Hi folks,
It happened again! Whatever I have destructed virtually every data file I have back to 7/13/05. It even put me back to a prior version (v1.0.6) of Firefox (I had v1.5 installed and running fine!!)! Here's what I have lost so far:
1. Emails back to 7/13/05
2. Bookmarks back to 7/13/05
3. My Documents files back to same (including very important invoices)
4. Weaterbug reverted to free version when I have Weaterbug Plus.
5. OneNote sheets.
6. Event Log is missing all the entries from 7/13/05 on.
This, I'm sure, is just the tip of the damage heap. I'm too afraid to check further. It's as though someone restored the system back to that date. I sure didn't and my wife doesn't know how to run TrueImage. I just restored to an 11/28/05 backup and it did it again!!! So whatever it is, it was on the backup as well.
I haven't heard or read about this culprit and I'd sure like to identify it. System Restore is no good. I thought it might have just changed to "modify" date but that's not it either. I thought it might be in the "startup" process but it did it when I was up for at least three days. The only thing I can think of is "ROOTKIT"!
I will do another restore of the same backup. But when I reboot to the restored environment I'm going to use Safe Mode just to verify file dates. I'll also run my anti-everything stuff. SpySweeper is supposed to have strengthened its rootkit routines. I just hope this culprit is found. This thing is very stealthy and very destructive.
I'm REALLY biting my tongue here just to stay within CNET's language policy! At least in this post. 
So, has anyone heard of such a beast?? If so, could you please tell me what the he.....ck it is???
and life goes on......regardless
Jack (standing by)
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Whatever it is, it's VERY DESTRUCTIVE!!
Discussion is locked
I have a suspicion....and it's not good.
Can you please post a link to the topic you did with Danny (knoppix) so we know what steps you have taken so far. Thanks.
Loaded KNOPPIX by CD. Did a directory and the data was gone there as well. Went no further.
and life goes on...
Jack
Hi Jack,
Since you apparently have other ways that you back up your system have you considered shutting down System Restore if this Virus/whatever it is, is using your system restore?
Shutting down System Restore is pretty Brutal as it removes all places your system can be restored to, sure you know that so use it CAUTIOUSLY. Before you Shutdown System Restore have you considered a system restore to an earlier Date in Nov to see if possibly the Virus wasn't there then or in late Oct? I know all earlier dates have reprecutions as to lost data but possibly you could minimize that by picking a "good" virus free date.
How did the running of everything in Safe Mode go, many bad boys can be cured in Safe mode.
Let us know,
Steve
I typed the info at http://www.symantech.com and got these results
http://search.symantec.com/custom/update/query.html?filter=vir&qt=Whatever+I+have+destructed+virtually+every+data+file&nh=10&hitsceil=100&st=1&context=hho&x=6&y=10
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html
http://securityresponse.symantec.com/avcenter/venc/data/w95.marburg.html
Hope this helps.
Doesn't explain why all the other stuff is gone.
and life goes on...
Jack
Did a SR and no change. SR won't recover data files, only system files and switches.
and life goes on...
Jack
I used ONTRACK's File Recovery and the scan didn't find anything. Also used two other file recovery scans and no joy. I did another restore using Acronis. Seems files were gone there as well. This is very frustrating!! Now doing virus scan and have used 5 different progams for everything else. Found some junk but nothing that looked like the suspect. I still don't understand how it got the event log.
I'm resigning myself to a full rebuild just to make sure it's not a deep rootkit. With all the protection I have on this thing you would think I was bullet proof. NOT!!
I would never have thought I'd be on the asking end of these forums but, hey, I'm not proud...just MAD!!! I mean EVERYTHING within a 3-month period is GONE!!! One thing tho..it only hit my C: drive.
Again, thanks to those who responded but it was no help. Wish it was tho.
Jack
Maybe you didn't want to know that much about it:
http://www.sysinternals.com/Utilities/RootkitRevealer.html
Yes, I DO want to know all I can read about rootkits. The site you gave me was excellent! Thanks! Rootkits weren't very well known until the Sony fiasco and it wasn't until I started gobbling-up info on them that they reminded me of a type of virus from years ago...sleepers. I ran RootkitRevealer and it found nothing! But that's not to say there still isn't something there. If I knew Assembler I would write a trap for these things. But, alas, I only know high-level languages....and it's been a few years. Have a Happy New Year!
Jack
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic