User opened email with a bad word doc malware or virus in it

charles18602
charles18602 used Ask the Experts™
on
It created a bunch of shortcuts and with the original folder names, Hid the original folders and renamed them to a sid The shortcut if you click on it contains the sid folder name in the command line (they tried to create a script that deleted the folder if you clicked on the shortcut but it didnt work on the NAS we have luckily.  The hard part is right clicking each shortcut looking at the sid name and then renaming and unhide the correct folder.  Has anyone had this and is there any kind of tool to put everything back?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
Are the files in the folders encrypted?  It looks like the Crypto virus or another kind of virus that affects folders.

Since your NAS is OK (and the contents I assume), isolate this machine immediately, format it, reinstall Windows and recovery the documents from the NAS.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
@ charles18602 - Did you restore from a backup?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You have the Crypto Virus, right?  Did you restore from backup?
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Have you restored from backup?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial