drive infected and i can't see my files

April 18, 2017 at 03:26:24
Specs: Windows 10
help please! m drive was infected and i used usbfix but many of my files are still missing. what to do?

See More: drive infected and i cant see my files

Reply ↓  Report •


#1
April 18, 2017 at 04:03:31
Are you saying your computer's hard drive is infected, or a usb flash drive/memory stick?

I ask because usbfix is malware remover for usb memory sticks, and external hard drives etc.?

Which device is it that is infected?

Also pending further advice from several here, refrain from doing anything further the infected item...

message edited by trvlr


Reply ↓  Report •

#2
April 18, 2017 at 04:17:54

Reply ↓  Report •

#3
April 18, 2017 at 07:51:18
I guess this is another for your expertise John; aided by one or two others as well...

Gets very konphusing when pholks initially piggyback onto a similar thread and then (correctly of course) post their own CFH (Call For Help)...


Reply ↓  Report •

Related Solutions

#4
April 18, 2017 at 11:42:32
the one that was infected was my external hard drive,
i also tried the malware but nothing happened.

Reply ↓  Report •

#5
April 18, 2017 at 16:09:08
"i also tried the malware but nothing happened"
Please download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan yet. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)
http://www.softpedia.com/get/Antivi...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//
http://www.freedrweb.com/cureit/?ln...
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Documentation
http://download.geo.drweb.com/pub/d...

Copy & Paste the contents of the log into a text file & upload it here.
No account/registration needed. Give us the link please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#6
April 19, 2017 at 03:02:28
Sorry i'm just basic with regards to laptops, i can't find the file location of dr. web cure it
i also connected my infected hard drive, is that okay?

Reply ↓  Report •

#7
April 19, 2017 at 03:02:28
Sorry i'm just basic with regards to laptops, i can't find the file location of dr. web cure it
i also connected my infected hard drive, is that okay?

however, this is what came out from the og when i used the usbfix but majority of my files are still missing


[b]############################## | UsbFix V 9.044 | [Clean][/b]

User: alienaaa07 (Administrator) # ALIEENAAA
Updated 14/04/2017 by SOSVirus
Started at 18:05:02 | 19/04/2017

Website : [url=https://www.usb-antivirus.com/]https://www.usb-antivirus.com/[/url]
Tutorial : [url=https://www.usb-antivirus.com/tutorial/]https://www.usb-antivirus.com/tutorial/[/url]
Support : [url=https://www.sosvirus.org/]https://www.sosvirus.org/[/url]
Live detection : [url=http://www.sosmalware.com/usbfix/]http://www.sosmalware.com/usbfix/[/url]
Contact : [url=https://www.usb-antivirus.com/contact/]https://www.usb-antivirus.com/contact/[/url]

[b]################## | System information |[/b]

MB: AMD (Larne)
CPU: AMD A6-6310 APU with AMD Radeon R4 Graphics
GC: AMD Radeon(TM) R4 Graphics
RAM -> [Total : 3545 Mo | Free : 780 Mo]
Bios: Insyde Corp.
Boot: Normal boot

OS: Microsoft™ Windows 10 Home Single Language (6.3.14393 64-Bit)
WB: Internet Explorer : 11.00.14393.0
WB: Microsoft Edge : 11.00.14393.1066 (rs1_release_sec.170327-1835)
WB: Mozilla Firefox : 25.0

[b]################## | Security Information |[/b]

AV: Windows Defender [[b](!) Disabled[/b] |Updated]
AV: avast! Antivirus [Enabled |Updated]
AV: Malwarebytes [Enabled |Updated]
AS: Malwarebytes [Enabled |Updated]
AS: Windows Defender [[b](!) Disabled[/b] |Updated]
AS: avast! Antivirus [Enabled |Updated]
FW: avast! Antivirus [[b](!) Disabled[/b]]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 452 Gb (267 Gb free - 59%) [TI80167000C] # NTFS
F:\ -> Fixed disk # 932 Gb (799 Gb free - 86%) [Seagate Backup Plus Drive] # NTFS

[b]################## | Generic Research |[/b]

Not deleted ! ... Tentative au redémarrage... C:\Program Files (x86)\FoxitReader\bin\COM7.EXE

[b]################## | Startup |[/b]

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKCU\..\Run : [Google Update] C:\Users\alienaaa07\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\alienaaa07\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [uTorrent] "C:\Users\alienaaa07\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run : [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
04 - HKCU\..\Run : [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKCU\..\Run : [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
04 - HKCU\..\Run : [BingSvc] C:\Users\alienaaa07\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKCU\..\Run : [Spotify] "C:\Users\alienaaa07\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKCU\..\Run : [OneDrive] "C:\Users\alienaaa07\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Touro Cloud Backup] "C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe" /delayed
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
04 - HKLM\..\Run : [GoPro Studio Importer] C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
04 - [x64] HKLM\..\Run : [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
04 - [x64] HKLM\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
04 - [x64] HKLM\..\Run : [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
04 - [x64] HKLM\..\Run : [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
04 - [x64] HKLM\..\Run : [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
04 - [x64] HKLM\..\Run : [TSSSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - [x64] HKLM\..\Run : [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Google Update] C:\Users\alienaaa07\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Spotify Web Helper] "C:\Users\alienaaa07\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [uTorrent] "C:\Users\alienaaa07\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [BingSvc] C:\Users\alienaaa07\AppData\Local\Microsoft\BingSvc\BingSvc.exe
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Spotify] "C:\Users\alienaaa07\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [OneDrive] "C:\Users\alienaaa07\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Touro Cloud Backup] "C:\Program Files\Touro Cloud Backup\Touro Cloud Backup.exe" /delayed
04 - HKU\S-1-5-21-2903944769-165592571-1599189668-1001\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04GS - FAH.lnk : C:\Program Files (x86)\WinZip\FAH\FAHConsole.exe
04GS - WinZip Preloader.lnk : C:\Program Files (x86)\WinZip\WzPreloader.exe

[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[17/04/2017 - 22:23:35 | ASH | 4063232 Ko] - C:\pagefile.sys
[17/04/2017 - 22:23:35 | ASH | 262144 Ko] - C:\swapfile.sys
[19/04/2017 - 17:14:46 | ASH | 1452124 Ko] - C:\hiberfil.sys
[28/03/2017 - 15:47:16 | D] - C:\Config.Msi
[26/04/2016 - 07:44:35 | N | 0 Ko] - C:\$WINRE_BACKUP_PARTITION.MARKER
[24/08/2014 - 18:03:03 | SHD] - C:\$RECYCLE.BIN
[19/12/2014 - 12:08:01 | D] - C:\USB Disk Security 6.0.0.126 Incl Crack By Thumper
[22/08/2013 - 13:31:45 | RASH | 418 Ko] - C:\bootmgr
[25/05/2014 - 04:49:03 | D] - C:\TOSHIBA
[21/03/2015 - 13:23:07 | D] - C:\avast
[31/07/2015 - 05:51:49 | SHD] - C:\Documents and Settings
[30/10/2015 - 15:18:34 | N | 0 Ko] - C:\BOOTNXT
[30/12/2015 - 22:30:30 | D] - C:\b3d450ab848d738f50fcddfb
[13/02/2016 - 21:12:01 | D] - C:\Logs
[16/07/2016 - 19:47:47 | D] - C:\PerfLogs
[25/09/2016 - 04:20:38 | SHD] - C:\Recovery
[25/09/2016 - 04:27:47 | RD] - C:\Users
[16/03/2017 - 16:31:31 | RD] - C:\Program Files (x86)
[14/04/2017 - 17:48:31 | D] - C:\Windows
[17/04/2017 - 17:41:29 | D] - C:\OneDriveTemp
[18/04/2017 - 17:51:13 | RD] - C:\Program Files
[18/04/2017 - 17:51:13 | HD] - C:\ProgramData
[18/04/2017 - 18:05:51 | AD] - C:\UsbFix

[b]################## | F:\ - Fixed drive (NTFS) |[/b]

[18/04/2017 - 17:26:24 | D] - F:\$RECYCLE.BIN
[16/04/2017 - 10:29:19 | A | 0 Ko] - F:\Drive.bat
[16/04/2017 - 10:17:12 | D] - F:\Drive

[b]Analysed in 71.85 seconds[/b]

[b]################## | E.O.F | [url=https://www.sosvirus.net/]https://www.sosvirus.net/[/url] | [url=https://www.usb-antivirus.com/]https://www.usb-antivirus.com/[/url] |[/b]

message edited by alieenaaa


Reply ↓  Report •

#8
April 19, 2017 at 03:29:36
"i can't find the file location"
To avoid typo's, Copy & paste this into search.
cureit

"i also connected my infected hard drive, is that okay?"
Yes, we want dr.web to clean both drives.

Edit, search for cureit.

Use this if needed.

UltraSearch. Make sure Files & Folders are checked.
http://www.softpedia.com/get/File-m...
http://www.freewarefiles.com/UltraS...
http://www.freewarefiles.com/screen...
http://www.jam-software.com/ultrase...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

message edited by Johnw


Reply ↓  Report •

#9
April 19, 2017 at 04:28:08
I already downloaded the CureIt but I cannot find the file so that I can drag it on the desktop. what will i do next? Sorry in advance if ever you get irritated with my inquiries

Reply ↓  Report •

#10
April 19, 2017 at 04:42:57
Use UltraSearch to find it.

Reply ↓  Report •

#11
April 19, 2017 at 04:57:27
I keep moving it but It doesn't appear in the desktop

Reply ↓  Report •

#12
April 19, 2017 at 05:07:04
Give me a SS ( screenshot ) of what you are looking at.

Upload it here.
No account/registration needed. Give us the link please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#13
April 19, 2017 at 05:08:28
Cutting in ever so briefly... Have a look in your downloads folder..; possibly it's still in there?

BTW - stick/persevere with Johnw's guidance, as amongst several very knowledgable here re' virus/malware issues, here he will help you resolve the problems if it's at all possible.


Reply ↓  Report •

#14
April 19, 2017 at 05:19:13
@trvlr yes I am and I'm grateful for his help :)

@Johnw's here's the link: http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#15
April 19, 2017 at 05:22:53
Got it alieenaaa, give me about 10mins to do some editing on it.

Reply ↓  Report •

#16
April 19, 2017 at 05:33:32
Here it is.

http://fs5.directupload.net/images/...


Reply ↓  Report •

#17
April 19, 2017 at 05:37:42
oh okay thank you! i have it on the desktop, what will i do next?

Reply ↓  Report •

#18
April 19, 2017 at 05:41:04
Hover the mouse pointer over it & tell me what size it is.

Reply ↓  Report •

#19
April 19, 2017 at 05:45:34
it's 7.14 MB

Reply ↓  Report •

#20
April 19, 2017 at 05:51:52
Normally a lot larger. Maybe things have changed.

Double click on it to start.

message edited by Johnw


Reply ↓  Report •

#21
April 19, 2017 at 05:53:41
okay, do i start scanning?

Reply ↓  Report •

#22
April 19, 2017 at 05:56:50
Now it is on the Desktop, yes.

Reply ↓  Report •

#23
April 19, 2017 at 06:21:45
does the scanning take a while? cos its almost 20 minutes but the standing is still zero scanned objects.

Reply ↓  Report •

#24
April 19, 2017 at 07:11:36
hi. the app just stopped and it kind of shut down since i cannot open it anymore

Reply ↓  Report •

#25
April 19, 2017 at 14:17:22
As you are having trouble running Dr.Web CureIt, you can download a file with a random name to bypass malicious software that blocks security software from starting.
http://free.drweb.com/cureit/
Note: The file will be randomly named (example > 5mkuvc4z.exe).
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with Dr.Web CureIt as follows:
Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
Please be patient as this scan could take a long time to complete.
When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
Click Select All, then choose Cure > Move incurable.
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

message edited by Johnw


Reply ↓  Report •

#26
April 20, 2017 at 06:48:41
hi, sorry. i followed your instruction about clicking F8 mode several times but nothing happened

Reply ↓  Report •

#27
April 20, 2017 at 16:35:31
"i followed your instruction about clicking F8 mode several times but nothing happened"
Probably best you get a friend, family, workmate, social worker, neighbor etc, who is good with comps, to show you.

Lets use another program.

Run ESET Online Scanner. Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
Make sure these options are checked/ticked in Advanced settings.

Remove found threats, Scan archives, Scan for potentially unsafe applications, Enable Anti-Stealth technology.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
http://fs5.directupload.net/images/...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://www.eset.com/int/support/sys...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://support.eset.com/kb3509/?loc...
http://support.eset.com/kb3509/#create
http://support.eset.com/kb2921/?loc...
Configure ESET this way & disable your AV.
http://i.imgur.com/wZF1Ppi.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
3: Which web browsers are compatible with ESET Online Scanner?
http://support.eset.com/kb405/?loca...
My ESET product detected a threat—what should I do?
http://support.eset.com/kb117/
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
http://support.eset.com/kb405/?view...
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://support.eset.com/kb405/?view...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the Desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...



Reply ↓  Report •

#28
April 23, 2017 at 07:14:03
Hi! sorry for replying few days later, I kind of don't have people that I knew who are good in computer so I just went to some hard drive repair shops and they showed me that the virus was removed thanks to your help and that they hid my files so they showed me how to reveal them.
thank you so much for assisting me all throughout @johnw. till next time! :)

Reply ↓  Report •

#29
April 23, 2017 at 07:29:57
"that the virus was removed"
Nice work alieenaaa.

Reply ↓  Report •

Ask Question