Randomly doc extensions files are being renamed to doc.bhdiraa .It looks like files have been encrypted.
Files are shared on the server and served by 100s of users (From WAN and LAN end).We did scan server with Many AVs and with virustotal.com
but couldn't find any malware. we do have "not so updated" backups. Does anyone have any solution on recovering data?
immediate reply will be appreciable
Thanks in advance.
Short term... What happens if you rename these files with a .doc extension?
Long term... This is the behavior of malware. You need to find it. It may be on just one or a few users computers rather than the server. You also need more frequent ba
i tried that already(encrypted) ,contents are shown in bunch of unknown characters.
indeed it looks like some sorts of malware but its difficult to find as some users are using file shares from Wan end and it must have got effected from some users . i have already started Backups on daily basis.
So isn't there any possible way to recover files ?You might also try renaming the extensions to docx or zip (just in case they're docx file and not just doc files) and seeing whether you can open them with Word or Windows.
If that doesn't work, you might need to use some commercial software like Malwarebytes (https://www.malwarebytes.org/) for recovery. There is also a free version you could try.
Hi,
The only methods to restore your files is from a backup, file recovery tools, or a Shadow Volume Copies. For your case, if you don't have any backups, then you're probably out of luck here.
It is always recommended to backup frequently..