0

I have a client who was recently victimized by CTBLocker. The ransomware has been removed, and most of the files have been recovered. However, the C: drive is now very full of files created by the malware, and these files all have randomly-generated file extensions.

These are encrypted files which may be able to be recovered in the future, so we need to copy them off the C: drive and store them in a secure offline backup location until decryption becomes available, as it did for previous versions of this malware.

The only thing these files have in common is that their extensions are usually greater than 3 characters in length. If possible, I need the Explorer search expression that will return all files with a longer extension than 3 characters. I tried ext:???? with no luck. Any help?

Improve this question

1 Answer 1

Reset to default
3

If you search for *.???? you will get any files with a four letter (or longer) extention.

* will match any length of string, . will match the period character and ???? will match any four characters.

There's some advanced search options in Windows 7 and 8, which you can more about here.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .