Resolved Question

Virus Mayhem - Now all documents are missing

Hello all,

I am desperate!

I got hit with a virus this morning about 12 to 15 times right in a row. It is a trojan called Fakealert!qrb. McAfee caught, quarantined and removed the virus each time it hit, but it hit repeatedly.

For those not familiar with the virus, it pops up a warning that your hard drive has failed.

My computer is an HP Pavillion dv6500 Notebook with Windows Vista Home Premium Edition 2007 Service Pack 2.

Following are the steps that occurred during the virus issues and the steps I took to remedy the havoc wreaked on my computer by the entire ordeal.

1. Hard drive failure warning stating that you must restart your computer.
2. Everything locked up, leaving me no choice but to restart.
3. Restarted ok and then proceeded to receive the same message again regarding the hard drive crash.
4. "Windows Vista Recovery" opened, which I believe was actually the virus still running.
5. Recovery analysis was run automatically and showed 11 issues existing, only seven of which had been corrected.
6. "Recovery" showed a message stating that the full version needed to be purchased in order to correct the problem.
7. I restarted the computer in safe mode this time as I did not trust the "recovery" and was still getting hit with the warnings from McAfee about the trojan.
8. While in safe mode, I did a system restore to 7 p.m. last night.
9. After system restore completed, the computer rebooted.
10. I did a CCleaner cleaning and a registry cleaning. The only files removed were the normal sort of junk deleted in these processes.
11. Everything seemed to be operating properly after all of this was completed, until I went to open a word file. It appears that all of my word documents are missing.
12. Excel documents are also missing.
13. I can access documents in the start menu "Recent Items" option and can also find documents that have been recently changed in windows explorer.
14. I completed a series of searches in windows explorer looking for documents that I worked on last night and the day before and none have been located.
15. I believe that the documents are all still here somewhere but I'm simply unable to find them.
16. I rebooted the system and still have had no luck.
17. Please do help. I am a freelance writer and make my living with this PC. Some of the documents I am missing were partially completed client assignments due this week, hence the desperation.

I sincerely appreciate any help or guidance anyone can give.

Discussion is locked
proficientpen has chosen the best answer to their question. View answer
Follow
Reply to: Virus Mayhem - Now all documents are missing
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Virus Mayhem - Now all documents are missing
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Clarification Request
Just for reference.
- Collapse -
I think I found the answers needed

I do have a backup of most work; however, I was in the middle of writing two rather lengthy assignments on very difficult topics and for these two items in particular, I do not yet have a backup.

I also found some helpful information on a Trojan that sound like the same basic beast, known as "windows recovery," as well as the methods for removing infections and restoring the hidden files to normal view and status. Unfortunately, the malware removal software recommended for eliminating the infected files keeps stalling out on me part way through the initial scan. This will be the third time I've run it. Hopefully, the third time is the charm so I can get on with restoring the hidden files and get back to work.

Thanks for your response, Bob and for the link.
Bridget

- Collapse -
Hope it helps.

The link and discussion seem to apply. Be sure to post in the CNET SPYWARE FORUM since that's where the gurus on this camp out.
Bob

Best Answer

- Collapse -
Follow these instructions ...
http://www.bleepingcomputer.com/virus-removal/remove-windows-restore

It begins with a lengthy read that covers what is happening then goes into manual removal using"
RKILL - http://www.bleepingcomputer.com/download/anti-virus/rkill
MalwareBytes - http://www.bleepingcomputer.com/download/anti-virus/malwarebytes-anti-malware
and
Unhide.exe - http://download.bleepingcomputer.com/grinler/unhide.exe

Although not mentioned, I would also suggest you download and use Super-Anti Spyware

Additionally, i suggest you download these on a different computer and save them to a USB flash drive AND that you boot the problem computer into SAFE MODE to use the tools. It is important to NOT REBOOT after using RKILL until after MalwareBytes has done it's thing.

After all is done make use of UNHIDE.EXE
- Collapse -
Problems in process of being resolved

Thanks. These are the steps I am already in the process of taking to correct the problem. Unfortunately, malwarebytes will not run all the way through a full scan. It freezes up and so does the computer part way through every time, though I do have someone helping me to correct the problems. I think, with the help I'm receiving that the issue will be resolved soon.

- Collapse -
Run The Processes While In Safe Mode &...

...because malware scanners use a lot of processing power and create heat as a result, be sure to remove the computer cover and use canned air to blow out the dust from around the processor, the heatsink, the power supply, and all vents and fans.

How To Start In 'Safe Mode'

Running the scans while in Safe Mode will frequently allow the scans to finish.

Hope this helps.

Grif

- Collapse -
Running in safe mode

Unfortunately, none of the malware removal programs will run all the way through in safe mode either, but it appears that the system is clean just with a "quick scan" with malwarebytes. The quick scan checks most of the system anyway and takes quite a long time to run through. It removed several trojans and several hundred other infected files, most of which had been quarantined in the past by other virus removal software programs.

- Collapse -
Answer
missing files

I had the same virus and also run McAfee. Virus is now gone but it took several days and I don't know how it was removed. I also had the same problem with missing files. Mine were still there they were just hidden. Right Click on the folder(s) where your files are and click on properties, and then the tab "general". Look for the box that says "hidden" and uncheck it. That's how I fixed my problem. So far I haven't noticed any files that were destroyed or missing. Good Luck.

- Collapse -
Restoring missing files

Thank you for the info on this. I was able to figure this out myself also. The "unhide" program did not restore the hidden files and I am having to unhide each file manually. While time consuming, it is working and I have also not found any damaged or truly missing files as a result of this infection.

CNET Forums