Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Attention: cottonball, virus deleted all SD photos

18 Aug 2013   #21
ducat1base

Windows 7 Home Premium 64bit
 
 

And from the Command Prompt:

cmd.txt




My System SpecsSystem Spec
.
18 Aug 2013   #22
cottonball

Windows 7 Home Premium
 
 

ducat1base,

You are still infected, and it changed its name. Let's see if we can nuke this from outside of Windows, but with access to the Registry.

Please do the following...

Since the computer boots, let's run the Farbar Recovery Scan Tool from the hard drive that contains your Operating System (normally C:\).
(Doing this, since you may not have another computer.)

Please print these instructions, and read them once, so you have an idea of what you are doing.
Do follow them step by step.

Here we go...

FRST64.exe was previously saved to the Desktop

Right-click Start, and select: Open Windows Explorer
Look for drive C:\, or the drive that contains your Operating System (OS).
Now, go to the Desktop, right-click FRST64.exe just once and hold it, then drag FRST64 right into C:

~~~~
Next, remove the fixlist.txt previously on the Desktop. (To avoid confusion)
Open Notepad once again (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad:

Code:
start
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Owner\LOCALS~1\Temp\msuamr.cmd <===== ATTENTION!
C:\Users\Owner\LOCALS~1\Temp\msuamr.cmd 
end
Name it: fixlist.txt
Save it on C:, which is the same place where FRST64 is at!

>>> Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your Computer menu item.
Select your language settings, and click: Next
Select your User account and click: OK/Next (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

Select: Command Prompt

~~~~
In the Command Prompt window, at the bliking cursor type: notepad
(Note: Make sure the NumLk key is not active. If it is, you are not able to type correctly at the Command Prompt. If NumLk is active, press the Fn key and then the NumLk to deactivate it.)
Press: Enter

In Notepad, under the File menu select: Open
Double-click: Computer (on the left side), find the drive letter that has the Operating System, and remember what letter it has.
(Note: Once in this special mode you booted into, the drive containing the Operating System (OS) may not be C:\ (or the particular drive that has your OS).
You need to examine the drives carefully, and determine which one is the correct drive.)

Click on the OS drive
In Files of Type, select: All files
Press: Open
Confirm that FRST.exe is there!

~~~~
Now, click the Command Prompt window.
Type the following: ?:\frst64.exe, and press: Enter
(Note: Replace the ? with the drive letter that contains the OS.)

The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

~~~~
When the FRST console appears, press the Fix button, just once, and wait.
The tool creates a report called: Fixlog.txt

~~~~
Back at System Recovery Options, press: Restart

~~~~
After the computer restarts, and you are back in Windows, do a search for: Fixlog.txt

Please post the Fixlog.txt in your reply.


Double-click on the Unhide program icon on the Desktop to run the program.
When done, the program displays an alert stating that your files are restored.

Post back on whether Unhide gave you this alert!

Reboot your computer for the settings to go into effect.

Check the SD card, and see if the images show.
My System SpecsSystem Spec
19 Aug 2013   #23
ducat1base

Windows 7 Home Premium 64bit
 
 

Still no photos

The fixlog...
Fixlog.txt

and Unhide:
Attention: cottonball, virus deleted all SD photos-unhide.jpg


My System SpecsSystem Spec
.

19 Aug 2013   #24
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Deleted post
My System SpecsSystem Spec
19 Aug 2013   #25
cottonball

Windows 7 Home Premium
 
 

ducat1base,

Before going any further, please do the following:

Download MiniRegTool64.zip
Unzip it.
  • Run the tool
  • Copy and paste the following into the edit box:

    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
  • Click the List Permissions button.
  • Press the Go button, and post the result in your reply.
Also realized that you had FRST in the Downloads folder, and fixlist.txt on the Desktop.
The fixlist and FRST64 must be located in the same directory!!

As a result, when we tried the fix, got the following:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load: Error setting value

Currently, FRST is in C:, so, the fixlist.txt must be tplaced here also.


This time, just run FRST and press Fix without going to the Command Prompt, etc.

