Business Graphics Products - Support Blog

What is BGP? Stands for Business Graphics Products. We are the Commercial Technical Support team at Microsoft that supports PowerPoint, Publisher, and Visio.

Blogs

"Cannot open the file because the file format or extension is invalid" opening Office files

  • Comments 5
  • Likes

 

 UPDATE:

 We have identified the malware as a new family of ransomware

 

 

Definition Information:

    Latest public Endpoint AM defs:  1.157.1542.0 (Expect several hours later for 1.157.1559.0 or higher)
      http://www.microsoft.com/security/portal/definitions/whatsnew.aspx

    Latest Prerelease AM defs: 1.157.1542.0 (Expect several hours later for 1.157.1559.0 or higher)
      http://www.microsoft.com/security/portal/shared/prereleasesignatures.aspx

The signatures are now updated. You should be able to use Safety Scanner to detect and clean it. It does NOT clean your documents, so you will want to restore from a backup after cleaning the malware from your system.



 

Upon further analysis of the files that have been submitted to us for investigation, the analysts

have determined that the files are encrypted with a private and public key.

Unless the private key is available, the files will not be able to be recovered.

The private key is more than likely held by the attacker.The premise of ransom ware such as this is

that if a person pays the ransom, a key is provided to unlock the files.

The best course of action is to clean up the malware and then restore files from a backup.

 

More Information:

 

We are currently investigating an ongoing situation where users may encounter an error when trying to open Office documents.

The error can happen opening any Office file type, not just Excel files as shown in the image below. The error says:

"Cannot open the file ... because the file format or extension is not valid. Verify, that the file has not been corrupted and that the file extension matches the format of the file."

 

With PowerPoint binary files (.PPT) , you will see a dialog similar to the following screenshot. We don't have OOXML samples yet but will post images once we have these.

 


 

Other Support Blog links

 

 

_____________________________________________________________________________

Security Essentials Microsoft Security Essentials  http://www.microsoft.com/security/pc-security/mse.aspx

 

Comments
  • It also is affecting Powerpoint

  • Signatures Updated. See Update section in blog...

  • Will Security Essentials be updated with these definitions?

  • Yes. Security Essentials should have these definitions. Just make sure your definition version matches the ones listed in the Updated section.

  • What about the files? once the ransomeware removed, will we be able to reopen them?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment