Link to home
Start Free TrialLog in
Avatar of Leadtheway
LeadthewayFlag for United States of America

asked on

Shortcuts and start menu apps disappeared

Have windows 2012 server that was running fine, also has exchange. Reported by users no email working. Try to log into rdp and took creds but took to blank start page..accessed through Vcenter console and was able to get in and to desktop.  Noticed bubble notification saying it had files to write to disk write away. But its a vm with no optical. tried to open anything on task bar. (start menu, server manager, services) start menu opens up but all blank.  But i try to open the shortcuts it says " Can't open this item. It many have been moved renamed or deleted, do you want to remove this item.

I can right click on task bar and open up manager and run apps by typing the exe.
Avatar of RAFA
RAFA
Flag of Venezuela, Bolivarian Republic of image
Hello,

Run a scan at the antivirus level, to validate if it detects a virus or malware on the server.

Validate the event viewer to see what errors you have.

You can share images to see it better.

Greetings.
Avatar of Leadtheway
Leadtheway
Flag of United States of America image

ASKER

yeah looks like a virus of some sortUser generated image
ASKER CERTIFIED SOLUTION
Avatar of Robert Retzer
Robert Retzer
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of fred hakim
fred hakim
Flag of United States of America image
I would also shut down that PC and copy off any important data folders A.S.A.P.  to minimize any potential data loss.   Do not connect your backup media to the PC while booted from the infected OS.   Copy it off by using an alternate boot device (preferably a boot DVD (can't get written on) or by yanking the hard drive and connecting it to a test system,   If it is indeed infected with ransomware, the ransomware is running any time that OS is running.  The longer it runs, the more it encrypts.
Avatar of Leadtheway
Leadtheway
Flag of United States of America image

ASKER

it looks like everything was already encrypted  with ETH.  The infection was cleared but the encryption remains
Avatar of RAFA
RAFA
Flag of Venezuela, Bolivarian Republic of image
you can use this tool to decrypt the files, it is easy to use.

https://www.axcrypt.net/

regards..