Please Help. Dont want to lose everything important.

[jonas707]

I was running XP Sp2 when the computer was infected. I run two hard drives with multiple partitions and keep all my important stuff in one of these (movies, music, writing, pictures, everything). Hadnt backed up recently, (stupid i know) but figured i could get rid of it by reinstalling windows. At the time i had a lot of files on the desktop that hadnt yet been transfered to the drive with my important files (work stuff mostly). This is where things went bad I suspect. When i first found i had the virus it kept freezing or shutting down windows. It was late at the time and in frustration i went to bed and was going to tackle it the next day. When i got up i turned on the comp and it seemed to be working ok, so i proceeded to move the work files to the archive drive. After about an hour my computer started doing the same things (freezing, shutting down etc). A friend cam eover later and helped me reformat the C: drive and install Windows 7 Ultimate. Ive done this before when i had bad viruses and the files in other drives have never before been infected, so i didnt back anything up before proceeding (big mistake, but hindsight you know?). Installation went smooth and i thought the problem was solved. A few days later i went into the archive drive to watch a TV show and noticed all the folders were labeled .exe and only had 83KB. When i tried to open them Avast immediately quarentined them to the virus chest saying they were a Win32 Mal Gen virus. Now this is where I'm lost. The drive still says that there is like 90GB of info on the drive, but all the visible folders (theres like 10-15 folders, all with the same names as the old folders) say 83KB and are exe files not folders (but they have a folder icon).

I ran a check with avast and it says i have like 600+ infected files (mostly from that drive, and a few others scattered across other drives, but nothing on C:) but when i tried to fix them it says Error.

So, my questions are...

1. Is my info still there?

2. Can I get it back?

3. How do I get rid of the virus without deleting this important info?

If you need more info I'll be checking this thread frequently over the next few days. (obviously lol)

[mikaelrask]

welcome to the forum.

i suggest you do a boot scan with avast as a first step.

http://www.schmahl.net/avastbootscan.php

second i suggest you download, install, update and make a scan with malwarebytes antimalware for a second option.

http://www.malwarebytes.org/

good luck and let us know on the progress.

ps when your clean update to sp 3 sens it been out for 2 years with performance and security updates. 

[magna86]

Hi.

The way you describe your problem I would say that your system is infected with some file infector.
But lets not rush please to do the following:

The exact as @mikaelrask suggested.

1. Paste here log from avast boot scan.
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt

2. Paste here log from Malwarebytes


3. Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

# Save both reports to your desktop. Post DDS.txt back to topic.

[jonas707]

@ mikaelrask - Im running Windows 7 Ultimate now on the C: drive, it has been reformatted already and is not infected anymore (yet).

I have 2 hard drives, one with 3 partitions and one with 4 for a total of 7 drives. (C,D,E / F,G,H,I). My archive drive is H, this is where the problem is. This drive used to contain like 10-15 folders holding all my important info. Now these folders are exe files (size 83KB each) with folder icons (proly so someone will click on them w/o knowing they are exe files). However when i right click and go to 'Properties' it says the drive still has like 90GB out of 200GB (about half full, as it was before the infection). H: drive is the only one that is completely infected, but there are a couple other drives containing exe files masquerading as folders (size 83KB each) titled "My Documents" in other drives (except C: which is clean) but these drives are not completely infected (yet).

I will run the scans you suggested tonite and post the results.

[mikaelrask]

how is the progress? any luck with the suggestion we made?

[jonas707]

Ok, sorry it took long to get back, been busy with work. I used MBAM and the Avast Boot Scan and there seems to be no trace left of the virus. During the MBAM scan it found like 600+ viruses that were copies(?) of the files from the infected archive drive. Basically, all the pic files and mp3 files and the rest had been converted(?) or copied(?) or something to produce .exe virus files with the same names as the original files. I didnt really want to, but i deleted all these .exe files to just be rid of the virus. This also seemingly wiped the archive drive of everything. But I've had no problems since.

However...I would really like to recover the files in that drive if i can. Right clicking and going to properties on that drive shows that it is still half full (about 100GB out of 200GB) but now there is nothing visible in the drive. When i open it its just a blank screen, no files, folders, nothing.

Any advice on how to recover these files?

[envd]

Recuva is a great free program. Have you enabled viewing of hidden and system files in folder properties?

[jonas707]

 

thanks for all the advice everyone. recovered everything and comp is virus free. score one for the good guys lol