New
#1
Ransomware encrypted my files. All files have .html extension
Hello,
System is a Toshiba Satellite L755-S5353 Windows 7 Home Premium 64-bit. Intel Pentium CPU B950 @ 2.10GHz 4GB RAM.
This laptop came into my shop with the FBI screen. After making full backup and scanning with Malwarebytes, Superantispyware, and Symantec Endpoint Protection on my "Server" I was able to actually use the laptop again. But when i go into my documents everything has a .html file extension.
If it is a word document, the file looks like this: "xxxx.docx.html." When I try to open the file it opens up Internet Explorer with a Decrypt Protect screen. Which I know is fake because it is asking me to pay a fee. The link it opens is http://mblblock.in/index.php. I tried to remove the extension but when i try to open the doc or jpeg is says it is corrupted.
Also ran rkill which found nothing. The Antivirus on the machine is McAffee.
I have looked at the backup i made before i did anything and still can open those files from the backup.
I completely reloaded the machine because my customer was in need of the computer. I do have a full backup and still have access the files I want to get back.
Any help would be appreciated!
Mitchell