Folders empty after virus attack!!

Savagebme · Apr 3, 2011

I experienced a "Fake-alert" Trojan attack... MalwareBytes was able to eliminate it, But all the contents of my folders show "empty"..My hard drive data shows the same content, So it is as if the files are there, But invisible...I have tried system recovery, But it error messages me back that it has failed... VERY confused...Help!!

americancritic · Apr 3, 2011

Hello and welcome I wish you would have contacted the forum first because doing a system restore you have probable infected your computer again.

You should always delete the restore points in you computer after an attact and start new ones. Now I will research your problem and get back to you shortly.

Savagebme · Apr 3, 2011

Thank You, The restore failed, But since then I have scanned with Microsoft Essentials.MalwareBytes And Spybot..Other than some cookies, Nothing there...

americancritic · Apr 3, 2011

Hello the best way to do this is to do a system restore by going back to where there would be no possibilty of the malware beyond that restore... Here are your choices on a system restore.

http://www.vistax64.com/tutorials/66971-system-restore.html

http://www.vistax64.com/tutorials/194765-system-recovery-options.html

http://www.vistax64.com/tutorials/76905-system-restore-how.html

You also might want to read number 3 of this tutorial...

http://www.vistax64.com/tutorials/116415-regedit-enable-disable.html

Savagebme · Apr 3, 2011

I did try a earlier than the attack restore point...But same thing, went through all of the motions, but at the end errored back that it as unable to complete...

americancritic · Apr 3, 2011

Hello look in the Event Viewer and see what errors there are when this happens and then upload them to us so we can see what's going on.

Savagebme · Apr 3, 2011

Antimalware event began on 04/01/2011 at 11:49:59...I did not find error codes, But I did find this in the event log within the system logs....

+System
-Provider[ Name] Microsoft Antimalware
-EventID1116[ Qualifiers] 0
Level3Task0Keywords0x80000000000000-TimeCreated[ SystemTime] 2011-04-02T06:49:59.000Z
EventRecordID267748ChannelSystemComputerwyatt-PCSecurity

-EventData
%%8603.0.8107.0{4A6A00AF-B08B-4D32-9875-5BB833DE2CDF}2011-04-02T06:49:29.307Z2147644377Exploit:Java/Midseq.A5Severe30Exploithttp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Midseq.A&threatid=2147644377113%%818C:\Program Files\Internet Explorer\iexplore.exewyatt-PC\wyattcontainerfile:_C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-12dbdc42-50126687.zip;file:_C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-12dbdc42-50126687.zip->pap.class4%%8471%%8130%%82209%%8870x00000000The operation completed successfully. 00No additional actions requiredAV: 1.101.691.0, AS: 1.101.691.0, NIS: 9.134.0.0AM: 1.1.6702.0, NIS: 2.0.5854.0

%%860
3.0.8107.0
{4A6A00AF-B08B-4D32-9875-5BB833DE2CDF}
2011-04-02T06:49:29.307Z

2147644377
Exploit:Java/Midseq.A
5
Severe
30
Exploit
Encyclopedia entry: Exploit:Java/Midseq.A - Learn more about malware - Microsoft Malware Protection Center
4

2
3
%%818
C:\Program Files\Internet Explorer\iexplore.exe
wyatt-PC\

containerfile:_C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-12dbdc42-50126687.zip;file:_C:\Users\\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\javajsm.jar-12dbdc42-50126687.zip->pap.class
4
%%847
1
%%813
0
%%822
0
3
%%808

0x00000000
The operation completed successfully.

0
0
No additional actions required
-PC\

AV: 1.101.691.0, AS: 1.101.691.0, NIS: 9.134.0.0
AM: 1.1.6702.0, NIS: 2.0.5854.0

americancritic · Apr 3, 2011

Hello

I want you to download malwarebytes. After you download it then run the update to make sure it is current. Then run a full scan using malwarebytes. I will give the link at the bottom of the page. After the scan malwarebytes will save a copy of the whole scan, when it is done with it's scan you will be able to see in red if there are any malware, trojans left on your computer and then it will need your permission to get rid of it and of course the answer to that will be yes...

First things first as they say but please do this one right away here is the link, download the free version...

Malwarebytes

After this is finished post back with the results. Do NOT!!! use any restore points for doing a system restore because it can reinfect your system, we will talk about that later...

Savagebme · Apr 3, 2011

Ok....Will do...!!

Savagebme · Apr 3, 2011

Ok, MalWarebytes found a couple of critters...Malwarepack, And buried them... But,..... Still no files... I have to quit for the day, Been On this for HOURS, Maybe something else will come up??? Thank You for all of your Help/Advice...Will check back Later...

americancritic · Apr 3, 2011

We will continue to look for answers for you, thank you for letting me know about the malware and please do not use any of your restore points at all as you may reinfect your system again you will need to delete the restore points and make new ones...

Savagebme · Apr 4, 2011

Im updating here...same issue, I was wondering, What if I tried a alternate program to open these files? mostly i am wanting to recover my photos and music files...Any free software?

americancritic · Apr 4, 2011

Hello here is a list of programs you can pick and chose from...

http://www.vistax64.com/software/115872-free-software-list-vista.html

Savagebme · Apr 4, 2011

thanks again!! Picasa does not see the missing files..However MS Essentials detects them when I scan the folders....They are still there, Just invisible...

Savagebme · Apr 5, 2011

Update...Copied folder to an SD card, Plugged in to Laptop, Files appear and open on Laptop...They have a kinda ghost image, But seem to be perfectly intact....Plug back in to my PC, Same thing "Folder Empty"....

Any ideas??

kesume · Apr 5, 2011

Hi,
After you have copied files to SD card, & although ghostly they are intact.
Have you tried copying those images,in other words copying the copy, place in a new file & see what is visible on the PC?
Worth a try, you still have a copy on the SD card so you don't loose them.
Thank you.

Savagebme · Apr 5, 2011

I tried that, Even gave the folder a new name...Still will not show files...SOOO, I have an external drive that I will copy the folders to, Possibly move them to another computer, ( After i Virus scan the HELL out of it....!!) Then, Who Knows, Maybe burn it to a CD?? Seems all files have had their Properties changed?? Havent checked that out yet...But it does seem like were getting closer....

kesume · Apr 5, 2011

I think your right, obviously amaricancritic has been dealing with this mainly, so his thoughts are important I think.
But I think he will agree that you are in a position to save the files you want to an external point.
Then your going to have to do a complete clean, I would think.
What are your thoughts?

americancritic · Apr 5, 2011

Hello Savagebme

I am going to ask someone in the forum if they would take a look at your post and see if we can come up with some good answer's for you, I hope you don't mind.

americancritic

andybuk99 · Apr 6, 2011

I have the same problem, I will appreciate any tips or advice for the op.

Folders empty after virus attack!!

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

New Member

My Computer