My files changed to .a8aa
Closed
Brox
-
Updated by Brox on 8/01/17 at 08:28 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 16, 2017 at 04:42 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Jan 16, 2017 at 04:42 PM
Related:
- My files changed to .a8aa
- Recover my files - Download - Backup and recovery
- Whatsapp date changed to 1970 - Guide
- Clear recent files windows 11 - Guide
- How to open msi files on android - Guide
- How to delete multiple files on mac - Guide
2 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 9, 2017 at 05:25 AM
Jan 9, 2017 at 05:25 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
1. Open this link and download ZHPDiag :
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)
4. Double click on the short cut ZHPDiag on your Destktop.
5 Click on scan
Wait for the tool to finished (maybe a long time)
6. Close ZHPDiag.
7. To transmit the report, click on this link :
http://www.tinyupload.com/index.php
8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from tinyupload and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Jan 13, 2017 at 05:08 PM
Jan 13, 2017 at 05:08 PM
Hello Brox
Okay I now have the report and I analyzed it.
I have a few questions for you before we get to work on your system. Please answer all of my questions.
1. Why do you have AutoKMS on your computer ?
2. The file extensions .a8aa are they found only on personal data files because I don't see them ?
3. Please tell me what the "README file say.
4. Did you just before the issue occurred open a email attachment?
5. There are some questionable files in your system which are made in China, do you need them such as UC.lnk . (.保留所有权利。 - Application; Surveillance System; video monitoring management system; mcms.
Please let me know.
Okay I now have the report and I analyzed it.
I have a few questions for you before we get to work on your system. Please answer all of my questions.
1. Why do you have AutoKMS on your computer ?
2. The file extensions .a8aa are they found only on personal data files because I don't see them ?
3. Please tell me what the "README file say.
4. Did you just before the issue occurred open a email attachment?
5. There are some questionable files in your system which are made in China, do you need them such as UC.lnk . (.保留所有权利。 - Application; Surveillance System; video monitoring management system; mcms.
Please let me know.
1. Why do you have AutoKMS on your computer ?
Re: I have no clue what AutoKMS is.
2. The file extensions .a8aa are they found only on personal data files because I don't see them ?
Re: Yes, and all personal data were converted to .a8aa
3. Please tell me what the "README file say.
Re: it's with .hta extention not .txt. and the icon looks like .exe file icon. I thought it's not safe to run it. Shall I do that?
4. Did you just before the issue occurred open a email attachment?
Re: No, the only thing I can think of is watching a movie on 123movies.to
5. There are some questionable files in your system which are made in China, do you need them such as UC.lnk . (.保留所有权利。 - Application; Surveillance System; video monitoring management system; mcms.
Re: I have some video management software used for IP CCTV systmes. And yes some of them are chinese.
Re: I have no clue what AutoKMS is.
2. The file extensions .a8aa are they found only on personal data files because I don't see them ?
Re: Yes, and all personal data were converted to .a8aa
3. Please tell me what the "README file say.
Re: it's with .hta extention not .txt. and the icon looks like .exe file icon. I thought it's not safe to run it. Shall I do that?
4. Did you just before the issue occurred open a email attachment?
Re: No, the only thing I can think of is watching a movie on 123movies.to
5. There are some questionable files in your system which are made in China, do you need them such as UC.lnk . (.保留所有权利。 - Application; Surveillance System; video monitoring management system; mcms.
Re: I have some video management software used for IP CCTV systmes. And yes some of them are chinese.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
Brox
Jan 16, 2017 at 04:42 PM
Jan 16, 2017 at 04:42 PM
If you look at the hta, you might be able to read a ransom demand, 123 movies is full of viruses including ransomware.
You can delete the virus with Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Your .a8aa files are encrypted files. You might be able to recover some of them using Shadow Explorer.
AutoKMS is to bypass Microsoft software registration but it's virused.
You can delete the virus with Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Your .a8aa files are encrypted files. You might be able to recover some of them using Shadow Explorer.
AutoKMS is to bypass Microsoft software registration but it's virused.
Jan 12, 2017 at 09:53 AM
Here is the link for the report:
HYPERLINK "http://s000.tinyupload.com/index.php?file_id=40286714659611356224" http://s000.tinyupload.com/?file_id=40286714659611356224
Hope to solve this issue soon.. many thanks in advance.
Jan 12, 2017 at 04:50 PM
You have posted the wrong hyperlink. Please try again.
Jan 13, 2017 at 11:40 AM