Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Attention: cottonball, virus deleted all SD photos

30 Aug 2013   #91
ducat1base

Windows 7 Home Premium 64bit
 
 

Both SD cards are different than the one formatted. I left the formatted one out since there's nothing on it now anyway. The G:/ should have photos on it though!

I can see all my photos in J:/ though--great!! Am I in the clear now with this and able to delete these extra folders?

Attention: cottonball, virus deleted all SD photos-j_drive.jpg

G:/ on the other hand only displays a handful of the original ones I had. :-/

And for some reason I'm not able to vaccinate I:/ with Panda. I get this "NTFS Disabled" screen when I try:

Attention: cottonball, virus deleted all SD photos-panda_vac.jpg

I went ahead and used USBFix and it said it was able to vaccinate the external.

Fixlog.txt

Here is the new FRST report:
UsbFix [Listing 4 ] OWNER-HP.txt

And the new Fixlog:
Fixlog.txt




My System SpecsSystem Spec
.
30 Aug 2013   #92
cottonball

Windows 7 Home Premium
 
 

The folders/files on J: are not malware:
\._.Trashes
\.Trashes
\.fseventsd
\.fseventsd.lnk

The above are files MAC OS X places on a drive. Apparently you plug (or have) that SD card to a MAC PC. What I know about MAC can be written on the nail of your smallest finger, and there will be some space left over. Whether you can delete them and have no a problem if you plug the card into a MAC again, I do not know.

\_disk_id.pod
Looks like programming for the camera that was written to the card.
If you remove it, your camera may give you some attitude.
You may want to ask the Canon folks about deleting the file. The file appears to be so small, it might not be worth the bother.

DCIM
Folder: Digital Camera IMages (deals with picture storage)


Quote:
G:/ on the other hand only displays a handful of the original ones I had.
Might want to use the guidance that jumanji gave you, and attempt to recover the lost images on G:


Are you able to open the External drive without problems?

Last, please run RogueKiller once again, do a Scan, and post its RKreport.

If OK, and you do not have any more malware problems, we can wrap up , and will provide you some instructions on removing some of the programs we have used.
My System SpecsSystem Spec
31 Aug 2013   #93
ducat1base

Windows 7 Home Premium 64bit
 
 

Hey coach, if this is the end of the line then woo!

Here's RKiller's report:

RKreport[0]_S_08312013_124256.txt

Am I healthy now?

Edit: Yes, i can see everything in my external. Still has that $RECYCLE.BIN file, though. Is that okay to delete?


My System SpecsSystem Spec
.

31 Aug 2013   #94
cottonball

Windows 7 Home Premium
 
 

Looking good!!

Let's wrap up and remove the following tools and their reports, which are no longer needed:

To remove the FRST Quarantine...
Remove any fixlist.txt from the Desktop.

Open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt
Quote:
start
DeleteQuarantine:
end
Run FRST from the Desktop again, press the Fix button once.
When done, you can delete the fixlog produced, any leftover fixlist, and the FRST icon from the Desktop (if still there).

To uninstall ComboFix, please do the following:

Click on the Start button
In the Search field above Start, type in (or copy/paste): combofix /uninstall
(Please note that there is a space between combofix and /uninstall.)
Press: Enter on your keyboard.

An Open File security warning appears, asking if you are sure you want to run ComboFix.
Click on the Run button to start the program.
ComboFix uninstalls itself from your computer and removes any backups and quarantined files.
When finished, a dialog box states that ComboFix is uninstalled.
You can now delete the ComboFix.exe program from your Desktop.

Next, remove the following tools and their reports:
RogueKiller
WinRar: uninstall from Control Panel > Programs and Features > Uninstall or Change a Program listing.
Unhide.exe
RKill
MiniRegTool64
USBFix
AdwCleaner: run the program, and press: Uninstall
Junkware Removal Tool
Microsoft Safety Scanner: uninstall from Control Panel > Programs and Features > Uninstall list
Malwarebytes Anti-Rootkit: uninstall from Control Panel > Programs and Features > Uninstall list
Security Check

Keep Malwarebytes Anti-Malware, and use it regularly.
Particularly, if you have connected a USB pendrive or SD card to someone else's computer, and you are connecting it back to your computer!

