 14, 2017 by slamfire92

[Joe User]

  On 14/05/2017 at 04:08, slamfire92 said:

Note: If there are no encrypted files on the system (any disk), the command returns immediately with the response:

The system cannot find the file specified.

This is not an error. It means there are no encrypted files. It seems in this case this info is cached somehow.

Expand  

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

[bikeman25]

Well Ended up using Western Digital Secure Erase SSD boot drive, and did a clean install, so far the problem hasn't returned,  exact cause still an unknown, being very careful what I click on/reinstall at this point.

 

Scanning other house hold PC's for any infections as well,  external drives as well, so far nothing found with Avast Free on other system boot scan, eset online scan, Malwarebytes Free.    I think soon I can declare those other drives clean lol and systems

 

one more drive to check still though, and then might check all the other flash drives.

 

Should I reinstall Avast on this system?   Or will I be fine on my main AMD FX system with Windows Defender

 

 

 

[JustGeorge]

  On 14/05/2017 at 15:59, Joe User said:

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

Expand  

"Keyboard Error Press any key to continue"

"Something went wrong"

 

Sometimes you just have to conclude that they're intentionally messing with us  

 

 

Edited May 14, 2017 by slamfire92

[bikeman25]

Lmao, they could be intentionally messing with users,  heck this morning during the Secure erase of SSD procedure, after I got the drive out of frozen state, Monitor stayed dark, so I went and took shower lmao, and came back and finally showed on screen done, i'm like really great programming where monitor won't even wake up during a task lol.  

 

As for system operating fine so far, no weird popups yet, but a lot more to reinstall,  just formatted the secondary drive, I didn't zero wipe it as not sure which program works with Toshiba drives lol

 

 

I just hope all the problems are done with,  Printer full software did reinstall though, so that's progress lol

 

 

Not sure on staying with Defender though, as every other PC uses Avast in the household, but if it's best to stay with Defender, then will

 

 

[JustGeorge]

  On 14/05/2017 at 16:17, bikeman25 said:

Lmao, they could be intentionally messing with users,  heck this morning during the Secure erase of SSD procedure, after I got the drive out of frozen state, Monitor stayed dark, so I went and took shower lmao, and came back and finally showed on screen done, i'm like really great programming where monitor won't even wake up during a task lol.  

 

As for system operating fine so far, no weird popups yet, but a lot more to reinstall,  just formatted the secondary drive, I didn't zero wipe it as not sure which program works with Toshiba drives lol

 

 

I just hope all the problems are done with,  Printer full software did reinstall though, so that's progress lol

 

 

Not sure on staying with Defender though, as every other PC uses Avast in the household, but if it's best to stay with Defender, then will

 

 

Expand  

Create a system image after setting everything up, so you don't have to go through this again:

 

 

 

[bikeman25]

Will do most definitely create one once all back in order.   Hopes I never have to go thru this again, and all is well now.   been up since 6a.m. running scans, and checking things, and such,  Eventually 

replacing secondary drive with a Western Digital as well so can use same diagnostic tools as all the other Western Digital drives use, but that's months away when I have money lol.  

 

 

Might stay with Defender for Antivirus protection 

 

 

 

 

 

[The Evil Overlord]

  On 14/05/2017 at 03:51, bikeman25 said:

Does secure erasing the SSD shorten it's life though?   First ever SSD, so nervous on killing it too soon,

Expand  

Can't say for sure, but my Kingston ssd is 4 or 5 years old now (possibly older), and I've reformatted it a few times, ssd life still recons it's good for another 6 years (I doubt it personally, but time will tell)

  Reveal hidden contents

 

[bikeman25]

Yeah mine don't really support SSD life lol, states unable to determine life span lol,  but rating in Western Digitals Lifeguard program shows 99 percent life rating, so guess its ok still, But does show Healthy though, so guess that's just fine then lol

 

 

 

[goretsky Supervisor]

Hello,

 

One thing to check in the future (if it happens again) is whether your security software has some kind of anti-ransomware feature, whether or not it is enabled, and if it is compatible with your build of Windows 10  If so, that could have been what was blocking Cipher (filename: CIPHER.EXE) and/or causing the EFS dialog to appear.

Regards,

Aryeh Goretsky

[bikeman25]

Avast did have Behavior shield, though I don't see it happening on upstairs Desktop that is also Running same version of Windows 10 Pro Creators 1703 Build 15063.296, but i'll go up and check that one again 

 

 

[adrynalyne]

  On 14/05/2017 at 15:59, Joe User said:

 

Typical cryptic error message. Why wouldn't they reply 'No EFS encrypted files found'?

Expand  

I don't get an error, nor does it show any encrypted files on my drive. I do have them, but I'm not using efs for it. 

[adrynalyne]

  On 14/05/2017 at 16:42, The Evil Overlord said:

Can't say for sure, but my Kingston ssd is 4 or 5 years old now (possibly older), and I've reformatted it a few times, ssd life still recons it's good for another 6 years (I doubt it personally, but time will tell)

  Reveal hidden contents

 

Expand  

Secure erasing I believe also writes zeroes to the drive which could potentially lower life span, but I don't know by how much. A regular format doesn't do such things. 

[bikeman25]

Secure Erasing of SSD was done thru Western Digital SSD Dashboard bootable usb, unknown if it wrote zeros or not, since Monitor went black during the process, the drive was in frozen locked state, PC went into suspend mode, 20 seconds later, woke it back up, and then had no monitor picture, so no idea what it actually did after I pressed enter (as a guess to continue), then plugged in Windows 10 Pro 64bit USB drive, and did the install.   

 

SSD dashboard shows 99 percent for life remaining, same as before as of right now

 

 

[JustGeorge]

  On 14/05/2017 at 18:46, adrynalyne said:

I don't get an error, nor does it show any encrypted files on my drive. I do have them, but I'm not using efs for it. 

Expand  

Whats the hash of your cipher.exe?

 

Just tested on my PC @ work. Same result as the other 3 I've tried.

[+DonC Subscriber²]

I'm getting:

 

 

The first time I ran the cipher command, I got the error message but not the second time.

 

(SHA256 hash included)

 

Edit: This is on Windows 10 Home.

[JustGeorge]

 

 

Edited May 14, 2017 by slamfire92

[+DonC Subscriber²]

  On 14/05/2017 at 19:23, slamfire92 said:

Here's mine:

Here's mine:

Expand  

Oh wait, this machine isn't on the Creators Update since it's about to go in for repair and it's likely the drive will be reset to a factory image. (My version string starts with 10.0.14)

[adrynalyne]

  On 14/05/2017 at 19:03, slamfire92 said:

Whats the hash of your cipher.exe?

 

Just tested on my PC @ work. Same result as the other 3 I've tried.

Expand  

I'm not at home to see. I'll post it later. 

[adrynalyne]

  On 14/05/2017 at 19:23, slamfire92 said:

 

 

Expand  

 

[JustGeorge]

Well they match, so its not that.

 

 

 

 

 

[bikeman25]

Well System running perfectly fine now,  Getting System Image done in a moment here, Perhaps i got something when i was testing myself using Defender for Antivirus protection or left over infection from previous one,  plan on checking all flash drives with secondary system later on before connecting to this one.

 

Thank you everyone for the replies and help in this matter so appreciate it

 

Really thought i was a safe surfer, not sure if previous issue was indeed infection or something accidently encrypted, but anyhow everything is working fine now, so relieved in that matter