General discussion

Help! SOS A malicious virus converts all my folders into exe

Hi. I have a USB pendrive 8GB kingston, in good shape, and with lots of information with virtually all sensitive data.

But the pendrive got infected by a malicious virus or trojan from another computer. Not sure. But once i inserted the pendrive into my home PC, all the folders in the USB pendrive were converted into exe files while some other folders dissapeared.

The only antivirus i have at hand is Norton Internet Security 2010. In order to solve the issue i did the most obvious action for a newbie like myself, so i did scan the USB drive but Norton was unable to find the virus.

I really dont know what to do?. But i think the same happened to other people. I have lots of sensitive data on my pendrive. What should i do?. Is there any webtool or software that can restore my files?

Please help! .SOS! (I do have Windows XP latest service pack SP3, and my processor is an AMD64 athlon, 1.5 GB RAM)

Discussion is locked

Reply to: Help! SOS A malicious virus converts all my folders into exe
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Help! SOS A malicious virus converts all my folders into exe
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Scan again...the pen drive,

...and your HD...this time, with a free anti virus, e.g. AVG [google and download.] Then perhap you can find ways to undo the damage. Norton has its own way of describing 'virus'...

- Collapse -
Still no clue

I did as directed but nothing happened. Papa's echo answer is rather short and confusing to me. Is there anyone with proper patience to guide me on what to do?.

And whats all about Norton has its way to describe a virus?. Does this means Norton products are scam? Oh my gravy Sad

I just would like to know how to properly detect, repair, kill, or whatsoever deal with worms?, trojan, located in my pendrive without the fear of losing vital information.

regards, sparky

- Collapse -
Sorry I fear the worst.

Let's hope you kept a backup copy since that's what is needed here.

Since we are talking DATA RECOVERY and not fighting a virus what you need is a data recovery firm. I like and yes they deal with sensitive files all the time.

- Collapse -
Things start to look dreadful to me :-(

I dont have a back up of the data stored in the usb pendrive. The USB pendrive itself it is a back up of all my sensitive data & information.

I do suspect a worm or a trojan has attached itself to all the folders, because all the folders were transformed into exe files.

I tried to do a full system scan with Norton Internet Security 2010 and AVG (free?) but nothing happened, they dont seem to catch up the virus. Since i dont know what other options i can take, i still ask for help. Is there any?.

I dont know much about anti viruses or anti trojans, but for over a decade i put all my confidence on norton's symantec, which seems to fade away after this problem . Sad

- Collapse -
Is there a better option?

I do kindly appreciate your answer Bob, but is there any other option which doesn't rely on a paid service which can take long time?.

- Collapse -
Let's say you want to scan for virus, trojan and more.
- Collapse -
Damage, what damage?

What kind of damage are you refering to ?. What do you mean that it doesn't undo the damage?. If a simple scan doesn't undo the damage. What should i do?. This whole situation gives me goose bumps

- Collapse -
Given the wild variety of pests out there.

I can't guess what damage was done. All I can do is share that it appears to be a job for a data recovery house.

You wrote "The USB pendrive itself it is a back up of all my sensitive data & information."

A back up is just that. It means there is some other copy somewhere else. If this is the lone copy then someone didn't give you advice about the dangers of the one lone copy.

Given the story I know better than to chance the loss with more scans.

- Collapse -
PS. You didn't share one small detail.

If the virus had a name, the forum could research what it might have done. In one case it was only renaming the files from MINE.DOC to MINE.EXE and renaming it back to MINE.DOC recovered the files.

BUT and this is a problem, without the name of the pest what I just wrote does not apply. I only share it as something that applied to an old pest.

- Collapse -
Yes the virus has a name

It took me a while but i found the name of this worm that is causing this problem. I must say that is a variant of Amvo, Avpo, Kavo or Ckvo. It attaches to the folders and replicates via executable file. I used NOD32 and it removed the malicious content. However all the folders now are gone, but, the space in disk is marked as full, so i do believe the folders are marked as invisible or hidden. Is there anything that i can do to solve this?