The entry needs to be fixed oin Windows, outside the recovery mode.

Make sure you use the following text for the fixlist:

Code:
start
Unlock: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Owner\LOCALS~1\Temp\msuamr.cmd <===== ATTENTION!
C:\Users\Owner\LOCALS~1\Temp\msuamr.cmd 
end
When done, please post the fixlog.txt in your reply.

Last, but not least, right-click the J: drive (SD card) and select: Properties

Please post an image of the Removable Disk J: Properties
My System SpecsSystem Spec
19 Aug 2013   #26
redfang337

Linux Mint 15 "Olivia" x32
 
 

forgive me if I'm being stupid here, i just sorta skimmed thru this post. Can't we, if the files were deleted as it appears to me, use an undelete program to recover the photos and then format the USB, since it seems it might contain a potential virus, wouldn't it remove the virus? Also, if we look into an undelete program, and they show up, we should know that they're no longer on the USB, correct? Or is the problem inside windows? even then we can still try an undelete program right?
My System SpecsSystem Spec
19 Aug 2013   #27
cottonball

Windows 7 Home Premium
 
 

redfang337,

Thanks for the info.

Quote:
Can't we, if the files were deleted as it appears to me, use an undelete program to recover the photos
What is your idea of an "Undelete program"?
Just want to make sure we are on the same page.


Quote:
...is the problem inside windows
The problem appears to be inside Windows at this point, but there could also be a problem in the USB drive. The most logical place would be in the autorun file, but we can't open it.
My System SpecsSystem Spec
19 Aug 2013   #28
cottonball

Windows 7 Home Premium
 
 

ducat1base,

After performing the actions in Post #25, please do the following:

Please download UsbFix (free) - Download the latest version for Windows in english on Kioskea

Go to the small green button with: Download Free Version (1MB)
Right-click the downloaded file and select: Run as Administrator
Connect your SD Card when requested.
Press: Listing

When done, the program closes on its own, and a report appears.

Please post the USBFix Listing report in your reply.
My System SpecsSystem Spec
19 Aug 2013   #29
redfang337

Linux Mint 15 "Olivia" x32
 
 

why not recuva? scan the SD with portable recuva, recover the files to a specified folder on the desktop, then format the usb to get rid of the virus. Sounds like a simple fix to me, or am i missing something still?
My System SpecsSystem Spec
19 Aug 2013   #30
cottonball

Windows 7 Home Premium
 
 

@redfang337,

Ah!! A data recovery program. When you mentioned "Undelete" program, was not sure of what you had in mind.

At this point, IMO, the images are hidden by malware, and hopefully we will find out some more details about them when ducat1base posts back.

If it is not the case, then, other options will need to be explored.
However, the OP needs to remain on course until the malware is taken care of.
My System SpecsSystem Spec
Reply

 Attention: cottonball, virus deleted all SD photos




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
how to restore deleted photos
I pressed delete but my pictures was highlighted and not the folder i wanted to delete and so deleted everything out of my pictures. So im having a mild panic attack and dont know how to get them back. i have checked the bin but theres only the recent ones which i choose to delete in there. It...
Music, Pictures & Video
ZeroAccess! Attention: cottonball
When I open my Toshiba external, it now shows a shortcut to the external like this: Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting It's never done that before. Now, when I click this new shortcut, this pops up: Image - TinyPic - Free Image Hosting, Photo Sharing...
System Security
"Deleted" Facebook photos still not deleted: a followup
"Deleted" Facebook photos still not deleted: a followup Source: "Deleted" Facebook photos still not deleted: a followup What bullshit. This is why there are no photos of me online... ~Lordbob
Chillout Room
Deleted photos still left in WMP?
Hi Concerning deleted photos previously view via Window Media Player. Concise/short background: I've recently bought a new PC (HP Pavilion dv-7 4032), after the setup procedure and the creation of recovery discs etc... I loaded some photos (.jpg) onto the PC (library/pictures). Now...
Music, Pictures & Video


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:14.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App