19 total posts
What was the name of the spyware?
Spyware Doctor which got rid of one "high priority" piece of spyware.
You did not mention your Operating System - if you have XP - did you try system restore?
Trojan.Dumaru was the name of the spyware. I tried system restore with no luck earlier, but I'll do it again just to make sure.
Trojan.Dumaru opens a backdoor on the infected machine. It can log keystrokes and capture text from browser windows while visiting certain Internet banking sites. It will also steal local information including cached passwords, clipboard data and confidential information residing in the registry.
Type: Backdoor, Keylogger, TT_Sp
By: Smash and SARS
Also known as: Backdoor.Nibu [Symantec] Troj/Dumaru [Sophos] Backdoor.Dumador
Does system restore work??
Just a thought.....
Did you have a look here:
Windows XP: Documents and Settings/Owner/My Documents/
Restore didn't work
So restore didn't work. I looked up that trojan too, and it doesn't seem like that would have deleted everything, but who knows. So as of now I still don't really know what opened up that DOS window and took everything out. It's gotta be in there somewhere, but where and how to get to it is the question. Something else that was strange but probably just trivial is that it left all the folder, and only deleted the files in the folders.
Another suggestion that may sound
silly but you never know. Check and make sure they didn't get dumped into the recycle bin.
Neither worked. And the first place I looked was the recycle bin =).
At work when XP crashed, I tried a Linux based program called Knoppix. It allowed me to see every file on the hard drive without loading Windows. I copied all of the files I needed and saved them to an external hard drive. All of the documents were saved and usable.
System Restore doesn't restore files like documents, etc.
FIRST, you get rid of the virus/trojan then...
having done that you are ready to make use of one of many File Recovery applications to undelete the deleted files. Be aware that the more you use the computer before trying to undelete the files the more apt you are to have problems because the files get overwritten.
Additionally, any File Recovery tool that you have to install may overwrite some of the files.
I will recommend Restoration 2514 available form many sources including SnapFiles:
You simply expand the self expanding file onto a floppy and run it from the floppy. It will want to save files to a different drive so it is handy to have a flash drive to save them to.
If you have a second drive to install to PCInspector is a pretty good file recovery tool:
A google search for "File recovery" will turn up several more.
Search and Recover 4
I'm using that, although it's running from the C drive. It seems to be working really well.
I lost a lot in the past, but came with a new solution
CD-R's, Zip 100 MB Drives. I put 3 ZIP Drives & All Wallpapers including 10 extras on one CD-R. All items are in the original setups like: WMP10.exe, WinZip10.exe, ZTECXP.exe, NERO.exe and passwods for everything. All my Programs. Documents on floppies, one is 100 pages long. I have 4 blank ZIP drives & 11 CD-R's. That is more than what I have inside the computer. Darrell L.
Get Mozy to back up files in the future.
Something like this can always happen, so backing up your files is a good idea. Mozy is a free program and works well. Xdrive and Gmail drive are also good. I know this doesnt solve your problem now but it will in the future.
Streamload MediaMax is better and gives you more free space
25 GB for free: www.mediamax.com.
for next time...
Some time ago on CNET I got a tip on organizing files. Instead of creating documents under my user's premade My Documents folder, I created folders directly on the C drive. I then just created shortcuts to them and put them on my desktop. This avoids problems if your profile gets messed with, which is a apparently what your virus did. I also can manage these folders so each one is just the right size to back up onto a CD. If you are able to recover your files you may consider this option. Good luck!
I personally wouldn't do that...
... as it's not as handy as using My Documents and simply backup, but if one can live with it...