• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

WTF IS THAT? Happened Overnight!!! DELETED ALL MY FILES

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
OTMOPO3OK

OTMOPO3OK

Member
Joined
Jan 29, 2002
Location
NY, Brooklyn
OK I woke up today went to my D: drive on laptop and found that all my folders have been renamed to some wiered short names (DOS like but without ~).
AND i can't access any folder. This is my college laptop I GOT ALL MY WORK THERE !!!
The laptop is mostly "ON", on wireless too, but i frigging 'bulletproof'ed my wirelesss (ALL possible tricks i could find,No SSID broadcast,MAC filtering,etc)
Plus only old people live in my building, i don't think they bother breaking WLANs.:)
Maybe it's a worm, my own program?
It's only on disk D:(which was openly shared), C: is fine(it wasn't shared). After i rebooted "The BAT" email client created new 'My Documents' folder and its own subfolder for storing email, meaning that even windows doesn't see those short named folders as my old folders,it just created new ones. Same for 'Favorites' folder = new and empty. Sh*t.
What do i do....i gotta recover the data in those folders, guys.

I googled my *** off today (please don't suggest search) :bang head, checked everything with AV,Ad-Aware,Spybot. Did system restore but my drive D: is not covered by System Restore.(I have no extra space). I've looked at D: from another comp on the network, the folder names still look wiered.
In 'My Comp' drive D: is almost full (i know the folders contain data,i just can't access it).
Can somebody help me? :shrug:
EDIT: ohh yeah i can't rename them to normal names either. It says "The filename syntax is incorrect".
This triggered a thought in my head. I remmeber an old joke where one renames folders with (holding) ALT 255 (on keypad) this creates characters that Win can't recognise and user kills himself over it. Maybe someone accesseed my drive and did just that. how do i undo it? rename them from DOS?
Here is a pic:
Renamed Folders.JPG
 
Last edited:
Wow.

There's almost no doubt in my mind that it's a virus, something like Sysbin that renames stuff on all your drives.

Can you boot into safe mode with networking? I would first try and do that and see if you can access your files (I doubt you will be able to). Then run one of the online virus scanners from Symantec or Panda.

Next, maybe boot with your Windows CD and try to do a Repair with Recovery Console. In the recovery console, use chkdsk without any options; it will do a read-only scan and tell you if there are any problems on the disk. If there are, you can try a chkdsk /p to see if it can fix them, but that can often be destructive to corrupted data.
 
Ok i ran online Symantec AV it found some adware:
weatherbug,iwantsearch.
I don't think these can affect me much.
I tried accessing from safemode with networking, no luck.
I also booted from Hiren's Boot CD and used Volkov Commnader to rename some of the folders back to what they were.
However i still can't rename 'MYDOCU>0','FAVORIn1',INSTALn0', adn some others because Volkov says "Cannot delete subdirectory FAVORIn1'.
Another words it does not ecognize them as folders even in DOS.
HOW COME? I should try pure DOS next.
 
Well, it may not be a virus, though that seems unlikely to me.

It could be data corruption caused by any number of things such as improper shutdown, drive compression gone awry, even a drive that is going bad.

I'm out of ideas on how to try and recover your data; maybe if redduc comes around he'll have some better ideas for you.
 
Boot from Knoppix or a PEBuilder CD and check the drive that way. You have to assume your current system/windows install is either compromised or totally faulty. Any second you continue to run it increases your risk of more damage.
 
Slackfumasta, thank you for your suggestion,
well i'm still trying and will be around so if someone throws some ides into the air i'll be here to grab them.
I'll let everyone know if i succeed in something.
thanks agian.

PS: I tried renaming files in DOS but can't do anything since my '\' key isn't working now...grrrrr...
it shows '#' instead of '\', with SHIFT pressed it shows '~' instead of '|'
Like someone remapped my keys in DOS...aaghhh
In WinXP everything is fine.

I'm trying different file recovery tools now.
I just need to copy My Documents dir to another comp and i can bring laptop to Univesity tomorrow to reimage the whole physical drive (both C:,D:)
Any good programs? possibly with network support.

PS: I used BartPE NO luck at all.
 
Try using Knoppix to access the files. It worked when windows couldn't see about 20gigs of stuff in "My Documents" during a previous incedent my neighbor encountered.
 
If your have trouble using charaters here is the ALT+ list for you to use. I am unsure how you could get around the numberpad thing but I wish I could offer more. It is not complete, I got bored and stopped..
 

Attachments

  • code list.txt
    5.6 KB · Views: 104
While I was trying to figure out what may have caused your problem, I noticed in the pic that you have the SafeProAllstart.zip file on your D: volume. I'm aware that the .zip contains the Black Viper Registry file for what he calls the "Safe" services settings, but I'm just curious as to whether you happened to merge the contained Registry file, and if you modified any of the other services?

I know I've seen this problem before, but right now I'm drawing a blank as to the cause or the fix.
 
Enablingwolf thanks for the table, i tried renaming. NO it can't recognize the flders.
Cyrix_2k, i downloaded and burned Knoppix. It's MAGIC, MAGIC i tell you.

I see all my files. BUT i can't rename,delete,do anything in the browser (it's my first time using Knoppix). It just doesn't allow me. Even working files.
How do i change that?
EDIT: I think it's permissions but i can't figure out how to enable modifications. If i go to properties of drive D:,permissions,change Owne's permission to View&Modify it shows a bar of progress and says "Stalled" under it. Nothing happens futher.
Sometimes it says "Changing the Attributes of files is not supported with protocol devices."

EDIT:
redduc900, you are very observant! No it's not about services that's for sure. I edited them LOOONG ago (year?). I just have this file on Drive D: of every of my comps so if anything happens i have quick access to it. Thanks though.

EDIT:
Another thing, Using Knoppinx i found a file invisible in WinXP called "0" (no ext), file size 0b, it took forever to open it, but its empty. Maybe its something left by virus?Hmm...
Now i need to learn how to use Linux:):):)
 
Last edited:
Knoppix mounts drives only readable by default. You either need to mount a different drive writaable and copy the data you want saved or r8un the samba script and grab the data from another computer. If you need more info on that just hit me up by PM.
 
Wow thanks for all the replies.
well guys i got my files back!!! Woohoo thanks to Knoppix. I changed the D: drive from read only to writeable, edited filenames, then back to read only. Worked like a charm.
I started researching stuff on Linux. Wanna install it badly and learn learn learn. At least how it operates for now.
Gentoo seems too complicated at the moment (i have no idea how Linux is built or commands = n00b), but i might install Knoppix just to learn stuff.
However i did not solve the problem with the virus. It might be still there. I just renamed my files back. What if it attacks my C: dir? Should i reimage HDD just to be safe?
Thank you again. It took me whole day but it sparked sudden interes in Linux. I'm glad overall.
EDIT: zip22 i just stumbled upon the same article 2 hours ago and was shocked, but no i had no doc with email.:) If i missed it then "haxor" did a lousy job.:) :p
 
Last edited:
Wow, cool!

But WAIT! Before you go Linux happy. . .

Backup all your important data!

Do this on a regular basis just to be on the safe side. I use a DVD burner for my backups, works like a charm :)
 
Yeah knoppix and BartPE are awesome for recovering files, I used bartpe when one of the core winxp files corrputed itself and managed to rescue all my fiels
 
You must log in or register to reply here.

Similar threads

ps2cho
Keep existing NAS setup or change?
Replies
2
Views
2K
EarthDog
EarthDog
ssjwizard
Transferred files to new disk, storage size not the same
Replies
3
Views
627
ssjwizard
ssjwizard
trents
Disk space being gobbled up
Replies
5
Views
629
trents
trents
techiemon
Suddenly cannot drag and drop files and folders to another place
Replies
4
Views
879
trents
trents
David
Linux on my Laptop: Stuff that works and stuff that doesn't
Replies
17
Views
2K
David
David
Back