19 total posts
Scan again...the pen drive,
...and your HD...this time, with a free anti virus, e.g. AVG [google and download.] Then perhap you can find ways to undo the damage. Norton has its own way of describing 'virus'...
Still no clue
I did as directed but nothing happened. Papa's echo answer is rather short and confusing to me. Is there anyone with proper patience to guide me on what to do?.
And whats all about Norton has its way to describe a virus?. Does this means Norton products are scam? Oh my gravy
I just would like to know how to properly detect, repair, kill, or whatsoever deal with worms?, trojan, located in my pendrive without the fear of losing vital information.
Sorry I fear the worst.
Let's hope you kept a backup copy since that's what is needed here.
Since we are talking DATA RECOVERY and not fighting a virus what you need is a data recovery firm. I like http://www.drivesavers.com and yes they deal with sensitive files all the time.
Things start to look dreadful to me :-(
I dont have a back up of the data stored in the usb pendrive. The USB pendrive itself it is a back up of all my sensitive data & information.
I do suspect a worm or a trojan has attached itself to all the folders, because all the folders were transformed into exe files.
I tried to do a full system scan with Norton Internet Security 2010 and AVG (free?) but nothing happened, they dont seem to catch up the virus. Since i dont know what other options i can take, i still ask for help. Is there any?.
I dont know much about anti viruses or anti trojans, but for over a decade i put all my confidence on norton's symantec, which seems to fade away after this problem .
Is there a better option?
I do kindly appreciate your answer Bob, but is there any other option which doesn't rely on a paid service which can take long time?.
Let's say you want to scan for virus, trojan and more.
While I advise to proceed directly to a data recovery house since this story appears to be all about that, I want to lead off with a very simple statement. "Removing a virus/trojan does not undo the damage."
-> With that out of the way, Grif has a very good post about what tools and more to use at the next link.
Damage, what damage?
What kind of damage are you refering to ?. What do you mean that it doesn't undo the damage?. If a simple scan doesn't undo the damage. What should i do?. This whole situation gives me goose bumps
Given the wild variety of pests out there.
I can't guess what damage was done. All I can do is share that it appears to be a job for a data recovery house.
You wrote "The USB pendrive itself it is a back up of all my sensitive data & information."
A back up is just that. It means there is some other copy somewhere else. If this is the lone copy then someone didn't give you advice about the dangers of the one lone copy.
Given the story I know better than to chance the loss with more scans.
PS. You didn't share one small detail.
If the virus had a name, the forum could research what it might have done. In one case it was only renaming the files from MINE.DOC to MINE.EXE and renaming it back to MINE.DOC recovered the files.
BUT and this is a problem, without the name of the pest what I just wrote does not apply. I only share it as something that applied to an old pest.
Yes the virus has a name
It took me a while but i found the name of this worm that is causing this problem. I must say that is a variant of Amvo, Avpo, Kavo or Ckvo. It attaches to the folders and replicates via executable file. I used NOD32 and it removed the malicious content. However all the folders now are gone, but, the space in disk is marked as full, so i do believe the folders are marked as invisible or hidden. Is there anything that i can do to solve this?
I'll be repeating the above so bear with me.
-> Many learn too late that removing a worm, trojan, virus (does not matter what it is) does not undo the damage.
You are now doing in what they call DATA RECOVERY. While I'll mention RECUVA the problem is simple. You called this a backup and if so then you only need to go get the originals and make your new backup.
If you were mistaken and this was not a backup but the original then you fell into a trap that many do. That is they don't have a backup and when disaster strikes you often read "don't tell me about backup or recovery services, I want my files back."
At that point you might have to give them time to digest it all.
For now, try RECUVA from download.com and call up http://www.drivesavers.com for a quote.
I picked up an 8GB stick for 20 bucks. Given all the pain of loss and more it seems to me that if you had a backup, the 20 dollars would seem like the best 20 bucks you even spent.
The lone copy
Indeed to remove the malicious content doesnt undo the damage, as i found the files seem to be hidden and not visible on the USB pendrive.
As i said this is a backup, but unfortunately it is the lone copy, i dont have the originals.
"Your fell into a trap that many do". Wow. these words are very awful to hear / read.
And sure, i do stick with "i want my files back".
I think can't use drivesavers.com because i dont live in the US, although i could try to call them and pay for their service (if so they provide internationally). It would be rather annoying and time/money consuming without guarantee to get my files back.
And i do think that the malicious content still may not be gone entirely from the pendrive.
Is there any information about the names
I would like to know if there is a tutorial/ manual or anything for me to deal with these viruses/worms, as i read these worms do hide your files and create folders with the same name and widespread via USB pendrives.
We've pretty covered do it yourself data recovery.
When you find RECUVA and other titles won't do we have to turn it over to companies that do this daily. I'll give the nod to http://www.drivesavers.com
But what I find odd here is no reply from you about RECUVA after it was mentioned over a day ago.
This tells me you may need to have the work done.
It didn't work
I cant deal with many things at the same time sorry the delay. I tried recuva on my pendrive, but it didn't restore the files. I did run the Recuva Wizard through Specific location section and selected the usb pendrive, even with enable deep scan selected but no files were found.
It's up to the masters of recovery. There are other titles but if RECUVA failed then it's game over for home recovery.
These forums fill with folk that are learning the backup lesson first hand. It appears to be one that is learned but rarely taught.
Good luck and hope you had some of your files on any backup.
Suggestion. For the files which remain...
.... now named *.exe, try renaming them to their proper extension[not necessarily the original], and hope that they open without loss of data. For the missing files, try a data recovery house [as suggested], or run a file recovery program [free from www.] on the pendrive.
That malware changed the extension of most of the files, which make it impossible to access thte data in those files - they won't open properly, if at all. That's the damage. If only the files' extension are changed, renaming the extension to a proper one should make the file accessable. The other damage done by the malware is to delete the files... if you are lucky, file recovery software may be able to recover them. As with all problems of this nature, be prepared to lose every thing you have not backed up.
Tried but still doesnt work
Before the use of antivirus software NOD32 (as stated above Norton didn't catch up the virus), i tried to rename the .exe, but the folders didn't open. After using the antivirus software the executables were gone as long the fake folders created by the worm.
A malicious virus converts all my folders into exe SOLUTION
hi! im new here, Filipino,
i had that kind of worm/trojan and most antivirus i use seem to skip it, even kaspersky 2011. im still
trying other scanners...
what i did was, (the long way)...
1. open DOS or cmd window
2. go to that drive/folder
3. directory list all contents including hidden,
4. check if attrib DOS command is still working,
5. start to remove the hidden & system attribute
using attrib DOS command.
(put doulbe quotes on sentence-like
6. do the same with the next folder.
7. afterwhich, you can delete the .exe folder files
thanks and have a nice day.