Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RECOVER FILES effected by".exe"worm/virus [Closed]


  • This topic is locked This topic is locked

#1
removingvirus

removingvirus

    New Member

  • Member
  • Pip
  • 4 posts

All my IMAGE, VIDEO, DOCUMENT and other files is changed to .exe extension, with file_type: Application, and all have same size: 3924 KB, (video, image, folder, files, SAME SIZE).

DESCRIPTION:
1. This Started a year ago in 2020 in my laptop and pendrive, Win7 & win10.
2. Not easy as a shortcut virus. As I have done everything related to shortcut virus.
3. Automatically creates a same folder name with .exe extension inside the original folder. **For every folder in my Drive & Desktop.
3.2 Cannot copy it to other system.
4. It has also recently removed my Browser, vlc_Player, winrar etc which I had to install again.
5. Yes, I can solve this with anti_virus or installing new OS.
But I have some Personal Pictures and Videos that is IMPORTANT***.

*Please help me to recover those files which is changed to .exe (Image & Video).

*ALSO would be grateful for help to educate myself about this virus/worm which i did not found online anywhere.

Attached Thumbnails

  • imge.jpg
  • vide.jpg

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=================================
 
To begin with...
 
In the Search area type File Explorer and press Enter.
From the top menu select the View tab and then Options.
From the new window select the View tab and mark the Show hidden files and folders.
 
After that...

  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Type the letter of the drive where the infected files are, followed by :  (e.g. F:) 
  • Enter.
  • Copy and paste the following command and press Enter to execute it:
attrib *.* /d /s -h -r -s

Let me know if something changed regarding your files.
 
After that...

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, its safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, again.

 

Just noticed that you have opened a thread about the same issue here too: RECOVER FILES effected by".exe"worm/virus, type=application, size=3924KB - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)

 

Let me know which topic you would like to continue with. It is best to receive advice from one helper at a time, as instructions can conflict and cause problems.


  • 0

#4
removingvirus

removingvirus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi DR M,

 

Thanks for your concern on my topic.

I will be following ONLY your guidance only, even though I have posted same topic in other forum also.

 

I have Followed both of your guidelines. and attached the documents and pictures.

 

***I am a Computer Science student and have knowledge regarding most of the things.

I am concerned about RECOVERING my image and videos.

 

Thankyou

Attached Thumbnails

  • kdls.jpg
  • zfas.jpg

Attached Files


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.

 

Thank you for letting me know.

 

=======================================

 

There are much to say regarding your logs, but let's take it one step at a time.

 

A test: Right click the folder Shinchan in F (2nd screenshot in your first post), select Properties and see the folder's size. What is says there? Your logs above show that disk F has 30GB used. Is this something you would expect? I'm asking because I have the impression that your files are there but hidden.

 

In addition to enable the option Show hidden files and folders please also do the following:

  • In the Search area type File Explorer and press Enter.
  • From the top menu select the View tab and then Options.
  • From the new window select the View tab and UN check Hide protected operating system files (recommended).

 

After that...

 

Try to run the attrib command as you did before.

 

Restart and check if your folders appeared.

 

 

After that...

 

The FRST log is not complete. Try to find it in C:\FRST\logs and attach it for me once more. If the outcome is the same, I would like you to run FRST once more and provide fresh logs.


  • 0

#6
removingvirus

removingvirus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hello MR D,

 

1.  I have already done those steps, and again sharing it with you with serial no 11, 22, 33 attached file.

2.  Also I have attached the screenshot of FRST Logs Folder under C: to show you what it has became, 44 attached file.

3.  11_Shows the properties,   22_Shows the VIEW of my files,  33_Shows the output of attrib command in cmd, 44_shows the folder.

 

** I think This has nothing to do with hidden folders, 

And may be those files can never be recovered, I Guess.

 

 

** my external hard drive and 2 laptops were infected, Hence I have managed to save most of files of External HD and Installed w10 in one of the laptop from where i am using Internet and doing other work.

**  And for the old laptop I am trying not to force changing my OS and trying to recover those pics and videos IMPORTANT ones.

 

Thankyou, Appreciate your help.

Attached Thumbnails

  • 11.jpg
  • 22.jpg
  • 33.jpg
  • 44.jpg

Edited by removingvirus, 19 June 2021 - 09:55 AM.

  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello again.

 

The first screenshot above shows that SHINCHAN folder is 74MB. When you open the folder, its content shows less. So, I believe the actual files are hidden by the virus.

 

Please, attach here the FRST.txt from C:\FRST\logs.


  • 0

#8
removingvirus

removingvirus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hello DR M,

SHINCHAN Folder had 7 videos, out of which 2 are not infected and plays, the 74 mb must be fine I guess

 

Have attached the FRST.txt from C:\FRST\logs

 

Thankyou

Attached Files


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Unfortunately it is the same with the previous one. The first part is completely missing.
 
Please run once again FRST tool and make a new Scan with it. Hopefully this time we will have complete logs.
 

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.

 

Not sure if you abandoned the thread or if you found a solution to your problem.

 

Just letting you know that although the FRST log is incomplete (that's why I asked you to run a new scan with FRST tool), there are signs in the logs having to do with Windows activation and not legally activated programs. 

 

Please have in mind that in order to continue here, you have to completely uninstall any program not legally activated and confirm that you have a legal operating system. 

 

Let me know about your thoughts.


  • 0

#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member or send me a personal message (hover the mouse on my profile name and press Send message) with a link to the topic.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP