Author Topic: Boot time scan deleted all my files!  (Read 42847 times)

0 Members and 1 Guest are viewing this topic.

MAG

  • Guest
Re: Boot time scan deleted all my files!
« Reply #15 on: August 24, 2012, 05:03:06 PM »
You need to follow essexboy's advice in reply 6.

You might also want to hide your gmail address from the public - spammers have been known to harvest e-mail addresses from forums like this.
« Last Edit: August 24, 2012, 05:06:33 PM by mag »

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Boot time scan deleted all my files!
« Reply #16 on: August 24, 2012, 05:07:16 PM »
While Rogues typically identify themselves --- in order to try to extort a ransom --- I still think it's worth following Essexboy's directions.   It may not help... but it shouldn't hurt.

A rogue might remove [or hide] such personal files --- but a virus scan shouldN'T.

I don't know WHERE the rogue (if that's what it was) might have moved the files.   Hopefully, it's to a directory beside the one you've already checked to find empty.

But if it moved them to SOME temp directory... and that directory has since been emptied... there may not be much that can be done at this point.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Boot time scan deleted all my files!
« Reply #17 on: August 24, 2012, 05:09:29 PM »
You need to follow essexboy's advice in reply 6.

+1
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #18 on: August 24, 2012, 05:09:38 PM »
Another thing I should mention is that I just tried 'searching' for pictures using .jpg and all of them are there, but in folders to which I no longer have access. So I guess what I need to do is find a way to restore the folders and everything should be ok. Right?

Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #19 on: August 24, 2012, 05:28:18 PM »
You need to follow essexboy's advice in reply 6.

+1

Done, there you go:

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Boot time scan deleted all my files!
« Reply #20 on: August 24, 2012, 05:36:32 PM »
having run RogueKiller, have any (or all) of your personal files come back?
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

MAG

  • Guest
Re: Boot time scan deleted all my files!
« Reply #21 on: August 24, 2012, 05:59:35 PM »
Even if your files have come back, please wait for further advice from essexboy on any necessary completion activities.

He'll probably be at work now, but usually checks the forum in the evening.

Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #22 on: August 24, 2012, 06:01:24 PM »
Unfortunately not. But as I mentioned, if I use the search function, I can see and access them all. The folders however remain no where to be found.

Also forgot to mention earlier that all of my Outllook folders, files, contacts etc are also missing.

MAG

  • Guest
Re: Boot time scan deleted all my files!
« Reply #23 on: August 24, 2012, 06:05:47 PM »
if I use the search function, I can see and access them all.
That sounds like a step in the right direction. :)

I'll send essexboy a prompt that the thread has come back to life.
« Last Edit: August 24, 2012, 06:12:00 PM by mag »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan deleted all my files!
« Reply #24 on: August 24, 2012, 06:59:59 PM »
Hi lets now look at the system and see what else is hiding

What are the folders that are missing, also are all the menus back where they should be under the start button ?

Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #25 on: August 25, 2012, 01:15:06 AM »
There you go. Hope it helps.

Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #26 on: August 25, 2012, 01:15:39 AM »
File was too large to post at the same time.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan deleted all my files!
« Reply #27 on: August 25, 2012, 01:27:49 PM »
Hi it looks as though you emptied your temporary folders prior to running RogueKiller, so those shortcuts are lost and we will need to recreate them

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\iqrgw.sys -- (axxc)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2012-08-12 12:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.N-2E4C3D3E87CC4\My Documents\Recover
[2010-04-28 12:03:10 | 000,001,008 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\kXk1e8cNYr5
[2010-04-26 07:39:33 | 000,020,384 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\vf833a5xcC
[2010-04-24 20:14:08 | 000,015,030 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\vV3jJCmDGwx
[2010-04-12 09:58:03 | 000,015,434 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\2rX3LGT3
[2008-12-09 10:29:03 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ØÒÝÃÄ3113›.sys

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Restore Accessories Program Files Menu] 
 
Please download this tool here
 
You will need to unzip the tool first. 
 
Once you've unzipped the tool, please double-click on it to run it. 
 
Ensure that the following check boxes are checked (as seen in this image below): 
 


 
Once they are, click on the Restore button.
 
 
 
Restore Admin Tools Program Files Menu]
 
Please download this tool here
 
You will need to unzip the tool first. 
 
Once you've unzipped the tool, please double-click on it to run it. 
 
Click on the Restore Administrative Tools Items button. 
 
As seen in this image below: 
 


 
This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder 
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu






Jelika

  • Guest
Re: Boot time scan deleted all my files!
« Reply #28 on: August 25, 2012, 05:03:51 PM »
Problem: once I started running the app with the script you provided I received the following error message: cannot create c:\windows\system32\drivers\etc\HOSTS

So I stopped until further notice. Should I have run the OTL app anyway? And if so, how long will it take for the process to complete?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Boot time scan deleted all my files!
« Reply #29 on: August 25, 2012, 05:10:28 PM »
Remove the following line form the script and then re-run it please :

[resethosts]