Computer Help forum

General discussion

Help! SOS A malicious virus converts all my folders into exe

by sparky_melon / June 30, 2010 6:13 AM PDT

Hi. I have a USB pendrive 8GB kingston, in good shape, and with lots of information with virtually all sensitive data.

But the pendrive got infected by a malicious virus or trojan from another computer. Not sure. But once i inserted the pendrive into my home PC, all the folders in the USB pendrive were converted into exe files while some other folders dissapeared.

The only antivirus i have at hand is Norton Internet Security 2010. In order to solve the issue i did the most obvious action for a newbie like myself, so i did scan the USB drive but Norton was unable to find the virus.

I really dont know what to do?. But i think the same happened to other people. I have lots of sensitive data on my pendrive. What should i do?. Is there any webtool or software that can restore my files?

Please help! .SOS! (I do have Windows XP latest service pack SP3, and my processor is an AMD64 athlon, 1.5 GB RAM)

Discussion is locked
You are posting a reply to: Help! SOS A malicious virus converts all my folders into exe
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Help! SOS A malicious virus converts all my folders into exe
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Scan again...the pen drive,
by Papa Echo / June 30, 2010 9:16 AM PDT

...and your HD...this time, with a free anti virus, e.g. AVG [google and download.] Then perhap you can find ways to undo the damage. Norton has its own way of describing 'virus'...

Collapse -
Still no clue
by sparky_melon / June 30, 2010 10:55 AM PDT

I did as directed but nothing happened. Papa's echo answer is rather short and confusing to me. Is there anyone with proper patience to guide me on what to do?.

And whats all about Norton has its way to describe a virus?. Does this means Norton products are scam? Oh my gravy Sad

I just would like to know how to properly detect, repair, kill, or whatsoever deal with worms?, trojan, located in my pendrive without the fear of losing vital information.

regards, sparky

Collapse -
Sorry I fear the worst.
by R. Proffitt Forum moderator / June 30, 2010 11:01 AM PDT
In reply to: Still no clue

Let's hope you kept a backup copy since that's what is needed here.

Since we are talking DATA RECOVERY and not fighting a virus what you need is a data recovery firm. I like http://www.drivesavers.com and yes they deal with sensitive files all the time.
Bob

Collapse -
Things start to look dreadful to me :-(
by sparky_melon / June 30, 2010 11:17 AM PDT

I dont have a back up of the data stored in the usb pendrive. The USB pendrive itself it is a back up of all my sensitive data & information.

I do suspect a worm or a trojan has attached itself to all the folders, because all the folders were transformed into exe files.

I tried to do a full system scan with Norton Internet Security 2010 and AVG (free?) but nothing happened, they dont seem to catch up the virus. Since i dont know what other options i can take, i still ask for help. Is there any?.

I dont know much about anti viruses or anti trojans, but for over a decade i put all my confidence on norton's symantec, which seems to fade away after this problem . Sad

Collapse -
Is there a better option?
by sparky_melon / June 30, 2010 11:25 AM PDT

I do kindly appreciate your answer Bob, but is there any other option which doesn't rely on a paid service which can take long time?.

Collapse -
Let's say you want to scan for virus, trojan and more.
by R. Proffitt Forum moderator / June 30, 2010 11:14 AM PDT
Collapse -
Damage, what damage?
by sparky_melon / June 30, 2010 11:22 AM PDT

What kind of damage are you refering to ?. What do you mean that it doesn't undo the damage?. If a simple scan doesn't undo the damage. What should i do?. This whole situation gives me goose bumps

Collapse -
Given the wild variety of pests out there.
by R. Proffitt Forum moderator / June 30, 2010 11:35 AM PDT
In reply to: Damage, what damage?

I can't guess what damage was done. All I can do is share that it appears to be a job for a data recovery house.

You wrote "The USB pendrive itself it is a back up of all my sensitive data & information."

A back up is just that. It means there is some other copy somewhere else. If this is the lone copy then someone didn't give you advice about the dangers of the one lone copy.

Given the story I know better than to chance the loss with more scans.
Bob

Collapse -
PS. You didn't share one small detail.
by R. Proffitt Forum moderator / June 30, 2010 11:38 AM PDT
In reply to: Damage, what damage?

If the virus had a name, the forum could research what it might have done. In one case it was only renaming the files from MINE.DOC to MINE.EXE and renaming it back to MINE.DOC recovered the files.

BUT and this is a problem, without the name of the pest what I just wrote does not apply. I only share it as something that applied to an old pest.
Bob

Collapse -
Yes the virus has a name
by sparky_melon / June 30, 2010 3:32 PM PDT

It took me a while but i found the name of this worm that is causing this problem. I must say that is a variant of Amvo, Avpo, Kavo or Ckvo. It attaches to the folders and replicates via executable file. I used NOD32 and it removed the malicious content. However all the folders now are gone, but, the space in disk is marked as full, so i do believe the folders are marked as invisible or hidden. Is there anything that i can do to solve this?

Collapse -
To repeat.
by R. Proffitt Forum moderator / June 30, 2010 9:18 PM PDT

I'll be repeating the above so bear with me.

-> Many learn too late that removing a worm, trojan, virus (does not matter what it is) does not undo the damage.

You are now doing in what they call DATA RECOVERY. While I'll mention RECUVA the problem is simple. You called this a backup and if so then you only need to go get the originals and make your new backup.

If you were mistaken and this was not a backup but the original then you fell into a trap that many do. That is they don't have a backup and when disaster strikes you often read "don't tell me about backup or recovery services, I want my files back."

At that point you might have to give them time to digest it all.

For now, try RECUVA from download.com and call up http://www.drivesavers.com for a quote.

I picked up an 8GB stick for 20 bucks. Given all the pain of loss and more it seems to me that if you had a backup, the 20 dollars would seem like the best 20 bucks you even spent.
Bob

Collapse -
The lone copy
by sparky_melon / July 1, 2010 3:54 AM PDT
In reply to: To repeat.

Indeed to remove the malicious content doesnt undo the damage, as i found the files seem to be hidden and not visible on the USB pendrive.
As i said this is a backup, but unfortunately it is the lone copy, i dont have the originals.
"Your fell into a trap that many do". Wow. these words are very awful to hear / read.
And sure, i do stick with "i want my files back".
I think can't use drivesavers.com because i dont live in the US, although i could try to call them and pay for their service (if so they provide internationally). It would be rather annoying and time/money consuming without guarantee to get my files back.

And i do think that the malicious content still may not be gone entirely from the pendrive.

Is there any information about the names
Amvo.exe
Avpo.exe
Kavo.exe
Ckvo.exe ?

I would like to know if there is a tutorial/ manual or anything for me to deal with these viruses/worms, as i read these worms do hide your files and create folders with the same name and widespread via USB pendrives.

Collapse -
We've pretty covered do it yourself data recovery.
by R. Proffitt Forum moderator / July 1, 2010 4:09 AM PDT
In reply to: The lone copy

When you find RECUVA and other titles won't do we have to turn it over to companies that do this daily. I'll give the nod to http://www.drivesavers.com

But what I find odd here is no reply from you about RECUVA after it was mentioned over a day ago.

This tells me you may need to have the work done.
Bob

Collapse -
It didn't work
by sparky_melon / July 1, 2010 4:22 AM PDT

I cant deal with many things at the same time sorry the delay. I tried recuva on my pendrive, but it didn't restore the files. I did run the Recuva Wizard through Specific location section and selected the usb pendrive, even with enable deep scan selected but no files were found.

Collapse -
Then
by R. Proffitt Forum moderator / July 1, 2010 4:27 AM PDT
In reply to: It didn't work

It's up to the masters of recovery. There are other titles but if RECUVA failed then it's game over for home recovery.

These forums fill with folk that are learning the backup lesson first hand. It appears to be one that is learned but rarely taught.

Good luck and hope you had some of your files on any backup.
Bob

Collapse -
Suggestion. For the files which remain...
by Papa Echo / June 30, 2010 11:57 AM PDT
In reply to: Damage, what damage?

.... now named *.exe, try renaming them to their proper extension[not necessarily the original], and hope that they open without loss of data. For the missing files, try a data recovery house [as suggested], or run a file recovery program [free from www.] on the pendrive.

That malware changed the extension of most of the files, which make it impossible to access thte data in those files - they won't open properly, if at all. That's the damage. If only the files' extension are changed, renaming the extension to a proper one should make the file accessable. The other damage done by the malware is to delete the files... if you are lucky, file recovery software may be able to recover them. As with all problems of this nature, be prepared to lose every thing you have not backed up.

Collapse -
Tried but still doesnt work
by sparky_melon / July 1, 2010 3:56 AM PDT

Before the use of antivirus software NOD32 (as stated above Norton didn't catch up the virus), i tried to rename the .exe, but the folders didn't open. After using the antivirus software the executables were gone as long the fake folders created by the worm.

Collapse -
A malicious virus converts all my folders into exe SOLUTION
by raydi89 / October 3, 2010 2:55 AM PDT

hi! im new here, Filipino,

i had that kind of worm/trojan and most antivirus i use seem to skip it, even kaspersky 2011. im still
trying other scanners...

what i did was, (the long way)...

1. open DOS or cmd window
2. go to that drive/folder
3. directory list all contents including hidden,
system, etc.
4. check if attrib DOS command is still working,
5. start to remove the hidden & system attribute
using attrib DOS command.
(put doulbe quotes on sentence-like
folder names)
6. do the same with the next folder.
7. afterwhich, you can delete the .exe folder files

that's it!
thanks and have a nice day.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.