Virus ransomware

0 favourites
  • Hi guys I'm having a serious problem with my files specifically those of my games on C3 , I recently fell into a ransomware hacker scam, where all my game files images were all added to the extension .piiq I can't open my games anymore I would like to know if possible to move to a new project my files saved in a local project I say this because the virus has changed only these files that are with red arrow in the image the rest including eventSheets,families,icons,images,layouts,music,objectTypes,sounds are intact I would like to know how I would go to move all these files to a new project and continue where I left off. Ashley R0J0hound

    the reason why the virus has not modified the other folders mentioned above is why the virus has not reached subfolders.

    here are the files of one of my affected games in the local folder containing objecttypes.uistate.json.piiq, project.c3proj.piiq, project.uistate.json.piiq, projectfiles.uistate.json.piiq. if anyone can check it out please help me to recover at least my C3 game projects. Link mediafire.com/file/o6yzpepa6i5w1xu/Files_project_local.zip/file

    Tagged:

  • Unfortunately, project.c3proj is the most important file.

    You can try to create a blank project, then add all layouts, layers, event sheets, objects, behaviors, effects - with the same names as in your old project. (look up names in the unaffected folders).

    After that save the new project as a folder, get the project.c3proj from it and and try injecting it into your old project.

    This may be a difficult task and I am not sure if this will work. Don't forget to make backup copies of everything on every step!

  • have you tried removing the .piiq extension manually?

    also .c3proj is just a zip .... u can extract it and move the contents in a virtual computer and see if u can run it from there

  • GeorgeZaharia .piiq is an encrypted file, removing the extension will not help. There may be ways to decrypt it without paying ransom money to hackers, google offers a few youtube videos describing how to do this.

  • have you tried removing the .piiq extension manually?

    also .c3proj is just a zip .... u can extract it and move the contents in a virtual computer and see if u can run it from there

    I looked for help in forums about this virus because I still didn't know of its existence, I still haven't tried to extract c3project because I don't know how to do this step, and I received this following message from a professional, see the link below, I'm very upset because eprdi all the game files I was developing on C3 and many other important files and I won't pay this ransom because I don't even have a condition at the moment.

    bleepingcomputer.com/forums/t/753875/virus-piiq

    this was the message sent in txt by the coward who attacked me

    "ATTENTION!

    Don't worry, you can return all your files!

    All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.

    The only method of recovering files is to purchase decrypt tool and unique key for you.

    This software will decrypt all your encrypted files.

    What guarantees you have?

    You can send one of your encrypted file from your PC and we decrypt it for free.

    But we can decrypt only 1 file for free. File must not contain valuable information.

    You can get and look video overview decrypt tool:

    we.tl/t-J9GjESeoLZ

    Price of private key and decrypt software is $980.

    Discount 50% available if you contact us first 72 hours, that's price for you is $490.

    Please note that you'll never restore your data without payment.

    Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

    To get this software you need write on our e-mail:

    managerlxz@mailtemp.ch

    Reserve e-mail address to contact us:

    helpmanagerlxz@airmail.cc

    Your personal ID:

    0308ewgfDdH1HjlBaJ9DIJGno1I8iweEojN6WJzjoN8LEl3Bee"

  • The c3project is json based as I recall, and since everything else is intact it should be possible to rebuild it.

    You can get the basic structure by making a new project and saving it to get its c3project file.

    Then just manually add all the relevant parts. I think it’s mostly just a list of object types, event sheets and layouts. It may just list everything else in the the sub-folders though, I haven’t looked yet.

    Things like project settings you’d have to redo.

    Those ransomware virus’ seem like a real pain. If you can report their info somewhere hopefully they can be brought to justice. As is I wouldn’t pay them, but that’s just me. I doubt I’d get what I paid for, plus why would I trust more software that probably has a virus as well.

    Anyways I think it’s possible to remake that c3project file. Just need to look at an uncorrupted one to see the structure. The ui state stuff is generated by construct so it shouldn’t be needed.

  • The c3project is json based as I recall, and since everything else is intact it should be possible to rebuild it.

    You can get the basic structure by making a new project and saving it to get its c3project file.

    Then just manually add all the relevant parts. I think it’s mostly just a list of object types, event sheets and layouts. It may just list everything else in the the sub-folders though, I haven’t looked yet.

    Things like project settings you’d have to redo.

    Those ransomware virus’ seem like a real pain. If you can report their info somewhere hopefully they can be brought to justice. As is I wouldn’t pay them, but that’s just me. I doubt I’d get what I paid for, plus why would I trust more software that probably has a virus as well.

    Anyways I think it’s possible to remake that c3project file. Just need to look at an uncorrupted one to see the structure. The ui state stuff is generated by construct so it shouldn’t be needed.

    Thank you for your information I still don't know how to do this process in the C3 files, it's really a disgrace this virus didn't know of its existence, even if I went to court I believe I wouldn't catch them because they are professionals of crime.

  • Surely there is some law enforcement trying to catch people like that. And while it's true you may not get results in your particular case here, long term with more info investigators could put two and two together and get those criminals. Anyways, I just haven't looked into it.

    Apart from that here is how you could remake the c3proj file. At least most of it, some info is lost in the corrupted one, but at least it should open in construct and you can fix the remaining parts there.

    1. Find out all the plugins you used.

    Look in the objecttypes folder, open each json file and the third line of each will be "plugin-id": nameOfAddon.

    2. Create a new c3 project and add one object of each plugin you found in step one. That includes behaviors.

    3. Save that project and get it's c3proj file and put it into your project folder you want to fix. We won't need the rest.

    4. Next open up that c3proj in some kind of text editor. Look for each of these sections:

    objectTypes
    families
    layouts
    eventSheets
    sound
    music

    for each of those it will look like this:

    "objectTypes": {
    	"items": [
    		"Sprite",
    		"a"
    	],
    	"subfolders": []
    },

    Then what you do is put a comma separated list of the filenames of that folder in between the [] after items.

    So for example if your object types folder had: cat.json, dog.json, array.json. you'd do this:

    "objectTypes": {
    	"items": [
    		"dog","cat","array"
    	],
    	"subfolders": []
    },

    5. once that is done you should be able to save the changes and open that file in C3. Barring any typos.

    All that's left is you will have to change the project properties from your memory to what they should be.

    Also if you used any containers you'll have to manually re add them since that info is lost.

    Hope that helps.

  • Surely there is some law enforcement trying to catch people like that. And while it's true you may not get results in your particular case here, long term with more info investigators could put two and two together and get those criminals. Anyways, I just haven't looked into it.

    Apart from that here is how you could remake the c3proj file. At least most of it, some info is lost in the corrupted one, but at least it should open in construct and you can fix the remaining parts there.

    1. Find out all the plugins you used.

    Look in the objecttypes folder, open each json file and the third line of each will be "plugin-id": nameOfAddon.

    2. Create a new c3 project and add one object of each plugin you found in step one. That includes behaviors.

    3. Save that project and get it's c3proj file and put it into your project folder you want to fix. We won't need the rest.

    4. Next open up that c3proj in some kind of text editor. Look for each of these sections:

    objectTypes
    families
    layouts
    eventSheets
    sound
    music

    for each of those it will look like this:

    "objectTypes": {
    	"items": [
    > 		"Sprite",
    > 		"a"
    > 	],
    	"subfolders": []
    },

    Then what you do is put a comma separated list of the filenames of that folder in between the [] after items.

    So for example if your object types folder had: cat.json, dog.json, array.json. you'd do this:

    "objectTypes": {
    	"items": [
    > 		"dog","cat","array"
    > 	],
    	"subfolders": []
    },

    5. once that is done you should be able to save the changes and open that file in C3. Barring any typos.

    All that's left is you will have to change the project properties from your memory to what they should be.

    Also if you used any containers you'll have to manually re add them since that info is lost.

    Hope that helps.

    Thank you you are very experienced so I marked you in the post, unfortunately all my files are lost waiting for a future solution, I have games on GGolePlay and unfortunately I lost the keys of the games that were on the computer were all changed to .piiq

  • Try googling about the .piiq virus. There are many videos that explain how to decrypt and restore files.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Try googling about the .piiq virus. There are many videos that explain how to decrypt and restore files.

    googled and simply nothing that was shown worked

  • I thought only those four files were encrypted? Did the rest of the folders get corrupted too or are the files in them intact still? If they are intact those steps should work. The google keys is separate.

    On a side note have you been able to remove the virus that is encrypting the files? If it's still live that's not good.

    edit:

    looks like there are some guides on how to remove the virus. For free looks like it is a bit more involved.

    To decrypt the files I didn't find any decryption tools for that, but one site recommended doing deleted file recovery. Basically the the old version of the file is in limbo in the file system, and could be possibly recovered if it hasn't been overwritten. Anyways, just throwing some ideas out there.

    The whole thing sounds like a real pain.

  • I thought only those four files were encrypted? Did the rest of the folders get corrupted too or are the files in them intact still? If they are intact those steps should work. The google keys is separate.

    On a side note have you been able to remove the virus that is encrypting the files? If it's still live that's not good.

    edit:

    looks like there are some guides on how to remove the virus. For free looks like it is a bit more involved.

    To decrypt the files I didn't find any decryption tools for that, but one site recommended doing deleted file recovery. Basically the the old version of the file is in limbo in the file system, and could be possibly recovered if it hasn't been overwritten. Anyways, just throwing some ideas out there.

    The whole thing sounds like a real pain.

    of my games that were on HD all local projects only four files from all folders were affected already images, music, event sheet, layout, objectTypes, sounds, icons, families are intact, but it destroyed my PC all important documents that I had were encrypted, I followed some tutorials to remove them and I couldn't mechi in the registry and everything else but it continues on my PC making my internet slow causing the PC to crash the only choice I will have to format the PC, the thing is really ugly many people have already been affected by this miserable virus of satan, i will not pay ransom for lack of condition but still would not pay i will have to sacrifice all my files swallow my pride and start from scratch and life will at least be smarter next time.

    the virus is still on my PC and it's turning the rest of my stuff into .piiq I have nothing to do anymore completely dismayed right now the rest of my stuff has been encrypted.

  • That sucks.

    I’d say if you can, don’t run that pc anymore for the moment. At least don’t boot into Windows so the virus can’t run.

    If you have access to another pc you can make a bootable usb. Then you could boot into that instead of Windows so the ransomware can’t do more damage. That way you can also get at your files.

    I’ve used something like this before when one of my PCs took a dive.

    livecd.com/index.html

    To boot from a usb drive instead of a hard drive you reset the computer and as soon as it turns on you press the f10 key or something like that to open a boot menu to select what to boot from.

    I’d say once booted into the usb drive you can copy over all the files you want to keep, even if encrypted already. From the looks of it lots of these randsomwares eventually get figured out so you can decrypt your files.

    Also from the usb drive you could scan the computers hard drive to see if it can find deleted versions of the files before they were encrypted.

    Anyways once done with that you could factory reset your computer hard drive. It usually is a boot option now a days. That will wipe your hard drive and leave you with a clean Windows install.

    Anyways, just some ideas.

  • This is why it's essential to have regular backups for digital work. You never know what might cause you to lose your work.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)