Author Topic: Has anyone had their album artwork encrypted by a virus?  (Read 5917 times)

[email protected]

  • Newbie
  • *
  • Posts: 14
Has anyone had their album artwork encrypted by a virus? I had a file on my C drive that had 282 jpeg files of my album artwork. A virus has now made them useless by turning them into HRM files whatever that is. I haven't seen any offer to decrypt them but there is an email address attached to each entry: Billy Joel Greatest hits 1&2.jpg[[email protected]].HRM

I don't find anything else that's been locked up by this change. I'm wondering if anyone else has experienced thews? I don't intend to contact them as it would surely lead to more destruction. Any help would be appreciated. I have Malware bytes in place but didn't seem to have stopped this from happening.

sveakul

  • Sr. Member
  • ****
  • Posts: 2438
The best response to this would be restore your drive from the backup image you made recently.  So in the future, you really should add making regular drive image backups to your operations.

You should also always keep at LEAST one backup of all your data files--images, music, everything--on a location separated from your daily working machine.

I know you're looking for a solution not a lecture.  You can Google HRM and find info like this:

https://sensorstechforum.com/hrm-files-virus-hermes-2-1-remove-restore-files/
https://www.bleepingcomputer.com/forums/t/682241/hermes-21-ransomware/
https://www.pcrisk.com/removal-guides/13175-hermes-21-ransomware

 I have no personal experiece with nor can I recommend any tools/solutions discussed in these links, but presented FYI.  It sounds like it may be just a matter of time before the ransomware spreads elswhere on your PC, unfortunately.

jordel

  • Newbie
  • *
  • Posts: 9
I find here in the forum only discussions concerning a virus attack of the program. For me, Microsoft Defender now apparently reports the infection of a artist information.

Is such a process known here?

HTML/Phish.GB!MSR

I'm sorry for several language mistakes. Please feel free to ask if you don't understand, what I am trying to say. I am always willing to improve my English skills :)

hiccup

  • Sr. Member
  • ****
  • Posts: 7796
Microsoft Defender now apparently reports the infection of a artist information.
There has never been a verified report of MusicBee having had any part in a computer getting infected by malware.
Never.

So I can only do some wild guessing here.
IF the file in that temp folder was retrieved by MusicBee, it could be that the search engine for artwork (Bing) retrieved the image from a website that besides artwork, also contains warez. (there are some of those)
In theory (but I believe it is only a proof of concept, and it has never caused an actual infection anywhere) an image file can contain malicious code.
So perhaps such an image file was retrieved, and your anti-virus software suspected it might contain malicious code.
That suspicion could be a false positive though, and even it had some ground, the image would not have been able to do any harm.

Holbytla

  • Guest
Could this be a false-positive? I know its not the same situation but my anti-virus claimed MusicBee itself was a virus a few times in the past.

Terry Walker

  • Jr. Member
  • **
  • Posts: 92

hiccup

  • Sr. Member
  • ****
  • Posts: 7796
@ musicocd:
That was already suggested in the reply just before yours.

@ Terry Walker:
If everybody would post replies such as yours, this thread would now have 37314 posts.

It's good forum behaviour to take a little effort in reading the previous posts to see what already has been suggested, and to only post if you think you have useful information to add.