What virus would delete windows files

[annomouse]

I tried to boot up earlier today and every file in my windows folder
was gone.. All other folders were fine including windows/system.
I was able to restore from a backup using dos.
All that was lost was a few days of registry changes and a couple
wallpapers I got off the web.
So far I can not find any malware but I am updating some definition
files right now and will scan again.

I also plan to check for spyware after virus scanning.

I DID NOT delete the folder myself and no one else has access to this
puter.

I did recently download a file called ccleaner
ccleaner.com
I ran it yesterday and wonder if that thing did it??????

Otherwise I am clueless as to what happened.

BTW: I am running Win98SE.

 

[emailaddress]

I tried to boot up earlier today and every file in my windows folder
was gone.. All other folders were fine including windows/system.
I was able to restore from a backup using dos.
All that was lost was a few days of registry changes and a couple
wallpapers I got off the web.
So far I can not find any malware but I am updating some definition
files right now and will scan again.

I also plan to check for spyware after virus scanning.

I DID NOT delete the folder myself and no one else has access to this
puter.

I did recently download a file called ccleaner
ccleaner.com
I ran it yesterday and wonder if that thing did it??????

Otherwise I am clueless as to what happened.

BTW: I am running Win98SE.

Im atill looking for hwlp with this, PLEASE.....

 

[kurt wismer]

Im atill looking for hwlp with this, PLEASE.....

unfortunately i have no idea what might be causing what you're seeing...
i guess no one else does either...

as such, here's a possible diagnostic that might turn up something -
normally i'd suggest the use of process monitor here, but as it only
supports nt versions of windows i'm going to suggest it's predecessor,
filemon
(http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx)...
with appropriately narrowed filters you may be able to catch which
process is removing the files in that directory...

 

[emailaddress]

unfortunately i have no idea what might be causing what you're seeing...
i guess no one else does either...

as such, here's a possible diagnostic that might turn up something -
normally i'd suggest the use of process monitor here, but as it only
supports nt versions of windows i'm going to suggest it's predecessor,
filemon
(http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx)...
with appropriately narrowed filters you may be able to catch which
process is removing the files in that directory...

It figures I would get something complwtely bizarre. Just my luck.
I have been running the puter all day. Just for the heck of it, I ran
Windows setup and reinstalled over the top of what is here, early in
the morning. I have been running scandisk all day one each partition,
and no problems.

I am curious about something. If by chance I got an old dos (only)
virus, will a windows virus scanner detect it? I have been around
puters since dos and I recall some of those old dos viruses would
tamper with command.com. That is why I reinstalled Win. Last night I
found that command.com was missing from the c:\windows\command
directory. The other day when I lost all the files in the root dir., I
used that one to replace the one in the root. All, of a sudden that
was gone yesterday. This is really pissing me off..... Maybe I fixed
it, but I sure can make any sense of it...


I should mention that I did find a virus when I downloaded avast.
(Norton AV did not catch it). The virus is win32istbar-av trojan.
The file was ysbactivex.dll.
I got rid of that now too. According to websites, that virus dont
delete files, its more like spyware for pop up ads and that crap.
I also found Mediamotor running SpybotSD. That too dont say it deletes
files.

I just killed Norton AV. I'll use Avast from now on. NAV just dont
seem like it's worth anything anymore.

Thsnks

 

[kurt wismer]

It figures I would get something complwtely bizarre. Just my luck.
I have been running the puter all day. Just for the heck of it, I ran
Windows setup and reinstalled over the top of what is here, early in
the morning. I have been running scandisk all day one each partition,
and no problems.

well, i hope that takes care of it then...

I am curious about something. If by chance I got an old dos (only)
virus, will a windows virus scanner detect it?

it *should*... i have heard theories/suggestions/etc about retiring
signatures that are too old but as far as i know most vendors aren't
doing that yet...

if it's a real concern you could always try to find older versions of
anti-virus products and simply not update them...

[snip]

I should mention that I did find a virus when I downloaded avast.
(Norton AV did not catch it). The virus is win32istbar-av trojan.
The file was ysbactivex.dll.
I got rid of that now too. According to websites, that virus dont
delete files, its more like spyware for pop up ads and that crap.

it's adware...

I also found Mediamotor running SpybotSD. That too dont say it deletes
files.

mediamotor is a downloader trojan - that means it downloads other
things... it's possible one of the things it downloaded is the cause of
the problems, but to be honest the payload you're describing is pretty
uncommon even for malware...

I just killed Norton AV. I'll use Avast from now on. NAV just dont
seem like it's worth anything anymore.

well, all scanners miss things from time to time... hopefully you'll
have better luck with the new one...