ENTIRE HDD Erased!

[karthurk]

Hello, I will make a big story now:

A few weeks ago I freshly installed Win 7 Professional with a student key.
I noticed that my program settings wouldn't be saved, so I made a thread here, someone told me to modify the registry and add something(program settings like Mozilla wouldn't find Flash Player, Photoshop settings and so on).

3-4 days ago those problems started again, but this time my Chrome disappeared, and then my entire project HDD, everything deleted clean.

I restored most of my projects and I made a full clean installation of everything. The first thing after install was to install KAspersky 2010. I scanned everything, everything clean, the only things left were my music, games and what I could save from my projects, everyhting clean, just some keylogger from Coffee Cup form builder that I have 2 years now in a zip that I don't open .


Today, I was afk for cca 2hrs and when I returned I found everything f****ed up.
My screen was rotated, resolution 800x600 (from 1920x1080), screensaver was running with some chicks, and out of thin air, Ihad installed Virtual GirlHD and Virtual GuyHD, and some application from softpedia: The Ultimate Virus.

Chome, Firefox, the entire Adobe Master Collection CS4 Suite is deleted, along with ALL the files from all my HDD's.

Here is the log Kaspersky spit out. Nothing suspicious, what am I missing. I will definitevly have to recover my project files but I need to know with what antivirus should I look for anything.

Anyhow, as it seems, my installation being 2 days old, the virus wasn't on the pc, but some sort of trojan that downloaded that heap of crap from the internet and what exactly deleted everything from my pc?

UAC is off, I don't like to always hit allow, because I only install things that are necessary and nothing more.

If anyone has an idea about this, please share.

Thanks!


Prinscr1.jpg is from another pc on the same network.
Print1.jpg is from my pc.

My pc is running W7 X64 Professional + KAV 9.0.xxxx
The other pc is running WinXP Sp2(updated) + KAV 9.0.xxxx
They're both being a Dlink DI-524 Router (Firewall not enabled, only WPA2 on WiFi)

 

[ultraplanet]

UAC is off, I don't like to always hit allow, because I only install things that are necessary and nothing more.

It seems you also install Trojans. This is the perfect example of what the UAC is designed to protect you from.

 

[pebbly]

wow, Jacee, JACEEEE

 

[karthurk]

UAC is off, I don't like to always hit allow, because I only install things that are necessary and nothing more.

It seems you also install Trojans. This is the perfect example of what the UAC is designed to protect you from.

The only things I installed since I installed w7 The other day were, Adobe Master Collection, SHockwave, Flash, Quicktime, Media Player Classic (+ffdshow, ac3filter, haali media splitter, x264), WinRar, Total Commander, Winamp, Google Chrome, Firefox, ACDSee, Yahoo Messenger. The same things I have installed in the last 2 years.

 

[ultraplanet]

If you have the UAC turned off you can and will run into things out there that can slip around your defences and just install themselves without asking you or without your knowlege.... and ta da you have a trojan. With UAC on, any thing that tries to install itself will have to have your permission to do it. It is your choice though.... I have had luck with Malwarebytes in the past it can be downloaded at malwarebytes.org

 

[Tews]

Download Malwarebites Anti-malware and run a full scan... Then turn your UAC back on .... This is what happens when you start messing around with things... You end up with a key logger and who knows what else... In the future, image your drive so if this happens again, you will be able to recover from it without all this hassle, and stay away from dodgy websites and torrents....

 

[karthurk]

There's an entire farm of malware there, GREAT!

 

[echrada]

karturk, commiserations. You will hopefully recover from this a much wiser person.

 

[karthurk]

I restarded my PC after Malware Bytes scanned and required me to restart the PC, to delete all malware and now i`m facing a bright blue screen. Cool

 

[pparks1]

A few weeks ago I freshly installed Win 7 Professional with a student key.

Where did the copy of the OS come from? Was it a legitimate source?

Today, I was afk for cca 2hrs and when I returned I found everything f****ed up.
My screen was rotated, resolution 800x600 (from 1920x1080), screensaver was running with some chicks, and out of thin air, Ihad installed Virtual GirlHD and Virtual GuyHD, and some application from softpedia: The Ultimate Virus.

Yeah, something now owns your machine. I wouldn't do anything short of a format and complete and total reinstall at this point.

UAC is off, I don't like to always hit allow, because I only install things that are necessary and nothing more.

Well, if you keep installs to a minimum and go with the defaults of UAC in Windows 7....you aren't going to get prompted very often at all with it enabled. These are exactly the types of things that UAC is designed to help protect against. It won't stop it from installing if you say Yes...but a prompt indicating that something is trying to get admin level access might throw up a red flag...and cause alarm right at the start....versus after the fact like you are experiencing now.

 

[Tews]

I agree 100% with pparks.. your system integrity has been severely compromised... Format and reinstall is the only sensible option at this point...

 

[Etihtsarom]

Are those applications legit? If your OS or applications came with cracks or patches or keygens, that's what happens.
Edit: OS actually come with these kinds of extra addons if they are not legit.

 

[karthurk]

Writing from my phone now, everything is dead. I am dl ing and installing antiviruses and anti malware.

The OS is downloaded from msdnaa student program.

And here comes a long night trying to restore 3 years worth of projects, a second time in the last 3 days, as I was not smart enough to burn everything to dvd's, being a poretable hdd and all...


Lesson well learned.


EDIT: is there a software to recover deleted files and directory structure? Active REcovery does not recover restore the files, he made me the last time 5400 dir with DIR0001 - dir5400 no directory structure only the files. . and I have in total like 500.000 files in my projects.

 

[Jacee]

You managed to pic up a 'Bot' ... definitely a compromised computer!

You will need to change all your passwords using a known clean computer. Remember them, because when you get your OS set up again, you'll need to use the new ones.

This is just the first malware shown --> 4c1044aM.dll
http://www.threatexpert.com/files/4c1044aM.dll.html

 

[Etihtsarom]

There's software that will recover the files, but they're meant to help with deleted files and crahsing drives, not drives that've got autorun malware loaded. Put that drive into a system that's secured with HIPS and disabled autorun and you might be able get your files back. Getdataback for NTFS or FAT will do the job.

 

[Tews]

In a situation like this, you dont want any files from a compromised computer, its not worth the risk... Format completely and reinstall and read up on basic computer safety practices....

 

[gregrocker]

You ran Malwarebites in safe mode?

I would download Avast free home and accept its boot scan. See what else is picked up.

Next I would enter Safe Mode with networking and download Spybot S&D, only its scan function, update and run. If it finds little or nothing, then run Malwarebites again in Safe Mode and you can probably retrieve your files.

If you dont' see any end to it this way, boot into a copy of Win7 DVD Repair console to open a Command line and type:

DISKPART
LIST DISK
SELECT DISK # (for Windows 7 disk)
clean all (for zeroing, deepest possible clean)
create partition primary
select partition 1
assign letter=c:
active
format
exit

Now reinstall Win7. Avast Boot and Spybot Safe Mode scan upon startup, starting with Win7 DVD.

 

[karthurk]

In a situation like this, you dont want any files from a compromised computer, its not worth the risk... Format completely and reinstall and read up on basic computer safety practices....

Sadly enough, I do have to keep my projects, they're my portfolio and if some clients need something modified I need the source files.

In a situation like this, you dont want any files from a compromised computer, its not worth the risk... Format completely and reinstall and read up on basic computer safety practices....

I'm a computer power user since '99(everythign that I used since '99 to 2007 so far was cracks and keygens), and I did not have had such problems, and I did had my fair share of warez-er until 2-3 years ago ... anyhow. I have ESET SMART SECURITY AND ANTIVIRUS 4.0 now, Lavasoft Ad-Aware and UAC turned to paranoid. I'm curious what it'll happen now on a freshly formatted system, now starts the recovery

 

[karthurk]

You ran Malwarebites in safe mode?

I would download Avast free home and accept its boot scan. See what else is picked up.

Next I would enter Safe Mode with networking and download Spybot S&D, only its scan function, update and run. If it finds little or nothing, then run Malwarebites again in Safe Mode and you can probably retrieve your files.

If you dont' see any end to it this way, then download Darik's Boot and Nuke and zero the HD before installing Win7. Only when zeroed will you know nothing can rise from the grave.

Yap, after I backup my data to optical storage I will low level format everything and then I will thoroughly scan my DVD's.

And the passwords changed ...... I use foxmarks for bookmarks and password sync (but not the sensitive login into whm or so). it'll be a mouthfull...

 

[Tews]

I disagree, however your knowledge of system security is non existent otherwise you would not be in the predicament to begin with...You apparently have no backup system in place and your willingness to use dodgy programs may well have not only compromised your own computer, but others as well... So dont tell us how much of a power user you are... you seem to be a careless one...