A customer of mine was hit with another one of those Viruses which encrypt all data on shared drives mapping back to the file server. The entire shared drive was encrypted and users were no longer able to access documents on the volume.
I restored all encrypted files from backup however I still had these HELP_DECRYPT Ransome ware files in every directory on the file server.
As a result I needed an easy way to find and delete each of these files.
PowerShell!
First set the path you want to search, mine was H:\Shared.
Next run the following command to search any files containing HELP_DECRYPT with the following command:
Get-ChildItem $Path -Recurse | Where{$_.Name -Match "HELP_DECRYPT"}
This went through and listed all of these HELP_DECRYPT files in every directory of the file server recursively.
After you have carefully went through all the results and confirmed that no legitimate files were listed, you can pipe the output from the Get-ChildItem command into Remove-Item cmdlet.
After piping the Output into Remove-Item, run the command to list the items again to ensure they were all deleted correctly. Getting no output as per above means the files were removed successfully.
I restored all encrypted files from backup however I still had these HELP_DECRYPT Ransome ware files in every directory on the file server.
As a result I needed an easy way to find and delete each of these files.
PowerShell!
First set the path you want to search, mine was H:\Shared.
Next run the following command to search any files containing HELP_DECRYPT with the following command:
Get-ChildItem $Path -Recurse | Where{$_.Name -Match "HELP_DECRYPT"}
This went through and listed all of these HELP_DECRYPT files in every directory of the file server recursively.
After you have carefully went through all the results and confirmed that no legitimate files were listed, you can pipe the output from the Get-ChildItem command into Remove-Item cmdlet.
After piping the Output into Remove-Item, run the command to list the items again to ensure they were all deleted correctly. Getting no output as per above means the files were removed successfully.
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon