Arthur Cornell
asked on
Deleting .CRYTO files after ransonware virus
Our windows 2012 r2 server recently got ransomware, it only affected one large shared. I was able to restore from backup but there are still many .CRYTO files in folders and sub folder. I am able to delete these one at a time but when I try to delete them globally with the caommand DEL /s *.cryto I get access denied.
Is there another tool to do this?
Is there another tool to do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So you still had a virus?
I would just re-create the share.
Rename the current share to something else, unshare it.
Then restore your backup of the share and reshare it.
Easier then trying to find what has been encrypted and what hasn't.
or use windows search and search for .crypto on the share folder directory. and delete it that way. Also dont forget to delete the .txt, jpg or whatever else it came with.
Rename the current share to something else, unshare it.
Then restore your backup of the share and reshare it.
Easier then trying to find what has been encrypted and what hasn't.
or use windows search and search for .crypto on the share folder directory. and delete it that way. Also dont forget to delete the .txt, jpg or whatever else it came with.
http://filehippo.com/download_unlocker/
Also try signing on with a different admin user name and see if you can delete these files from another user.