We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

Malware attack. All text documents and pictures gone


KentE

Likes # 0

Last night I clicked on a video on some site I ended up on. The AVG came up with a window that a virus had been stopped and suggested I quarantined it or whatever. I clicked as I have in the past OK for it to go ahead and handle the threat and was about to click "back" in the browser, when the PC started to shut down and restart. It had never done that before when AVG antivirus stops a virus. As it starts up the screen is black and just a few of the icons appear and in the wrong place. Then I get a pop up that looks like a windows utility for scanning for problems. I clicked scan and a whole list of all kinds of disastorous faults appear (memory, hard disc, programs, etc. all with gorss faults). When the "scan" is completed a "pay now" button appeared. First now did I realize what had happend, so I pulled the plug on the router (too late of course). That "Utility window" remained on the desktop and nothing could remove it. If I restarted the same thing happend again. In start menue all the Right hand stuff like Computer or Documents were gone. I ran a scan in AVG but nothing came up. So I started the PC in safe mode and did a System Restore a few day back. When I started it up again the malware seemed to be gone and the PC back to normal. It was now late and I went to bed. Today I just noticed that most files are gone from both harddiscs in the PC. I have got music and some other format files, but all pictures, all documents, videos etc seems to be gone.

I have a backup but it is some weeks old and I did a revamp of my website and have written a few documents that I rather not lose. Is there a way to recover the files this malware most likely locked up until I pay the ransom?

Any advice for someone that is not a computer genius?

Like this post
Fruit Bat /\0/\

Likes # 0

name of scanning software asking you to pay?

Like this post
Input Overload

Likes # 0

The files haven't gone they are just hidden hidden by this malware, it puts most or files on the PC with the hidden attribute. You need to know the name of the ransom-ware though to remove it.

Like this post
dagbladet

Likes # 0

KentE

This sounds like something that happened to my computer after one of the cherubs (honest) clicked on something. Firstly, don't panic, your stuff isn't gone, it's just hidden. Next have a look at the link below and see if that is the rogue 'utility programme' that you have. then follow the instructions on the link. All safe, comes from the 'Bleepingcomputer' site.

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

Like this post
robinofloxley

Likes # 0

Bleeping computer unhide.exe may help

Also run a Malwarebytes scan (even though Restore seems to have worked)

Under no circumstances pay any money to these or other fraudsters. Paying by debit or credit card leaves you open to theft.

Like this post
dagbladet

Likes # 0

I also discovered that those that were unfortunately misguided enough to pay for the 'solution' are sent a key which actually does sort the problem out.

If you are suffering from the virus/malware in my link above the key, which is the same for everybody is 1203978628012489708290478989147.

Once entered your PC will look as it did before and it will be easier to get in and remove the rougue.

Like this post
KentE

Likes # 0

I guess I have to undo the last Restore to find out who this was. I do not remember that there was a name, and it had the appearance of a Microsoft window. The Malwarebytes scan came up clean. So I guess I have to now undo the restore and deal with it from there. It did not look as fancy as the "Windows Recovery" but pretty much said and did the same thing. So it might be another version.

Any better idea that does not involve undoing the restore, as it was next to impossible to do anything with the PC in that state.

Like this post
robinofloxley

Likes # 0

I would advise don't undo the restore. Concentrate on the unhiding.

The name doen't matter if it's mostly gone.

Like this post
KentE

Likes # 0

Yipeee!! Unhide.exe did the job! Thank you so much for your help.

Lots of Love

Kent

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more this...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers