NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RN10400 possible virus on all my file extensions have QWEUIRTKSD file after them and the wont open
Hi I have a problem with my NETGEAR RN10400 happened a couple of weeks ago all my files have got QWEUIRTKSD file after them and non of them will open it comes up with a ransom and bitcoin error I have tried a backup and restore to an earlier point but it is still infected my drive is connected to my wifi box so I can access it from both computers what is the best way to get rid of this virus without paying the $500 they want
1 Reply
Replies have been turned off for this discussion
The PCs are infected, so you need to begin
- disabling SMB on the NAS using the web ui
- disinfect the PCs using antivirus or malware removal software.
Files on the PC could also be encrypted of course (though I have read some posts on this particular ransomware that say only network shares were encrypted).
Then you can factory reset the NAS, and restore the files from a backup that was taken before the ransomware infected your home network.
If snapshots are enabled, then you can alternatively try rolling back to a snapshot that predates the ransomware attack. Do this from the Web UI, if you access the NAS using file explorer before you restore it, then you will likely just reinfect the PCs.
Hopefully the restore attempt you've already done hasn't encrypted your backup drive. If it has, your only option is to pay the ransom and hope that they actually do give you the decryption key.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
