And lots of people had this problem in 2013. Even though many didn't get a ransom notice most threads point to it being related to Cryptovirus. That virus encrypts the type of files that you list and then usually would display a message asking for a ransom to give you the decryption key. Cryptovirus was disrupted in June of this year when its servers were shutdown but there could be copycats.

Do you have file extensions showing? I'd want to see if the full name of the file was altered to verify if this could be a variation of cryptovirus. If you don't have extensions showing--In Explorer, click on Organize and then Folder and Search options and untick the box for "Hide extensions for known filetypes" then hit Apply.

I've unhidden file extensions and all files do show extensions (.docx, pdf, etc). For the .docx files, I try to "Open with Word" and I get a message saying "The file (filename.docx) cannot be opened because there are problems with the contents." For the .rtf documents, they open with a File Conversion popup that shows various encoding options (none of which make the garbled text readable).

(The affected computer belongs to theHandpuppet and I posted from her account to follow your instructions.)

Since there was no ransom notice and the names of the files including extensions have not changed that gives us no clues. The files do seem to be acting as if they have been encrypted. The RTF particularly. The question is why would a virus randomly encrypt files? I haven't found a thread with any solutions.

This Kaspersky tool is specific to getting encryption keys for files locked by specific known viruses but explains in the description how file names are usually changed thus identifying the virus. http://support.kaspersky.com/us/viruses/disinfection/8547 It won't work on a random infection.

This thread is where I have gotten it in my head that you may be victim to encryption even without ransom. You might read through it and see if your files act as described. http://www.symantec.com/connect/forums/some-virus-has-corrupted-many-our-microsoft-office-files-and-pdf-files

I'm going to do some more reading tomorrow on the original error message and see if I can find other possible causes or solutions. But first look doesn't seem too promising for an easy fix.

We really appreciate your help and I'll follow up on the Kasperksy reference.

While trying to run the decryptor utilities, I noticed a weird file showing up in every folder. It's a shortcut named INSTALL_TOR and it points to this URL (which I have not followed): https://paytordmbdekmizq.torsona.com/L7xi9k

According to my Google search, this is the specific ransom virus that hit this computer.

I'm going to take a look around tomorrow when I have more time. It does look like there is no current fix. The torsona.com in the address points to it being a very recent version of the (cryptowall?) virus that does not have a fix available.

http://deletemalware.blogspot.com/2014/11/what-is-torsonacom.html
http://deletemalware.blogspot.com/2014/10/how-to-remove-cryptowall-20-virus-and.html You could try the Shadow Explorer tool on this page to see if there are any shadow copies of your files but that function isn't turned on by default in Win7 from what I understand. (Mine only go back 3 days and only on the drives where I have System Restore turned on.)

If you are inclined a good source to read about these types of infections would be bleepingcomputer.com. But with all the variations prepare to have your head spinning within 15 minutes. https://www.google.com/?gws_rd=ssl#q=+site:bleepingcomputer.com+bleeping+crypto

I tried the Shadow Explorer, but as noted by most CryptoWall info it appears to have deleted Shadow restore points and encrypted the backup files on my external drive (it follows all mapped drives). The only way to have prevented that was to detach the external drive after each backup (and that never occurred to me as something necessary for security).

My method of last resort is Delete Recovery software. Apparently CryptoWall makes copies during the encryption and deletes the original file. So I'm trying to recover the deleted copies, just to cover all bases. At this point, we can reconstruct enough of the documents to get by; it's the email that is most valuable and that, unfortunately, is the most difficult to recover.

To randomly destroy multitudes of people's data to snag the few who want it back badly enough to pay a rather high ransom.

My understanding is the original cryptovirus used a "crackable" encryption code and did not use a secure (overwrite) delete process of the original files. After this was discovered and described in "help" articles, the newest versions have implemented more rigorous methods to destroy the original data. Although I believe you have a newer infection (post June 2014), I thought I would give you the link to FireEye which is apparently reputable as it appeared in articles about the original cryptovirus. It had the necessary encryption keys to help with those attacked by the virus and would analyze one of your files to figure out the key. I don't know how fast you could expect a reply and think your infection is more recent since it wants you to use the Tor browser for anonymity but wanted to post it if you wanted to see if they could verify that they have nothing that could help you. https://www.decryptcryptolocker.com/

I also wanted to ask which email client you used in Win7? I'm sure they encrypted your email database but just want to see if there is anything specific about a certain email client that might be helpful.

This is a link to an older version of power data recovery program that is unlimited and as powerful as any other. You install it an when you run it, on the first screen tick the box for "I am a home user". Newer versions limit recovery to 1gb without buying the program. It is my mediafire account and the file is safe (two years old). http://www.mediafire.com/download/i4d4e2allk4ynd7/pdr6nolimitfree.exe

Link for newest version of same program with instructions, but it is limited to 1gb free. http://www.powerdatarecovery.com/

I've tried out several data recovery programs and am working to see if anything can be salvaged.

Hi there,

I was looking for solutions to the problem similar to yours, My computer was also infected by a virus called CTB locker and it damaged all of my files giving them name as filename.realextension.zquzmbe and it effected my PDF, Docs, JPG, TXT files leaving videos or audio files. Did you found any solution, I am searching for solution for more than a year now but did not find any solution to restore the files i have , they are not in zero size but cant be opened. tried many many tools but of no use.

Regards
Khalid