[SOLVED] my files extention changed to (.no_more_ransom)

zeeshan.nayani · Nov 15, 2018

I recently bumped into this situation where all of my files (,jpeg, .mp4, even .exe) in folders and even on my desktop have changed into some weird (.no_more_ransom) it has made my pc extremely slow as well, i have tried renaming my files back to its original extension but it didn't worked even after renaming them it never shows any preview i dont know what to do now, please help me out,,, i have also attached a picture link:

http://

moulderhere · Nov 15, 2018

Isn't this a virus, I thought it was.

Peter Martin · Nov 15, 2018

you picked up some ransomware by the looks of it. hope you had all your data backed up.

WildCard999 · Nov 15, 2018

How recent? Usually with Ransomware someone is going to try to contact you for a ransom fee to get your stuff back.

USAFRet · Nov 15, 2018

zeeshan.nayani :

Ransomware. Not only did the extension change, the actual files are encrypted.

There is no magic decryption published for that.
Lacking a good backup, or spectacular luck, your stuff is gone.

https://sensorstechforum.com/remove-rapid-v1-virus-restore-no_more_ransom-files/

Math Geek · Nov 15, 2018

obviously it is ransom ware. the "slow pc" is the malware slowly encrypting all your data. stop using the pc so it does not get any further. boot into safe mode and start running malwarebytes and hope it catches it before more damage is done.

i don't think there is any way to decrypt what has been finished already but further searching and reading may prove me wrong. i hope you have important files backed up cause they are likely not usable anymore. once it is finished you should get the ransom note telling you who to contact/pay to get your files back. but they don't always deliver nor respond once they get money. they are criminals so not exactly trustworthy.

i personally would wipe the drive and start fresh to ensure it is gone and cant continue causing damage. could take hours trying to clear the infection and may not even get it so that it comes back to finish what it started. this is usually spread through email so clear that out so you don't get it again.

BadAsAl · Nov 15, 2018

Also, once you have done the safe mode and malware cleanup you may get lucky and be able to use previous versions of some of your files to get them back to what they were before they were changed. The ransomware will delete the previous versions but I don't know if that happens during the encryption process or is done after the encryption is done. This saved my friend who like you realized something was going on and I was able to get on there and stop the process before it finished and his system restore (which is where previous versions comes from) was still untouched.

moulderhere · Nov 15, 2018

Run some virus and malware scanners like
Super Antispyware
Malware bytes
avast free edition a.v.

USAFRet · Nov 15, 2018

moulderhere :

That can maybe get rid of the "virus". Maybe.
Does nothing for the files that are now inaccessible.

moulderhere · Nov 15, 2018

No debate on that USAFret.

zeeshan.nayani · Nov 15, 2018

this is way much bad then i thought it would be... i didn't backed up anything just few docs and stuff on my google drive i have so many stuff on my pc right now like my freelance work files and things here and there.. is there anyway to remove this crap virus??

Peter Martin · Nov 15, 2018

you were linked to this earlier by USAFRet
https://sensorstechforum.com/remove-rapid-v1-virus-restore-no_more_ransom-files/

USAFRet · Nov 15, 2018

zeeshan.nayani :

Step 1. Full wipe and reinstall

Step 2. Design and implement a comprehensive, automated, full backup plan.

Step 3. Don't do whatever you did to get this infection

moulderhere · Nov 15, 2018

I think we should confirm the file is f...d. before we tell him wipe it.

If this were my pc. I would open up notepad then go file open and pick a file with that extension. Because if the file was encrypted usually the file contents have been changed to say something about it being encrypted and must cost admission to waynes world movie to get your stuff back.

Maybe you could try data recovery software to attempt to bring some of it back!??!

USAFRet · Nov 15, 2018

My link above lists some of those possible steps.
These things may create an encrypted copy, and delete the original. The original may be recoverable.
This will NOT be all of them, if any at all.

Or, boot from a Windows install media, and hunt around for a non-corrupted Restore Point.

Or the couple of other methods.

However...the longer the PC runs, the more files that will be encrypted.

But if a family member came to me with a PC in this condition:
First, they get the stink-eye: "Have you not been listening to me over the years? Where is your backup?"

Second, unless the missing files involved unemployment or divorce...wipe and reinstall. I'm not going to spend a week or two trying to recover a selection of crappy cameraphone pics.

USAFRet · Nov 15, 2018

The ultimate alternate solution:

First, invent a time machine...

WildCard999 · Nov 15, 2018

moulderhere :

I'm pretty sure the price of the ransom is going to be more then that unless whoever encrypted your stuff is very nice. ($12 movie ticket)

moulderhere · Nov 15, 2018

I agree with USAFRet and suggest stop using the hard drive on this pc.

I agree with USAFRet regarding the data. If it is data that isn't important then toast it, wipe/reinstall.

If it is very important data, I'd stop using the hard drive, take it out, and put it in another pc to see about doing data recovery of some sort on it.

Sorry though, sincerely, I think you maybe really out of luck.

moulderhere · Nov 15, 2018

I appologise for trying to add humor to this aweful situation this person is in. I also didn't want to advise a price due to the notion that if the files encrypted and they go off and pay the price, expecting to get data back 100%. Which is never the case. It won't work out for them in the end.

WildCard999 :

zeeshan.nayani · Nov 15, 2018

I know all of you guys are trying to help me out in this awful situation and I appreciate it Thank you all now the last thing left for me to do is to reinstall my windows that I will do but still curious to know that will it be possible after running a scan from the anti malware and antispywre and the link above, the data and folders that I have not acessesed today will still be fine??

USAFRet · Nov 15, 2018

zeeshan.nayani :

No.
The issue is not YOU accessing it, but rather the virus. It has been there doing its thing as long as its been running.

And for the install, you absolutely need to wipe the entire drive.
What drives are in this system, and which OS is this?

zeeshan.nayani · Nov 15, 2018

Windows 7 64bit and I have a desktop drive 1tb and an external drive 1tb which I used to keep connected for backups and it was connected today when this crap happens...

USAFRet · Nov 15, 2018

zeeshan.nayani :

If you've not already disconnected that external, do that NOW.

zeeshan.nayani · Nov 15, 2018

I did it the moment I realise something fishy is going on but I think the virus it's in the external drive too because it's then when I find out that my folders does not appear to be what they use to be

USAFRet · Nov 15, 2018

zeeshan.nayani :

Yes, it already got to some/all of it.

An always connected backup isn't much of a backup.

[SOLVED] my files extention changed to (.no_more_ransom)

Honorable

Distinguished

Splendid

Titan

Titan

Titan

Distinguished

Distinguished

Titan

Distinguished

Honorable

Splendid

Titan

Distinguished

Titan

Titan

Titan

Distinguished

Distinguished

Honorable

Titan

Honorable

Titan

Honorable

Titan

Share this page