how to remove .exe extension from files and folders? Closed

Question

Hello!
I have this virus in my pc hard drive which hid all my files and folders and created their copy file with an executable(.exe) of the same. I did some research on internet and found out that this virus has to be removed using an antivirus that could detect it and then have to unhide my files using cmd prompt. Now I used Norton Antivirus and it cleaned the virus from my pc. all the shortcut and copy files are gone now. except that it shows all my files with a .exe extension and not with the original size of the file or folder. As a result the infected partition of my hard disk(126GB) which was almost full shows just 11GB of the memory being used. The rest of the memory it shows is free.
I am attatching a screen shot of what my files look like. the screen shot is of the image(.jpg) files which have an added .exe extension

Now, upto this point I was able to get along with the info but when it came to unhiding the files in cmd prompt, I just couldnt figure out what to do. Whenever I try unhiding my files using "D:\>attrib -h -s -r -a /s /d D:\*.*", D: being my drive which is infected, it shows "Access Denied - D:\System Volume Information". I just could not get beyond this point. 

Please help me with this problem as I have some crucial data on my drive that I need to recover. Many many thanks in advance.

Ambucias · Answer

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report. 

1. Open this link and download ZHPDiag2 : 
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)  Click on the download button

2. Save the file on your Desktop. 

3. Double click on ZHPDiag.exe and follow the installation instructions. 

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right) 

4. Double click on the short cut ZHPDiag on your Destktop. 

5. Click on Full. 

Wait for the tool to finished (maybe a long time) 

6. Close ZHPDiag. 

7. To transmit the report, click on this link : 

https://authentification.site 

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.

Ambucias
Moderator and Virus/Security Contributor

Ambucias · Answer

1. Close all applications

2. Select and copy all of the following bold lines.
---------------------------------------------------------------------------------- 
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://astromenda.com/
O4 - GS\TaskBar [Administrator]: YTD Video Downloader.lnk . (.GreenTree Applications SRL - YTD Video Downloader.) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
O4 - GS\TaskBar [Fazili Uzair]: YTD Video Downloader.lnk . (.GreenTree Applications SRL - YTD Video Downloader.) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
O4 - GS\TaskBar [Guest]: YTD Video Downloader.lnk . (.GreenTree Applications SRL - YTD Video Downloader.) C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
O42 - Logiciel: YTD Video Downloader 4.5.1 - (.GreenTree Applications SRL.) [HKLM][64Bits] -- {1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
HKCU\SOFTWARE\GreenTree Applications
3 - CFD: 2015/10/03 10:30:59 - [] D -- C:\Program Files (x86)\GreenTree Applications
3 - CFD: 2015/10/03 10:43:44 - [] D -- C:\Users\Fazili Uzair\AppData\Roaming\DriverFinder
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
C:\Users\Fazili Uzair\AppData\Roaming\DriverFinder


3. Download and launch https://nicolascoolman.eu

4.  Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9.Hello,
# Download USB Fix

Launch it, a shortcut will be created on your desktop.


Choose "Clean" option.
 A pop-up will follow Connect all your external data sources to your PC (Usb keys, sd cards external drives, etc...)
 Once you're ready, click "OK".
 While cleaning, you will lose access to your desktop, but this is normal.
The numbers of analyzed and infected elements are displayed.

# Copy/paste the report here.

Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/

Ambucias
Moderator / Virus Security Contributor

Ambucias · Answer

There you go, everything should be okay now.  All kinds of malware have been removed.

uzair_kf · Answer

Not only with an image file, the .exe extension is with every file on my hard drive. The partition that has windows installed(C:/) works fine. The rest two partitions on my drive are affected.
Here's what it looks like when I try to open any file.

Ambucias · Answer

I believe that you may need to fix the file association.

See this page for how to fix it:

https://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

Good luck

How to remove .exe extension from files and folders?

5 responses

Similar discussions

Subscribe To Our Newsletter!