HELP_HELP encrypted virus changed file extensions to .a3d7

Hello,

I caught something the other day, all my files (pdf, docx, tx, png, dwg, etc...) I mean ALL have now an extension .a3d7
this laptop is the engine of my business and all my works are on it. the most important files are the .dwg (drawing files).
I have a backup but it's 2 months old. Can someone help?
the sucker changed all file names to a random name with capital letters and all extensions to .a3d7

Welcome to the forum you are the victim to ransom ware all your files are encrpted its VITAL do not CONNECT the pc to a NETWORK as it will encrpt all files on other pcs. Some type can be deycrypted most cant we need to know what sort you have to see if the is a fix for it do you get any demands for money?

HF SCANS
Please download MINITOOLBOX and run it.
Downloading MiniToolBox
Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)
Click Go and post the result.

---

---

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).

---

Disable your antivirus prior to the scan!!
Download z o e k . e x e version 5.0.0.0
Save the file to your desktop.
Right click Zoek.exe and run as administrator.
Copy and the items below and paste them into Zoek.


createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
iedefaults;
autoclean;
chrdefaults;
ffdefaults;
reset chrome;
resetieproxy;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

---

Step 4: Adware Removal Tool.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

Hit Ok.

Hit next make sure to leave all items checked, for removal.

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, then OK again to finish up. Post log generated by tool.

Also, if you can send a sample file to the Ransomware folks over in bleepingcomputer, I cannot remember who the "they are" over there, perhaps they can identify which ransomware got your files and maybe perhaps possibly suggest a solution.

yes i did get a page with instructions on how to proceed for payment but as my first instinct was to delete all new pics and files received along with that sucker, i deleted those docs. Only to later realize that i was also deleting some of my files because at that time i did not realize that all my files were modified.
I will go ahead and give your repair a try then i will give feedback.

Thanks