Question

My 80% computer files extention are change to .gero

A few days ago I tried to install some software from the internet, during the installation process I saw some unusual activities on my computer (scanning all my computer files). During this time I tried to stop or cancel this installation process but I can't, so I just switch off my computer and restart again then I see that all files in my drive are not opening and their extension is changed to .gero.

After that, I google for .gero extension. After that, I came to know that I have a ransomware attack on my computer, then I try to decrypt with STOPDecrypter software, But it can't help me. So please help me on this how to bring some important files which are encrypted with .gero virus.

Discussion is locked

Answer
Follow
Reply to: My 80% computer files extention are change to .gero
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: My 80% computer files extention are change to .gero
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Re: ransomware

See if https://www.google.com/search?q=ransomware+.gero+decrypt leads to a decryption tool or method. Or maybe just pay as asked.
And, of course, clean your PC or go back to factory conditions.
And, just a tip, in the future be careful what you install, especially if it comes "from the internet". The internet is full of threads.

If no luck with decrypting, you only lose what you didn't backup. That should be only unimportant files, since one should backup important ones.

- Collapse -
Answer
I moved to Linux to avoid ransomware attacks

Might be something to think about. It's possible it only changed the file endings, instead of also encrypting them. Unfortunately windows depends on file endings to recognize the file. Linux doesn't. It doesn't even need file endings. It examines the header inside the file instead to know what it is and what program opens the file. If you boot to a LIVE Linux DVD (Mint, Ubuntu) and double click each file, when it opens in a program, such as Image Viewer, you then know what that file is, and can chose the needed file ending to put on it, then change it and see if windows will open it ok. If so, then all you need is to put the proper file endings back on your files. Even in Windows, if you go to your Pictures folder, add .jpg file endings to some of them, then see if they will open OK. If so you are lucky and they weren't actually encrypted. At the beginning of every file is an identifier to say what sort of file it is. If you use a hex editor program, it can open them where you see the header and know what each one actually is. In Linux I use a program called "bless" for that.

Post was last edited on October 13, 2019 7:20 AM PDT

CNET Forums

Forum Info