Virus question
- Thread starter Deckerd
- Start date
I've never personally experienced a virus that deletes files, but I guess it's possible it has simply hidden some folders, especially if it's one of those fake virus scanner ones that just wants to look like your PC is in danger.
If that's the case, the files should be accessible if you wiped the virus, or plugged the drive into another computer (being sure not to get the virus on the other machine, of course).
If it is the worst case, and it has actually deleted the files, there are programs that can help recover deleted files. Files are not typically wiped over, but just unmarked as a file, leaving it as free space. Unless the space is overwritten by other files, the files are often still there and possible to recover.
I haven't used such programs, so unfortunately I can't offer any names if that's the case. But I know that the results are pretty good if you get it early.
If that's the case, the files should be accessible if you wiped the virus, or plugged the drive into another computer (being sure not to get the virus on the other machine, of course).
If it is the worst case, and it has actually deleted the files, there are programs that can help recover deleted files. Files are not typically wiped over, but just unmarked as a file, leaving it as free space. Unless the space is overwritten by other files, the files are often still there and possible to recover.
I haven't used such programs, so unfortunately I can't offer any names if that's the case. But I know that the results are pretty good if you get it early.
A
Amaris
Guest
It has likely just hidden her files. If it's a virus and not just scareware, then it's possible it has overwritten her master boot records and her registry. More likely, though, it's scareware and it's simply hiding her files.
The best thing she can do is to download this:
rkill: Download Link for rKill
and this:
MalwareBytes: Download Link for AMB
Have her restart her computer into safe mode (when the screen goes black before the Windows logo, have her press the F8 key and choose Safe Mode), and run the rkill program.
Then have her install and run Anti-Malware Bytes. Let it scan everything and remove whatever is causing the problem. Upon startup into regular Windows, click on the START menu and have her choose "Run".
Have her type "cmd" (no quotes).
In the black command prompt box, have her type the following:
attrib -s -h /s /d *.*
It will unhide everything hidden by the scareware program.
That should resolve the issue if it's just scareware.
If it's actually a virus, she'll have to use a good antivirus program (I recommend Microsoft Security Essentials, it's free and great! Get it HERE), clean the system and simply load a system restore point before the virus was on the system.
I hope that helps her!
A
Amaris
Guest
Oh, you're welcome, she's welcome. I hope it all works out. Let me know if it doesn't.
Malware can do whatever the author thought is profitable or fun. This includes the deletion of files, but I've never heard of malware doing that. Most malware wants to sit undetected on your computer while doing its job, so giving itself away by deleting stuff is not exactly common occurrence.
I'd suggest that after looking for the the files in the most simple manner and before running any recovery tools, you or your friend try PhotoRec. It is a Free software recovery tool, and while it is designed for restoring photographs from camera memory cards it does far more than that, it can restore many known file formats from most of the common filesystems. The most important thing is that it doesn't write to the disk it's restoring data from - you can safely run it without any concern that it might destroy something that's on the disk. You need an additional disk where it would write the restored files to. (Also note that anything else that you possibly do, including changing file attributes or attempting to boot the computer from the disk or opening the disk on another computer, does write something to the partitions with the files and is potentially destructive.)
Software rarely tries to overwrite the files with zeros, so even if they are deleted, hidden, with corrupted meta-data, or whatever, they are still on the disk as data, and as long as something can recognize them, they can be saved.
I'd suggest that after looking for the the files in the most simple manner and before running any recovery tools, you or your friend try PhotoRec. It is a Free software recovery tool, and while it is designed for restoring photographs from camera memory cards it does far more than that, it can restore many known file formats from most of the common filesystems. The most important thing is that it doesn't write to the disk it's restoring data from - you can safely run it without any concern that it might destroy something that's on the disk. You need an additional disk where it would write the restored files to. (Also note that anything else that you possibly do, including changing file attributes or attempting to boot the computer from the disk or opening the disk on another computer, does write something to the partitions with the files and is potentially destructive.)
Software rarely tries to overwrite the files with zeros, so even if they are deleted, hidden, with corrupted meta-data, or whatever, they are still on the disk as data, and as long as something can recognize them, they can be saved.
Similar threads
