User opened email with a bad word doc malware or virus in it

It created a bunch of shortcuts and with the original folder names, Hid the original folders and renamed them to a sid The shortcut if you click on it contains the sid folder name in the command line (they tried to create a script that deleted the folder if you clicked on the shortcut but it didnt work on the NAS we have luckily.  The hard part is right clicking each shortcut looking at the sid name and then renaming and unhide the correct folder.  Has anyone had this and is there any kind of tool to put everything back?
LVL 1
charles18602Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
John HurstConnect With a Mentor Business Consultant (Owner)Commented:
Are the files in the folders encrypted?  It looks like the Crypto virus or another kind of virus that affects folders.

Since your NAS is OK (and the contents I assume), isolate this machine immediately, format it, reinstall Windows and recovery the documents from the NAS.
0
 
John HurstBusiness Consultant (Owner)Commented:
@ charles18602 - Did you restore from a backup?
0
 
John HurstBusiness Consultant (Owner)Commented:
You have the Crypto Virus, right?  Did you restore from backup?
0
 
John HurstBusiness Consultant (Owner)Commented:
Have you restored from backup?
0
All Courses

From novice to tech pro — start learning today.