Need help cleaning up filenames after ransomware attempt.

Dear Anyone.

Windows 10, 64-bit here!

So some Russian - I'll get onto how I know that - bunch tried to ransomware me. Took a lot of fighting with 2 antiviruses but I beat the virus - kinda! I've now got thousands of files with a double-extension .azqt on them, so if the file's supposed to be Fred.jpg, it's now Fred.jpg.azqt! I've proven - I THINK - that if the .azqt gets taken off, the file returns to normal - I've hand-taken the .azqt off a BUNCH of files and they've all worked immediately I've done that. (Except for a few .zips that stayed corrupted but they didn't matter and all the other ones I tried worked immediately afterwards.)

Problem is - the AMOUNT of files!! There's thousands of them - I write music and a lot of them are patches from my music software (SOB!!) So they're not even in the same folder, they're in folders all over the place. BUT - lots of them are in groups in the same folder as they're patches for the same VST.

Is there a commnd, or bit of software, I can order to 'delete .azqt off the end of all files and leave the rest of the file name including first extension intact'? So it'll go through my file system, just remove all the double-extensions (the azqts) and not touch the first extension? So all the 'fred.jpg.azqt's will go back to 'fred.jpg's? and so on? I mean if the ransomeware guys were going to decrypt all their encrypted files, they'd've had to have a batch-file-renamer of some kind, as that's obviously how they did the 'encryption'.

How do I know they're Russian? Hokay, I know I should know the answer to this - everything in my Hotmail folder's now in Russian! All the headings, all the menu commands, everything. I can't change the language back because I can't read the instructions for HOW to change the language back - they're all in Russian! Tried reinstalling Firefox, didn't help. Even my PASSWORD'S in Russian - the only way I can get into my Hotmail account's via my tablet - I'm using my PC to type this - because I happened to be logged in already on the tablet. If I try to log in on the PC, I use the correct password - honest, it's correct! - and get a 'Password not recognised' - in Russian! Everything's in Russian on the tablet too so I can't even change the password there cos I can't read how to. (All the actual E_mails are still in English, as are their titles, it's just the website titles that are in Russian.)

Anyone got any ideas on either of the above?

Yours with 30,000 files to rename(!!!)

Chris.

dalchina said:

Hi, whilst you can use a recursive command e.g.

How to rename multiple files in subfolders using Windows command prompt - DEV Community

there are also (free) 3rd party renamers.

Obviously you will create a full backup beforehand.

Note: had you been using 3rd party disk imaging regularly and routinely as is so often advised here, you could simply have restored a disk image of relevant partitions (possibly after wiping your disks!) created before the ransomware attack.

Dear Dalchina.

This is where you tell me, in full luxuriant detail, how dumbass are the users you get on this site.

I had everything backed up on an external hard drive, Drive E. Unfortunately, it got the backups too. I had never read anywhere that it wasn't safe to have the backup drive attached to the computer, so I'd always assumed a virus could only attack Drive C, not Drive Anything Else. I learned how incorrect that was when I went to get the backups.

In self-defence, can you find ONE PLACE on this forum where it ACTUALLY SAYS not to keep the backup drive always attached to the PC? Cos I can't. I just thought everything NOT on drive C was safe whether or not the other drive was attached to the PC as an external drive. I now know it isn't. Exactly half the files I have to rename ARE the backupped files!

Yours respectfully

Chris

ulrichburke said:

In self-defence, can you find ONE PLACE on this forum where it ACTUALLY SAYS not to keep the backup drive always attached to the PC?

One of (I am sure) many: post5
(and particularly relevant!). I wonder what made you think other drives/partitions were safe?

mngerhold said:

One of (I am sure) many: post5
(and particularly relevant!). I wonder what made you think other drives/partitions were safe?

Dear Dalchina.

Because I'd only ever read to keep things backed up on external hard drives, not to NOT keep the hard drives attached to the computer. So I totally believed stuff was safe as long as it wasn't on drive C, whether or not the drive it was on was attached to the computer. Without being told, why would I think they WEREN'T safe?

Yours respectfully,

Chris

dalchina said:

Thank you for your reply.

If drives are attached to a desktop without a UPS/surge protection- they are naturally potentially exposed to risk in areas prone to lightning/power outages and surges.

If someone steals your PC - and all your drives- they're gone.

Those don't take too much thought.

Anything attached to your PC by any means can be affected by rogue programs which can write to them,

That's self-evident.

Dear Dalchina.

This is going to sound equally dumbass but as I misunderstood one, I could well misunderstand this too....

If the hard drives are in attached external caddies BUT THE CADDIES ARE NOT TURNED ON/POWERED UP can viruses still write to the drives, or only if the drives are powered up? Is it safe to have the external caddy attached but powered off?

Yours respectfully,

Chris.