# Unreadable files! (might be virus attack)



## MatchBoxx (Aug 7, 2011)

References:

PC 1 : online PC (i.e having internet connection), Kaspersky Internet Security 2011 installed (fully updated), WinXP SP2

PC 2: offline PC (no internet connection), no antivirus installed (a free trial of Panda Antivirus, installed in July first week, not updated), Win7

Situation:
i have a Transcend 4GB class2 SDHC card that i use on my Nokia 5130XM. This card has only 100MB space left. Yesterday i plugged this card in PC 2, using a Enter Card Reader and transferred a few MBs of file and deleted 3 files.

List of Files deleted:
VATRA, Nokia unprocessed images, RECYCLER

Problem:
After i ejected the card reader SAFELY, i just inserted it in my mobile and when i opened the memory card, all the folders had a "?" icon and .lnk extension. BUT, my mobile's music player updated itself and it showed all the 650+ songs (mp3) and could play them. When i checked the Memory Status, it showed that the card had all the data in it but the folders were inaccessible.
Today i connected the card, similarly as stated before, to PC 1, and the automatic scan in KIS detected only 1 THREAT. I opened the card and all the folders were shown as shortcuts and i could also see a folder named "Recycler" folder. I think that's a virus ofcourse. Now, i don't want to format the card and lose all the data, 'coz the backup i had taken was ages ago. What can/should i do now? Quick format the card and recover the data using data recovery softwares? Scan the card using any other Antivirus and SS&D?
Advice please. I'm facing this situation for the first time.

^^VATRA, and Nokia unprocessed images are usually present on any Nokia phone. They can only be seen in the phone, if any 3rd party java apps, file managers are used like BlueFTP and they cannot be deleted from the phone itself (error: "System File" shows up). Normally they never showed up when the card is connected to the PC, but i think i have deleted them before also.


----------



## Alok (Aug 7, 2011)

I faced that *recycler and newfolder.exe*.
And i just scan it with *kaspersky removal tool (in my digit dvd)* and solved it.


----------



## coderunknown (Aug 7, 2011)

@MatchBoxx, can you post a screenshot or just list the folders that are shown after you enbale to show hidden files & system files?

also do a error check. the song folder may just show up.


----------



## nims11 (Aug 7, 2011)

to show the original stuffs on PC, goto folder options->show hidden files and also deselect the "hide protected operating system file" checkbox. You should now be able to see the original files. if you can't delete them from PC, use a software called "unlocker".


----------



## MatchBoxx (Aug 7, 2011)

Umm...bad news guys. i plugged my 8GB Sandisk Cruzer Edge flash drive to PC2 and BINGO! Same thing happened to my flash drive. Now, i'm damn sure, that it's a virus issue. Please advice, how to wipe out the virus!?!? I will debug the pendrive from my friend's lappy, which has internet connection. Trial version of popular antivirus softwares, and rootkit removal apps will do the job, i think!
(pc2 is deeply infected with viruses, i can confirm now)


----------



## coderunknown (Aug 7, 2011)

install avast & do boot time scan. and if possible, after doing scan with avast do a full system scan with emsisoft antimalware also.


----------



## sygeek (Aug 7, 2011)

"Recycler" is a virus. Get a decent free antivirus and do a full system scan. I recommend avast free antivirus.

I usually deal with such viruses manually, but since you're an average user, I strongly recommend that you use an antivirus.


----------



## pranav0091 (Aug 8, 2011)

sygeek said:


> I usually deal with such viruses manually...



+1.
I personally believe its never worth buyin an antivirus

and yes recycler is a virus. go to folder options, tools and show hidden files and also sytem files. 
also let it not hide the known extensions.
you must find your actual data now.

What i used to remove this virus was to get process explorer and suspend three processes (i dont remember the names rite now.. but they show up with the icon of a folder.. one commmanager.exe, ). there is no point killing them, they spawn again. so suspend them.
then go to your pendrive hit a search for .exe files. sort them according to size.
youll find a hell lot of exe files with names of folders that you have and icons too but which are actually applications as shown by their .exe extensions. they should be of roughly 400something or 600something KB in size...
delete them all.

then go to the registry and delete all references for these three parent exe's (the commanager.exe and two others). finally fire up a superfast search tool like ava find and delete their files manually from c:/windows.

now get back to process manager and kill the three processes that you had initially suspended. 
restart.
done 
(sorrry if i'm not accurate enough. its quite some time ago that i did these..)


----------



## MatchBoxx (Aug 8, 2011)

Update on the issue:

when i tried to open the folders (shown as shortcuts) in the infected flash drive, they opened in a separate window and stays open for only a few seconds.



sygeek said:


> "Recycler" is a virus. Get a decent free antivirus and do a full system scan. I recommend avast free antivirus.
> 
> I usually deal with such viruses manually, but since you're an average user, I strongly recommend that you use an antivirus.



yes bro. I'm just a few steps above average. 
i have located the infected system files also and can confirm that PC2 is *deeply* infected with viruses, not just a RECYCLER virus. I don't want to mess up that PC, so i left that to my friend to figure out, after advising him to install a decent antivirus and apply for internet connection soon. I will debug my card and flash drive on my bff's lappy, which has MSE and an internet connection.



pranav0091 said:


> +1.
> I personally believe its never worth buyin an antivirus
> 
> and yes recycler is a virus. go to folder options, tools and show hidden files and also sytem files.
> ...



you are partly right.


----------



## rockfella (Aug 8, 2011)

Download combofix and run it. Its a virus 100%


----------



## nims11 (Aug 8, 2011)

dude switch to Linux! 

anyways, use a live Linux CD to search and delete all the virus files specified above by the members from pen drive and hard drive.


----------



## mithun_mrg (Aug 8, 2011)

@ Op first install a good AV & scan ur pendrive it is surely a virus after scanning go to start run>cmd>go to the drive letter of the MC >type these commands "attrib *.* -s -r -h" & "del *.lnk" also in windows folder options uncheck the options "hide protected OS files" then copy all data to the computer reset the attributes of the folders files format the memory card the copy all the data


----------



## MatchBoxx (Aug 11, 2011)

mithun_mrg said:


> in windows folder options uncheck the options "hide protected OS files" then copy all data to the computer reset the attributes of the folders files format the memory card the copy all the data



this thing actually worked! :cheers: But i tried innumerable number of times to change the attributes of the modified folders, but it just won't budge! Finally, i had to copy the contents of the folder and then again re-organize them. I appreciate everyone's help! Thank you friends! 
[MSE only quarantined the virus]


----------



## Computard (Aug 19, 2011)

I may be be late but - I have had great success with many programs from these links...you just have to find the ones that are good. Personally I really  like the many options of System Mechanic Pro,however I had great success retrieving media using hijackthis -

HijackThis - Trend Micro USA

lately Major Geeks have been offering up some great freeware that is actually very nice and with no back door surprises.

Here is their list of software that may help. Sometimes you luck out and the software does all the work for you......then theirs the times when you wished you remembered USMT and wasn't lazy about making that ASR floppy logic drive holding most of the cures for the many situations that happen with OS especially Windows. Here is Geeks site - Good Luck

 *majorgeeks.com/downloads38.html




- J


----------



## AtillaRist (Mar 26, 2012)

After days of searching I finally found solution for unlocking, managing and renaming long named files. Get your problem solved from  longpathtool(dot)(com)


----------

