VIRUS has formatted hard drive

[profdlp]

There has been a lot of that going around lately. I cleaned one off a friends computer two weeks ago, then from my housemates rig just a few days back. For the housemate, I got tired of fighting it and just used a day-old Macrium Reflect image.

This might be a good time to put in a plug for having some type of regular backup system. With the friend, it took an entire evening of sorting things out. For the housemate with the drive image, boom - 30 minutes and I was done.

(29 minutes of which I spent wandering off to do something else while it restored automatically.)

 

[dkny1221]

ive just used roolback rx to rollback to the 20/11/2011 the day after the vrius attacked my pc what would you recommend the best steps would be to recover please and oohh yeah what was you doing haha

 

[dkny1221]

just done a hitmanpro 3.6.0 scan and it found this file Master Boot Record (Sector 0) C:$MBR red and white X Bootkit Win64/Bootkit this did not come up on the first scan i did when i got hitman pro 3.6.0 do i replace this or just ignore it

 

[GianniDPC]

just done a hitmanpro 3.6.0 scan and it found this file Master Boot Record (Sector 0) C:$MBR red and white X Bootkit Win64/Bootkit this did not come up on the first scan i did when i got hitman pro 3.6.0 do i replace this or just ignore it

Replace it ! but be carefull the MBR is needed to boot into Windows

 

[dkny1221]

it is saying Contains Characteristics of an identified secruity risk do i rep;lace it or ignore it

 

[GianniDPC]

it is saying Contains Characteristics of an identified secruity risk do i rep;lace it or ignore it

Replace it with Hitman Pro (should work)

 

[dkny1221]

hitman pro came up with the file and deleted it so its telling me to reboot now and just run that kapersky and found 4 threats so gna reboot now

 

[dkny1221]

just loaded system restore and found 1 from 19/11/11 13:07 restore operation type Undo would i be able to use that to restore pc as this is the only 1 that i have that i think was there before the virus attack

 

[dkny1221]

just tried to do a system restore and it came up saying system restore failed while mounting the registry from system restore point 0x800703f1 how can i fix it

 

[dkny1221]

just opened a word document and it changed it all to ADVAPI32.dll KERNEL32.dllUSER32.dll msvcrt.dll ole32.dll ntdll.dll COMCTL32.dll also my folder lock files ive found some called flkw type and they wont open with folder lock and most of the files on the recovery have a red D on the file how do i fix this please

 

[GianniDPC]

just opened a word document and it changed it all to ADVAPI32.dll KERNEL32.dllUSER32.dll msvcrt.dll ole32.dll ntdll.dll COMCTL32.dll also my folder lock files ive found some called flkw type and they wont open with folder lock and most of the files on the recovery have a red D on the file how do i fix this please

It isn't smart to do System Restores at the moment as the virus has taken over al the restore points ...

 

[dkny1221]

so what is best bet to do then as ive not restored it or restored any files off of that EASUS data recovery wizard and it has everything up including the windows folders etc...

 

[bigcitycat]

download and run a linux live cd. Access your important files with the file browser. Copy and paste to a usb an re install.

 

[dkny1221]

why would i use a linux live cd if im on windows 7 though??

 

[GianniDPC]

why would i use a linux live cd if im on windows 7 though??

To copy over your data i'm sorry to say this but I think all your data you can't recover by now is just lost a Clean Windows 7 reinstall is strongly recommend

 

[emaraszek]

download and run a linux live cd. Access your important files with the file browser. Copy and paste to a usb an re install.

The only problem is that all of the files are corrupt. I think it's time to cut your losses and do a clean install after formatting the drive.

A few suggestions for once your back up and running: keep a periodic external backup of your files andhave windows create backup system images, once you get it set up you won't need to touch it ever again. Also, stop using avast, I highly recommend Microsoft security essentials plus it's free. Finally, be more careful when browsing the web, there's a lot of nasty stuff out there and you wouldn't want to go through this ordeal again.

Best of luck and happy new year

 

[dkny1221]

ive found alot of my files but the image files are saying invalid image please cna you tell me a way to fix it please as ive had these pictures for over 10 years onw please thank you

 

[emaraszek]

These files are likely lost because you kept using the computer after the incident which probably caused most of your data to be overwritten or corrupt, not to mention the damage done by the infection itself

 

[dkny1221]

today ive not used the pc and only thing i have done is a rollback rx to the 20/11/11 and that is it some of them are viewable more since ive done this

 

[dkny1221]

just found a good program review would you be able to try it for me its called FileRestore profressinal 4.2.1 please as the reviews are really good off some people please