- Collapse -
To repeat.

I'll be repeating the above so bear with me.

-> Many learn too late that removing a worm, trojan, virus (does not matter what it is) does not undo the damage.

You are now doing in what they call DATA RECOVERY. While I'll mention RECUVA the problem is simple. You called this a backup and if so then you only need to go get the originals and make your new backup.

If you were mistaken and this was not a backup but the original then you fell into a trap that many do. That is they don't have a backup and when disaster strikes you often read "don't tell me about backup or recovery services, I want my files back."

At that point you might have to give them time to digest it all.

For now, try RECUVA from and call up for a quote.

I picked up an 8GB stick for 20 bucks. Given all the pain of loss and more it seems to me that if you had a backup, the 20 dollars would seem like the best 20 bucks you even spent.

- Collapse -
The lone copy

Indeed to remove the malicious content doesnt undo the damage, as i found the files seem to be hidden and not visible on the USB pendrive.
As i said this is a backup, but unfortunately it is the lone copy, i dont have the originals.
"Your fell into a trap that many do". Wow. these words are very awful to hear / read.
And sure, i do stick with "i want my files back".
I think can't use because i dont live in the US, although i could try to call them and pay for their service (if so they provide internationally). It would be rather annoying and time/money consuming without guarantee to get my files back.

And i do think that the malicious content still may not be gone entirely from the pendrive.

Is there any information about the names
Ckvo.exe ?

I would like to know if there is a tutorial/ manual or anything for me to deal with these viruses/worms, as i read these worms do hide your files and create folders with the same name and widespread via USB pendrives.

- Collapse -
We've pretty covered do it yourself data recovery.

When you find RECUVA and other titles won't do we have to turn it over to companies that do this daily. I'll give the nod to

But what I find odd here is no reply from you about RECUVA after it was mentioned over a day ago.

This tells me you may need to have the work done.

- Collapse -
It didn't work

I cant deal with many things at the same time sorry the delay. I tried recuva on my pendrive, but it didn't restore the files. I did run the Recuva Wizard through Specific location section and selected the usb pendrive, even with enable deep scan selected but no files were found.

- Collapse -

It's up to the masters of recovery. There are other titles but if RECUVA failed then it's game over for home recovery.

These forums fill with folk that are learning the backup lesson first hand. It appears to be one that is learned but rarely taught.

Good luck and hope you had some of your files on any backup.

- Collapse -
Suggestion. For the files which remain...

.... now named *.exe, try renaming them to their proper extension[not necessarily the original], and hope that they open without loss of data. For the missing files, try a data recovery house [as suggested], or run a file recovery program [free from www.] on the pendrive.

That malware changed the extension of most of the files, which make it impossible to access thte data in those files - they won't open properly, if at all. That's the damage. If only the files' extension are changed, renaming the extension to a proper one should make the file accessable. The other damage done by the malware is to delete the files... if you are lucky, file recovery software may be able to recover them. As with all problems of this nature, be prepared to lose every thing you have not backed up.

- Collapse -
Tried but still doesnt work

Before the use of antivirus software NOD32 (as stated above Norton didn't catch up the virus), i tried to rename the .exe, but the folders didn't open. After using the antivirus software the executables were gone as long the fake folders created by the worm.

- Collapse -
A malicious virus converts all my folders into exe SOLUTION

hi! im new here, Filipino,

i had that kind of worm/trojan and most antivirus i use seem to skip it, even kaspersky 2011. im still
trying other scanners...

what i did was, (the long way)...

1. open DOS or cmd window
2. go to that drive/folder
3. directory list all contents including hidden,
system, etc.
4. check if attrib DOS command is still working,
5. start to remove the hidden & system attribute
using attrib DOS command.
(put doulbe quotes on sentence-like
folder names)
6. do the same with the next folder.
7. afterwhich, you can delete the .exe folder files

that's it!
thanks and have a nice day.

CNET Forums

Forum Info