Quote:
...external. Still has that $RECYCLE.BIN file, though. Is that okay to delete?
Windows places that folder on the drive. It is used to store deleted files for that specific volume, and emptied from the Recycle Bin.
Do not delete unless you are having issues with it.


Thanks for following all the instructions and providing all the reports!!

Good luck, ducat1base!!!
My System SpecsSystem Spec
02 Sep 2013   #95
ducat1base

Windows 7 Home Premium 64bit
 
 

Okayyyy, the comp is all cleaned up now. Feeling good. Thanks for helping me root all the issues out and making the instructions so simple to understand -- the step-by-step directions were much appreciated!

A last question: I have Panda and I'll run MBAM frequently now. Is there anything else I can do to protect my computer? We've had two instances now in which I've been infected. I wouldn't mind overprotecting myself to prevent another!

Thanks, @cottonball!
My System SpecsSystem Spec
02 Sep 2013   #96
cottonball

Windows 7 Home Premium
 
 

ducat1base,

The infections detected had an origin in removable media (USB pen drives, SD Cards, External drive).

You took action to disable the autorun feature, vaccinated the drives, and, your antivirus should be able to detect malware. However, it has not. Maybe its virus definitions were not kept updated, or the malware is relatively new, and the AV program has not caught up with it.

It should use heuristic analysis to detect new or unknown viruses that have not yet been identified. But, not all antiviruses can do this type of scan, and some are only able to detect known viruses.

I am not familiar with Webroot Security Anywhere Antivirus, but, from a Google search it appears there are heuristic detection modes that can be selected through its settings. You may want to look at those, and, in particular, any found that deal with USB devices. Also, you should also be able to find a Webroot support website where you can ask specific questions about this matter.


There is a program you can consider that checks for malware on removable drives automatically.
It is called Mc2Shield (not associated with McAfee):
MCShield ::Anti-Malware Tool::

Before you plug in a removable drive in your computer, at the program console, Scanner tab, click on: BulletProof
Then, plug in the drive, and the program automatically checks for malware and removes it.
You can repeat the steps for any drive you use.

A Mcshield report appears with the results of the removable drive scan.

You would need to experiment with this program to make sure it gets along with Webroot, though. Use it on an trial basis, and see how it goes.

Frequent runs of Malwarebytes Anti-Malware where you perform a Full Scan, and select the removable media should help, along with the Panda Vaccine, and the disabled autorun feature.
My System SpecsSystem Spec
02 Sep 2013   #97
ducat1base

Windows 7 Home Premium 64bit
 
 

Great, I'll give MCShield a shot. Thanks again for your help!
My System SpecsSystem Spec
02 Sep 2013   #98
ducat1base

Windows 7 Home Premium 64bit
 
 

Also, just tried adding to your reputation by clicking on the scale in your posts but it wouldn't let me. Apparently I need to "spread" some more reputation around before coming back. Thanks anyway!
My System SpecsSystem Spec
03 Sep 2013   #99
cottonball

Windows 7 Home Premium
 
 

Glad to help.

Have a great week!!
My System SpecsSystem Spec
Reply

 Attention: cottonball, virus deleted all SD photos




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
how to restore deleted photos
I pressed delete but my pictures was highlighted and not the folder i wanted to delete and so deleted everything out of my pictures. So im having a mild panic attack and dont know how to get them back. i have checked the bin but theres only the recent ones which i choose to delete in there. It...
Music, Pictures & Video
ZeroAccess! Attention: cottonball
When I open my Toshiba external, it now shows a shortcut to the external like this: Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting It's never done that before. Now, when I click this new shortcut, this pops up: Image - TinyPic - Free Image Hosting, Photo Sharing...
System Security
"Deleted" Facebook photos still not deleted: a followup
"Deleted" Facebook photos still not deleted: a followup Source: "Deleted" Facebook photos still not deleted: a followup What bullshit. This is why there are no photos of me online... ~Lordbob
Chillout Room
Deleted photos still left in WMP?
Hi Concerning deleted photos previously view via Window Media Player. Concise/short background: I've recently bought a new PC (HP Pavilion dv-7 4032), after the setup procedure and the creation of recovery discs etc... I loaded some photos (.jpg) onto the PC (library/pictures). Now...
Music, Pictures & Video


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App