Virus ransomware

GeorgeZaharia .piiq is an encrypted file, removing the extension will not help. There may be ways to decrypt it without paying ransom money to hackers, google offers a few youtube videos describing how to do this.

have you tried removing the .piiq extension manually?

also .c3proj is just a zip .... u can extract it and move the contents in a virtual computer and see if u can run it from there

I looked for help in forums about this virus because I still didn't know of its existence, I still haven't tried to extract c3project because I don't know how to do this step, and I received this following message from a professional, see the link below, I'm very upset because eprdi all the game files I was developing on C3 and many other important files and I won't pay this ransom because I don't even have a condition at the moment.

bleepingcomputer.com/forums/t/753875/virus-piiq

this was the message sent in txt by the coward who attacked me

"ATTENTION!

Don't worry, you can return all your files!

All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

The only method of recovering files is to purchase decrypt tool and unique key for you.

This software will decrypt all your encrypted files.

What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.

But we can decrypt only 1 file for free. File must not contain valuable information.

You can get and look video overview decrypt tool:

we.tl/t-J9GjESeoLZ

Price of private key and decrypt software is $980.

Discount 50% available if you contact us first 72 hours, that's price for you is $490.

Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

managerabv@mailtemp.ch

Reserve e-mail address to contact us:

helpmanagerabv@airmail.cc

Your personal ID:

0308ewgfDdH1HjlBaJ9DIJGno1I8iweEojN6WJzjoN8LEl3Bee"

The c3project is json based as I recall, and since everything else is intact it should be possible to rebuild it.

You can get the basic structure by making a new project and saving it to get its c3project file.

Then just manually add all the relevant parts. I think it’s mostly just a list of object types, event sheets and layouts. It may just list everything else in the the sub-folders though, I haven’t looked yet.

Things like project settings you’d have to redo.

Those ransomware virus’ seem like a real pain. If you can report their info somewhere hopefully they can be brought to justice. As is I wouldn’t pay them, but that’s just me. I doubt I’d get what I paid for, plus why would I trust more software that probably has a virus as well.

Anyways I think it’s possible to remake that c3project file. Just need to look at an uncorrupted one to see the structure. The ui state stuff is generated by construct so it shouldn’t be needed.

The c3project is json based as I recall, and since everything else is intact it should be possible to rebuild it.

You can get the basic structure by making a new project and saving it to get its c3project file.

Then just manually add all the relevant parts. I think it’s mostly just a list of object types, event sheets and layouts. It may just list everything else in the the sub-folders though, I haven’t looked yet.

Things like project settings you’d have to redo.

Those ransomware virus’ seem like a real pain. If you can report their info somewhere hopefully they can be brought to justice. As is I wouldn’t pay them, but that’s just me. I doubt I’d get what I paid for, plus why would I trust more software that probably has a virus as well.

Anyways I think it’s possible to remake that c3project file. Just need to look at an uncorrupted one to see the structure. The ui state stuff is generated by construct so it shouldn’t be needed.

Thank you for your information I still don't know how to do this process in the C3 files, it's really a disgrace this virus didn't know of its existence, even if I went to court I believe I wouldn't catch them because they are professionals of crime.

Surely there is some law enforcement trying to catch people like that. And while it's true you may not get results in your particular case here, long term with more info investigators could put two and two together and get those criminals. Anyways, I just haven't looked into it.

Apart from that here is how you could remake the c3proj file. At least most of it, some info is lost in the corrupted one, but at least it should open in construct and you can fix the remaining parts there.

1. Find out all the plugins you used.

Look in the objecttypes folder, open each json file and the third line of each will be "plugin-id": nameOfAddon.

2. Create a new c3 project and add one object of each plugin you found in step one. That includes behaviors.

3. Save that project and get it's c3proj file and put it into your project folder you want to fix. We won't need the rest.

4. Next open up that c3proj in some kind of text editor. Look for each of these sections:

objectTypes
families
layouts
eventSheets
sound
music

"objectTypes": {
	"items": [
		"Sprite",
		"a"
	],
	"subfolders": []
},

"objectTypes": {
	"items": [
		"dog","cat","array"
	],
	"subfolders": []
},

Surely there is some law enforcement trying to catch people like that. And while it's true you may not get results in your particular case here, long term with more info investigators could put two and two together and get those criminals. Anyways, I just haven't looked into it.

Apart from that here is how you could remake the c3proj file. At least most of it, some info is lost in the corrupted one, but at least it should open in construct and you can fix the remaining parts there.

1. Find out all the plugins you used.

Look in the objecttypes folder, open each json file and the third line of each will be "plugin-id": nameOfAddon.

2. Create a new c3 project and add one object of each plugin you found in step one. That includes behaviors.

3. Save that project and get it's c3proj file and put it into your project folder you want to fix. We won't need the rest.

4. Next open up that c3proj in some kind of text editor. Look for each of these sections:

objectTypes
families
layouts
eventSheets
sound
music

for each of those it will look like this:

"objectTypes": {
	"items": [
> 		"Sprite",
> 		"a"
> 	],
	"subfolders": []
},

Then what you do is put a comma separated list of the filenames of that folder in between the [] after items.

So for example if your object types folder had: cat.json, dog.json, array.json. you'd do this:

"objectTypes": {
	"items": [
> 		"dog","cat","array"
> 	],
	"subfolders": []
},

5. once that is done you should be able to save the changes and open that file in C3. Barring any typos.

All that's left is you will have to change the project properties from your memory to what they should be.

Also if you used any containers you'll have to manually re add them since that info is lost.

Hope that helps.

Thank you you are very experienced so I marked you in the post, unfortunately all my files are lost waiting for a future solution, I have games on GGolePlay and unfortunately I lost the keys of the games that were on the computer were all changed to .piiq

Try googling about the .piiq virus. There are many videos that explain how to decrypt and restore files.

Try googling about the .piiq virus. There are many videos that explain how to decrypt and restore files.

googled and simply nothing that was shown worked

That sucks.

I’d say if you can, don’t run that pc anymore for the moment. At least don’t boot into Windows so the virus can’t run.

If you have access to another pc you can make a bootable usb. Then you could boot into that instead of Windows so the ransomware can’t do more damage. That way you can also get at your files.

I’ve used something like this before when one of my PCs took a dive.

livecd.com/index.html

To boot from a usb drive instead of a hard drive you reset the computer and as soon as it turns on you press the f10 key or something like that to open a boot menu to select what to boot from.

I’d say once booted into the usb drive you can copy over all the files you want to keep, even if encrypted already. From the looks of it lots of these randsomwares eventually get figured out so you can decrypt your files.

Also from the usb drive you could scan the computers hard drive to see if it can find deleted versions of the files before they were encrypted.

Anyways once done with that you could factory reset your computer hard drive. It usually is a boot option now a days. That will wipe your hard drive and leave you with a clean Windows install.

Anyways, just some ideas.

This is why it's essential to have regular backups for digital work. You never know what might cause you to lose your work.