- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
RN10400 possible virus on all my file extensions have QWEUIRTKSD file after them and the wont open
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RN10400 possible virus on all my file extensions have QWEUIRTKSD file after them and the wont open
Hi I have a problem with my NETGEAR RN10400 happened a couple of weeks ago all my files have got QWEUIRTKSD file after them and non of them will open it comes up with a ransom and bitcoin error I have tried a backup and restore to an earlier point but it is still infected my drive is connected to my wifi box so I can access it from both computers what is the best way to get rid of this virus without paying the $500 they want
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: RN10400 possible virus on all my file extensions have QWEUIRTKSD file after them and the wont o
The PCs are infected, so you need to begin
- disabling SMB on the NAS using the web ui
- disinfect the PCs using antivirus or malware removal software.
Files on the PC could also be encrypted of course (though I have read some posts on this particular ransomware that say only network shares were encrypted).
Then you can factory reset the NAS, and restore the files from a backup that was taken before the ransomware infected your home network.
If snapshots are enabled, then you can alternatively try rolling back to a snapshot that predates the ransomware attack. Do this from the Web UI, if you access the NAS using file explorer before you restore it, then you will likely just reinfect the PCs.
Hopefully the restore attempt you've already done hasn't encrypted your backup drive. If it has, your only option is to pay the ransom and hope that they actually do give you the decryption key.