Attention: cottonball, virus deleted all SD photos

Page 1 of 10 123 ... LastLast

  1. Posts : 48
    Windows 7 Home Premium 64bit
       #1

    Attention: cottonball, virus deleted all SD photos


    Hey,

    Having some of the same issues as from this time: ZeroAccess! Attention: cottonball.

    This round, whatever is in my computer has deleted all the photos on my SD card :-/ I ran RogueKiller and came up with this report:

    RKreport[0]_D_08152013_145201.txt

    I think these viruses are coming infected USB drives. In the future, any recommendations for prevention software I can run to pre-scan USB drives for viruses? I'd love to never run into these problems again!
    Attention: cottonball, virus deleted all SD photos Attached Files
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #2

    Which AntiVirus program are you using?
    Is it set to scan USB drives? Some programs do not do this by default.

    Pressing on with RogueKiller...

    Make sure you downloaded the latest version of the program. Several updates have been made to it recently:
    RogueKiller download
    Select the download that applies to your system (32-bit, or, 64-bit)

    •Quit all programs
    •Right-click the RogueKiller file and select: Run as Administrator
    •Wait until the Prescan finishes
    •Press: Scan
    •When the scan is done, press the [Shortcut-Fix] button.

    Please post the new RKreport (Mode: Delete) created on the Desktop in your reply.


    Also download the Farbar Recovery Scan Tool
    Select the version that applies to the system.

    Save it to the Desktop.
    • Double-click the downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
    Please provide the FRST.txt in your reply.
      My Computer


  3. Posts : 7,055
    Windows 7 Home Premium 32 bit
       #3

    For protecting your PC from infected pen drives, you may look into Panda USB Vaccine.

    ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY

    Panda USB Vaccine Free Download - Remove Autorun.inf Virus

    If you are going to use it, do make sure that you vaccinate your clean PC with it, before plugging in any USB pen drive. (You may devaccinate your PC after unplugging the pen drive, so that autorun is again enabled for the other devices on your PC, if you so desire.)

    There are many other tools too.

    The paid Autorun Virus Remover can protect your PC and also remove the autorun virus and seems to be more versatile but for a steep price.

    Ninja Pendisk seems to be more popular. So I guess it is a positive point for it. ( I have no means to test or try any of these.:)) From what I have read and researched, I may consider only these three.

    10 Tools to Protect Computer from Infected USB Flash Drives.
      My Computer


  4. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #4

    I'm running Webroot Security Anywhere. It is set to scan USB drives, so I'm not entirely sure why it's not catching any!

    @jumanji, thanks for those links, I went ahead and dloaded Panda USB Vaccine.

    Here are the two reports:

    FRST Report: FRST.txt

    RKiller Report: RKreport_8_16.txt
      My Computer


  5. Posts : 2,470
    Windows 7 Home Premium
       #5

    Are the files on the SD showing after using the Shortcut Fix?

    This virus appears to be launched through the auturun.inf file when a USB device or SD card is connected to the computer. The virus adds a line to the autorun.inf file, creates shortcuts of folders, changes the attributes of folders to hidden and also may create a random named folder on the USB drive or SD card. Within this random named folder, the .exe file producing the shortcuts of your original folders is found.

    If RogueKiller did not take care of the issue, please do the following:

    Press the Windows Key and the R key at the same time.

    In the Run prompt, type the following in the Open area, and press Enter: cmd

    When the Command Prompt opens, copy/paste (with the mouse) the following, and press Enter

    Code:
    attrib -h -r -s /s /d X:\*.*
    (Change the drive letter X to the letter corresponding to the SD Device.)
    Press: Enter

    Post back on whether the files are now visible.

    If still no go, we'll check out the content of the SD card, and take action from there.
      My Computer


  6. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #6

    This is all I see after running the code in the Command Prompt:

    Attention: cottonball, virus deleted all SD photos-cmd_prompt.jpg

    I ran the same code from the Run prompt and it did uncover (or created?) some new files I hadn't seen before. Here's what I see now on the SD:

    Attention: cottonball, virus deleted all SD photos-capture.jpg

    Attention: cottonball, virus deleted all SD photos-capture_01.jpg

    Still no images though!
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #7

    Let's see if we can overcome the "Access Denied" notice, and also get some info...

    Please download the latest version of WinRAR archiver, a powerful tool to process RAR and ZIP files
    Select the 32-bit or 64-bit version that applies to your system.
    Save to the Desktop.
    Note that this download is a trial version of the WinRAR archiver for use during a test period of 40 days.

    Double-click the downloaded program to install...
    At the WinRAR Setup, click: OK
    On the last prompt, feel free to check any of the tabs, and, when finished, press: Done
    Close out of WinRAR.

    Next, please plug in the SD card and restart the computer in Safe Mode with Command Prompt as follows:

    *As the computer starts, tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options menu.
    *Using the arrow keys, select: Safe Mode with Command Prompt
    *Press the Enter key on the keyboard, and let the computer boot to the option selected.


    At the Command Prompt, copy/paste (with the mouse) the following commands contained inside the code box, and press Enter:
    (If J the actual letter of the drive.)

    Code:
    attrib -h -r -s /s /d J:\*.*
    shutdown /r
    Before shutting down, a prompt shows:
    "You are about to be logged off.
    Windows will shut down in less than one minute."

    When the computer restarts, check the SD card once again, and post back on whether you can see the images.


    If still no-go, tap the F8 key, and once again select: Safe Mode with Command Prompt
    Press the Enter key on the keyboard, and let the computer boot to the option selected.

    At the Command Prompt, copy/paste (with the mouse) the following commands contained inside the code box, and press Enter:
    (If J the actual letter of the drive.)

    Code:
    J: 
    attrib -s -h -a 
    attrib -r -s -h autorun.inf
    shutdown /r
    Before shutting down, a prompt shows:
    "You are about to be logged off.
    Windows will shut down in less than one minute."


    When the computer restarts, open WinRAR.exe and browse to the SD card using WinRAR’s explorer.

    After locating the SD card, open it in WinRAR to show all the files, including those that are hidden.

    Search for the file Autorun.inf, open it with Notepad, name it arfile, and save it to the Desktop.

    Please post the content of the Notepad arfile in your reply.
    Last edited by cottonball; 17 Aug 2013 at 00:03.
      My Computer


  8. Posts : 7,055
    Windows 7 Home Premium 32 bit
       #8

    Just to add to what cottonball has said about using WinRAR:

    IMO, it is not necessary to run WinRAR in safe mode. You can run Windows in normal mode. ( If there is any reason why cottonball wants it to be run in Safe mode, I do not know. :))

    Boot into Windows. Keep the Shift key pressed for a while, while inserting the SD Card which is necessary to disable autorun temporarily for that event. Open WinRAR, navigate to your SD Card and explore. Open the autorun file in notepad and post its contents.

    (You can also open other folders and see whether any one of those contains your data and post your findings.You may also post a screenshot of the SD Card's content as seen in WinRAR.)
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #9

    @jumanji,

    ...it is not necessary to run WinRAR in safe mode...
    Agree...just call it a "senior moment" (lapse in memory)!

    Have not met my quota of those for this month.
      My Computer


  10. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #10

    Hmm, still unable to access the autorun file with WinRAR. I'm getting this:

    Attention: cottonball, virus deleted all SD photos-winrar_autorun.jpg

    The only file I'm able to open that's in Notepad is desktop. Here's what it shows:

    Attention: cottonball, virus deleted all SD photos-winrar_desktop_notepad.jpg
      My Computer


 
Page 1 of 10 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:47.
Find Us