I started getting a weird message "Encrypting file system - Back up your file encryption key"

Question

I started getting a strange message when I start my computer. An icon appears in the system tray, and a popup tells me "Encrypting file system - Back up your file encryption key".

I know what EFS is, but I don't use it. To my knowledge, I don't have any encrypted files on my partition. I have searched using Total Commander on all the partitions for files that have the "encrypted" attribute, but I found nothing. So I don't have any encrypted files.

Does anyone know what I did to get this message?

Answer 1

Just had this yesterday - 4th Jan 2014.

A trojan has installed itself - even with Norton Internet Security installed :-(

Used cipher /U /N command in administrative Command Window to find the encrypted file called HPM3Util.exe in Startup folder which was a Trojan. Used Norton's Power Eraser to clean off.

Hope this helps anyone else...

Answer 2

I think I have resolved this. I ran certmgr.msc, and I have seen that there was a certificate under "Personal". That certificate was issued yesterday. The only thing I did yesterday was install Office 2010, and use it to save a document onto my SkyDrive (just out of curiosity).

I think that created the certificate, and Windows prompted me to save it.

Now I deleted that certificate, and I don't get the popup anymore.

What do you think? Is my explanation plausible, or could something else have happened?

Answer 3

This should not be a malware.

I had this same message, but it was from browser "Sphere", which is not malicious.

To see if it is malicious:

run CMD as administrator and type

cipher /U /N

if it is from software that you know is clean, dismiss. If it is from some unknown location or software, clean it.

Answer 4

I got a bit paranoid when I saw the popup appear since I associate unwanted encryption of the disk with ransomware.

As the top rated comment recommended I did the following:

• Run cmd as administrator (important to run as admin, otherwise it yielded no results)
• Run cipher /U /N in the prompt

The result was multiple files in the following directory:

C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.300.860.2_x64__8wekyb3d8bbwe

All files there are associated with the game Forza Horizon 4 that I installed recently from the Microsoft Store, so in my case it came out clean.

Ran scans with Malwarebytes and Windows Defender to be sure, and those also came out clean.

So in short: It can both be clean (as it seems to be in my case, Microsoft Store apps) and malware (as in the top voted case) - so take precautions and check what files that are being encrypted to determine what it is if you see this popup. Also do a anti-virus scan just to be on the safe side.

Answer 5

Is it this icon?

If it is, then it sounds like Bitlocker to me and not EFS. Is it your personal computer, or a work computer? Bitlocker can be turned on remotely via GPO if it is a computer from your workplace.

Answer 6

It's certainly not a virus.

At one point you installed something like a program, an ID method to do banking, or a driver for a device you plugged in (such as a smartphone). When this happened, a necessary certificate was created.

Since Vista, Windows asks you periodically to backup the encryption keys for these certificate files.

Plug in a USB stick and select Back Up Now and follow the backup guide.

Source: Microsoft Technet

Answer 7

I just deleted my certificates from "Personal" and "Trusted" .. after running:

cipher /U /N

and

cipher /u /h > %UserProfile%\Desktop\Encrypted-Files.txt

from https://social.technet.microsoft.com/Forums/en-US/00291b25-6610-4563-aceb-2acc737b9cfa/prompt-popping-up-to-back-up-file-encryption-certificate-and-key?forum=win10itprogeneral

and it all came up blank.

Hopefully nothing bad happens haha..