"My Documents" erased NOT BY ME

C

Captain Kirk 56

All my files in My Documents have been erased (D-Z filenames first, A-C later
in the day), and not by me. Running search for malicious code I got the
following: C;\system volume
information\_restore{7df627cf-a4c9-4043-8a27-12cc60e378a4}\rp638\a0034215.exe

It seems that snapfiles.com/freeware/system/fwdatarecovery.html sees the
lost files and could recover them, but if I recover them to the My Documents
folder they will simply be erased again.

How can I fix this problem so that files placed in My Documents STAY there?
Help, please! Important, important, financial and personal files!

Thank you!
 
S

SG

Hi,

It appears you are infected with a Trojan Downloader.BKK or at least doing a
search for a0034215.exe points that direction. Now if you can recover your
documents you need to update your Virus software definitions and run a full
system scan.

Go here, download this program and run it.
http://www.lavasoftusa.com/products/ad_aware_free.php

Go here, download this program and run it.
http://www.safer-networking.org/en/download/index.html

As for you documents, do yourself a favor, buy a USB jump drive and keep
your docs backed up on it.
BTW system volume information\_restore is your Restore point folder and most
likely will not be cleaned by any of these programs. After you get your
system cleaned up, create a new Restore Point and in the comment section
write something down you can remember to insure if you need to do a restore
you won't backup beyond that.
 
P

Patrick Keenan

Captain Kirk 56 said:
All my files in My Documents have been erased (D-Z filenames first, A-C
later
in the day), and not by me. Running search for malicious code I got the
following: C;\system volume
information\_restore{7df627cf-a4c9-4043-8a27-12cc60e378a4}\rp638\a0034215.exe

It seems that snapfiles.com/freeware/system/fwdatarecovery.html sees the
lost files and could recover them, but if I recover them to the My
Documents
folder they will simply be erased again.

How can I fix this problem so that files placed in My Documents STAY
there?
Help, please! Important, important, financial and personal files!

Thank you!
Click to expand...

You should not do recovery to the same drive. Nor should you use the system
at all, as you are inviting overwriting. Remove the drive and attach it to
another system, and recover to another disk. Scan your drive for malware
from the host AFTER recovering files to the host system. Clear out the
content.ie5 and temp folders for all accounts.

If restore points are infected, you pretty much have to turn system restore
off then on again to delete teh infected restore points.

HTH
-pk
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I am not able to access my personal data because of System Restore 8
XP Search NOT working in My Documents 1
URGENT: Lost all files in My Documents 1
Questions about my malware settings 5
My Documents not accessible 1
HELP... need to reinstall XP, how to keep my documents? 7
Missing My Documents contents 1
Reinstalling overwrites My Documents folders but not Programs... WTF? 1

Top