My Laptop got attacked by a virus and nearly every file including Photos, Videos and Documents extension were changed to YYZA , meaning .jpg was changed to .YYZA, How to recover or remove that extension. kindly help?
Asked
Active
Viewed 1,171 times
3 Answers
2
It's a STOP / DJVU variant.
Some variations can be decrypted using the Emsisoft decryptor
If your variant isn't supported yet, all you can do is wait and try every now and then if an updated version can. The tool is silently updated (updates aren't announced).
I happen to have made a simple free tool to repair certain file types but I no longer support or actively maintain it. Biggest flaws are, limited file size support and only atom order ftyp-mdat-moov is supported for QuickTime container based videos. Some commercial tools can now do the same, WonderShare Video Repair for example.
See https://youtu.be/3AKJ27sZ9_E. Download URL is in video description.
Since STOP / DJVU encrypts only first 153605 bytes of a file, there are more file types that are potentially repairable, for example: https://youtu.be/ouSTB6Rg10g.
0
The damage you outline is quite serious. Ransomware.
The only thing you can do now is a fresh reinstall of Windows.
Then recover documents from your previous backup.
If no backup, you have just learned the importance of having backups
0
Do not pay the ransom !
First step is to remove the YYZA virus. Try to scan using your anti-virus, but if it fails you could try Gridinsoft Anti-Malware that is said to detect well this virus.
For decrypting the files, you could use the Emsisoft Decryptor.
Lastly, I hope you have good backups, as the last resort is to format the disk and reinstall Windows from scratch.
The above advice is based on the article YYZA Virus (.YYZA File) Decrypt & Removal Guide. I suggest reading this article carefully (although it's rather long).
harrymc
- 498,455