Author Topic: File Recovery Virus Problem  (Read 23150 times)

0 Members and 1 Guest are viewing this topic.

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #30 on: September 03, 2012, 04:12:41 PM »
Thank you!

Logs attached.

This search.txt contains explorer.exe;winlogon.exe;svchost.exe;services.exe

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #31 on: September 03, 2012, 04:14:27 PM »
This search log is User32.dll;userinit.exe;volsnap.sys

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #32 on: September 03, 2012, 04:26:57 PM »
OK this is not looking good..

From the command prompt on the recovery console type the following :

CHKDSK C: /R


brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #33 on: September 03, 2012, 04:29:45 PM »
States:     Cannot open volume for direct access.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #34 on: September 03, 2012, 04:32:38 PM »
It looks as though we may have to backup the data and reinstall

I have not yet been able to figure out why this has happend.  As in the last two days three of these have run with no problem at all

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #35 on: September 03, 2012, 04:44:26 PM »
I will say that I am concerned about the data on this system.  I do greatly appreciate everything that you are doing to help me out.  Several months ago I had a different virus problem on my other system and you worked me through it.  I am still very greatful to this day...I at least owe you a good dinner!  If there are steps that you can suggest or lead me through I am listening!  Thank you very much.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #36 on: September 03, 2012, 04:47:29 PM »
OK yet another disc to burn.. This should give you access to all your data via a windows XP desktop
 

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :)
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #37 on: September 03, 2012, 05:21:02 PM »
I now see the Reatogo desktop.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #38 on: September 03, 2012, 07:19:28 PM »
OK you should be able to recover all files using windows explorer and  copying to a USB/CD

I have been discussing this problem and there is an option that involves reinstating backup registry copies, as long as windows was making them.
This will mean running the recovery console again and from the command prompt:

1. Type the following commands into the DOS command prompt. Each one of these statements copies the original registry files to the current registry directory.

copy C:\windows\system32\config\regback\system c:\windows\system32\config\system

copy C:\windows\system32\config\regback\software c:\windows\system32\config\software

copy C:\windows\system32\config\regback\security c:\windows\system32\config\security

copy C:\windows\system32\config\regback\sam c:\windows\system32\config\sam

copy C:\windows\system32\config\regback\default c:\windows\system32\config\default


2. Press the "Y" key after each copied file. This confirms that you want to overwrite the existing registry files.


brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #39 on: September 03, 2012, 07:49:03 PM »
Ok, I have clicked on the windows icon and have gone into My Documents and My Computer but do not see any data files.  Should they be appearing right there while in this mode?  I was going to copy all of my files off before I performed your next step.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #40 on: September 03, 2012, 08:56:32 PM »
So in the windows explorer you can access your documents and settings but there is nothing there ?

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #41 on: September 03, 2012, 09:03:12 PM »
Well, when I pull up My Documents there are subfolders for My Music, My Pictures, My Videos and desktop.ini.  The reason I questioned if I was looking in the right place under this boot mode is that all of the above mentioned folders have a creation date for today's date.  I do not see a single thing that would be any of my data.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #42 on: September 03, 2012, 09:14:21 PM »
Did you open windows explorer and go to the C drive and look at the folders there ?

brmeau

  • Guest
Re: File Recovery Virus Problem
« Reply #43 on: September 03, 2012, 09:25:11 PM »
I am in Windows Explorer.  When I first go in it pulls up "My Documents"...the before mentioned subfolders appear with the creation date of 9/3/2012.

Then, I clicked on My Computer and then chose the local drive.  There is a subfolder for "Recycler" and "System Volume Information" with a creation date of today, 9/3/2012.  There is a subfolder named "Sources" dated 5/26/2007.  There is a file named BOOT.SDI dated 9/18/2006.  There is another file named WinREPartition.ini dated 5/26/2007.

That is all that I see.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: File Recovery Virus Problem
« Reply #44 on: September 03, 2012, 09:34:25 PM »
So it is not showing your other drive i.e C