[removingvirus]

All my IMAGE, VIDEO, DOCUMENT and other files is changed to .exe extension, with file_type: Application, and all have same size: 3924 KB, (video, image, folder, files, SAME SIZE).

DESCRIPTION:
1. This Started a year ago in 2020 in my laptop and pendrive, Win7 & win10.
2. Not easy as a shortcut virus. As I have done everything related to shortcut virus.
3. Automatically creates a same folder name with .exe extension inside the original folder. **For every folder in my Drive & Desktop.
3.2 Cannot copy it to other system.
4. It has also recently removed my Browser, vlc_Player, winrar etc which I had to install again.
5. Yes, I can solve this with anti_virus or installing new OS.
But I have some Personal Pictures and Videos that is IMPORTANT***.

*Please help me to recover those files which is changed to .exe (Image & Video).

*ALSO would be grateful for help to educate myself about this virus/worm which i did not found online anywhere.

Attached Thumbnails

• 
• 

[Advertisements]

Welcome to GTG Forums.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=================================
 
To begin with...
 
In the Search area type File Explorer and press Enter.
From the top menu select the View tab and then Options.
From the new window select the View tab and mark the Show hidden files and folders.
 
After that...

• Press Windows icon on your Desktop, together with the letter R.
• Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
• Type the letter of the drive where the infected files are, followed by :  (e.g. F:) 
• Enter.
• Copy and paste the following command and press Enter to execute it:

attrib *.* /d /s -h -r -s

Let me know if something changed regarding your files.
 
After that...

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, its safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

[DR M]

Welcome to GTG Forums.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
 
=================================
 
To begin with...
 
In the Search area type File Explorer and press Enter.
From the top menu select the View tab and then Options.
From the new window select the View tab and mark the Show hidden files and folders.
 
After that...

• Press Windows icon on your Desktop, together with the letter R.
• Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
• Type the letter of the drive where the infected files are, followed by :  (e.g. F:) 
• Enter.
• Copy and paste the following command and press Enter to execute it:

attrib *.* /d /s -h -r -s

Let me know if something changed regarding your files.
 
After that...

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, its safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

[DR M]

Hi, again.

 

Just noticed that you have opened a thread about the same issue here too: RECOVER FILES effected by".exe"worm/virus, type=application, size=3924KB - Virus, Trojan, Spyware, and Malware Removal Help (bleepingcomputer.com)

 

Let me know which topic you would like to continue with. It is best to receive advice from one helper at a time, as instructions can conflict and cause problems.

[removingvirus]

Hi DR M,

 

Thanks for your concern on my topic.

I will be following ONLY your guidance only, even though I have posted same topic in other forum also.

 

I have Followed both of your guidelines. and attached the documents and pictures.

 

***I am a Computer Science student and have knowledge regarding most of the things.

I am concerned about RECOVERING my image and videos.

 

Thankyou

Attached Thumbnails

• 
• 

Attached Files

•  Addition.txt   42.66KB   203 downloads
•  FRST.txt   21.49KB   194 downloads

[DR M]

Hello.

 

Thank you for letting me know.

 

=======================================

 

There are much to say regarding your logs, but let's take it one step at a time.

 

A test: Right click the folder Shinchan in F (2nd screenshot in your first post), select Properties and see the folder's size. What is says there? Your logs above show that disk F has 30GB used. Is this something you would expect? I'm asking because I have the impression that your files are there but hidden.

 

In addition to enable the option Show hidden files and folders please also do the following:

• In the Search area type File Explorer and press Enter.
• From the top menu select the View tab and then Options.
• From the new window select the View tab and UN check Hide protected operating system files (recommended).

 

After that...

 

Try to run the attrib command as you did before.

 

Restart and check if your folders appeared.

 

 

After that...

 

The FRST log is not complete. Try to find it in C:\FRST\logs and attach it for me once more. If the outcome is the same, I would like you to run FRST once more and provide fresh logs.

[removingvirus]

Hello MR D,

 

1.  I have already done those steps, and again sharing it with you with serial no 11, 22, 33 attached file.

2.  Also I have attached the screenshot of FRST Logs Folder under C: to show you what it has became, 44 attached file.

3.  11_Shows the properties,   22_Shows the VIEW of my files,  33_Shows the output of attrib command in cmd, 44_shows the folder.

 

** I think This has nothing to do with hidden folders, 

And may be those files can never be recovered, I Guess.

 

 

** my external hard drive and 2 laptops were infected, Hence I have managed to save most of files of External HD and Installed w10 in one of the laptop from where i am using Internet and doing other work.

**  And for the old laptop I am trying not to force changing my OS and trying to recover those pics and videos IMPORTANT ones.

 

Thankyou, Appreciate your help.

Attached Thumbnails

• 
• 
• 
• 

Edited by removingvirus, 19 June 2021 - 09:55 AM.

[DR M]

Hello again.

 

The first screenshot above shows that SHINCHAN folder is 74MB. When you open the folder, its content shows less. So, I believe the actual files are hidden by the virus.

 

Please, attach here the FRST.txt from C:\FRST\logs.

[removingvirus]

Hello DR M,

SHINCHAN Folder had 7 videos, out of which 2 are not infected and plays, the 74 mb must be fine I guess

 

Have attached the FRST.txt from C:\FRST\logs

 

Thankyou

Attached Files

•  FRST_19-06-2021 18.08.52.txt   21.49KB   191 downloads

[DR M]

Unfortunately it is the same with the previous one. The first part is completely missing.
 
Please run once again FRST tool and make a new Scan with it. Hopefully this time we will have complete logs.
 

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

[DR M]

Hello.

 

Not sure if you abandoned the thread or if you found a solution to your problem.

 

Just letting you know that although the FRST log is incomplete (that's why I asked you to run a new scan with FRST tool), there are signs in the logs having to do with Windows activation and not legally activated programs. 

 

Please have in mind that in order to continue here, you have to completely uninstall any program not legally activated and confirm that you have a legal operating system. 

 

Let me know about your thoughts.

[DR M]

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member or send me a personal message (hover the mouse on my profile name and press Send message) with a link to the topic.