Reply 1 : Windows Diagnostic virus - lost folders and files
Looks like they are lost forever. All you can do:
1. Have look at the external disk from another PC.
2. Get the hard disk out and have a look at that on another PC (use an enclosure or a USB to IDE/SATA cable, you can buy them in your local computer store).
If the files still are gone find the money to send both disks to a professional data recovery company and let them see what they can recover. Should be around USD 2000 for the 2 disks.
On your new PC (or on the new hard disk of your current PC, once you've reinstalled XP on it) be sure to schedule a daily backup of all changes in the data to an external disk that you DISCONNNECT when not in use for the backup and a regular full backup of all the data to an external backup service somewhere on the Internet.
And maybe use a better antivirus?
Kees
1. Have look at the external disk from another PC.
2. Get the hard disk out and have a look at that on another PC (use an enclosure or a USB to IDE/SATA cable, you can buy them in your local computer store).
If the files still are gone find the money to send both disks to a professional data recovery company and let them see what they can recover. Should be around USD 2000 for the 2 disks.
On your new PC (or on the new hard disk of your current PC, once you've reinstalled XP on it) be sure to schedule a daily backup of all changes in the data to an external disk that you DISCONNNECT when not in use for the backup and a regular full backup of all the data to an external backup service somewhere on the Internet.
And maybe use a better antivirus?
Kees
Reply 2 : Windows Diagnostic virus - lost folders and files
praise yourself lucky. What Carol says certainly looks hopeful, and the part for the external disk can easily be checked by connecting it to another PC. Even if you can't clean the hard disk, you should be able to get your files off to another PC by connecting it as an external disk also. Then - with all your data safe - you can format the disk to get rid of this nasty virus.
However, this doesn't in any way lessen the need for a good backup procedure to prevent a real disaster from occurring in the future. We can't press that enough.
Same, of course, to have a good look at your antivirus program.
I really hope you succeed. Then Carol deserves a big thank you, don't you agree?
Kees
However, this doesn't in any way lessen the need for a good backup procedure to prevent a real disaster from occurring in the future. We can't press that enough.
Same, of course, to have a good look at your antivirus program.
I really hope you succeed. Then Carol deserves a big thank you, don't you agree?
Kees
Reply 3 : Windows Diagnostic virus - lost folders and files
I just finished removing this virus from my computer.
1. The first thing you want to do is use a non-infected computer to down load a program rkill (Its free on line)and save it to a thumb drive.
2. Use a non-infected computer to download Trojan killer (it costs $45.00)
once the Trojan killer is installed open my computer double click on the C: drive, and open the folder that says Program files. Open Program Files and copy the folder GridinSoft Trojan Killer and paste it on to you thumb drive. After the folder has been coppied to the thumb drive you need to open it on the thumb drive change the trojankiller.exe to iexplore.exe.
3. Plug the thumb drive in to the infected computer and run rkill; you may have to reboot the computer and run rkill as soon as you can open the thumb drive. Once rkill has stopped the process of the virus run scan with Trojan Killer.
4. After you have scanned and removed the virus (it takes a while) you can open my computer and double click the C: drive. At the top of the window there is a Tools tab, click it and select folder options. Go to the View tab and there should be an option that says show hidden folders select it and click apply. All the files and folder should show up and all you have to do is right click on them and select properties and uncheck the Hidden option under attributes.
You will have do this for your documents and setting folder on you C: drive as well. you may need to open the documents and settings folder and unhide the folders in it but changing the attributes of the folder should change the attributes of all the subfiles and sub folders as well.
I hope this helps.
1. The first thing you want to do is use a non-infected computer to down load a program rkill (Its free on line)and save it to a thumb drive.
2. Use a non-infected computer to download Trojan killer (it costs $45.00)
once the Trojan killer is installed open my computer double click on the C: drive, and open the folder that says Program files. Open Program Files and copy the folder GridinSoft Trojan Killer and paste it on to you thumb drive. After the folder has been coppied to the thumb drive you need to open it on the thumb drive change the trojankiller.exe to iexplore.exe.
3. Plug the thumb drive in to the infected computer and run rkill; you may have to reboot the computer and run rkill as soon as you can open the thumb drive. Once rkill has stopped the process of the virus run scan with Trojan Killer.
4. After you have scanned and removed the virus (it takes a while) you can open my computer and double click the C: drive. At the top of the window there is a Tools tab, click it and select folder options. Go to the View tab and there should be an option that says show hidden folders select it and click apply. All the files and folder should show up and all you have to do is right click on them and select properties and uncheck the Hidden option under attributes.
You will have do this for your documents and setting folder on you C: drive as well. you may need to open the documents and settings folder and unhide the folders in it but changing the attributes of the folder should change the attributes of all the subfiles and sub folders as well.
I hope this helps.
Reply 4 : Windows Diagnostic virus - lost folders and files
atlanticgirl..
In "Remove Windows Diagnostic (Uninstall Guide)" it states when describing this specific rogue:
'To further make it seem like your computer is not operating correctly, Windows Diagnostic will also make it so that certain folders on your computer display no contents. When opening these folders, such as C:WindowsSystem32 or various drive letters, instead of seeing the normal list of files it will instead display a different folder's contents or make it appear as if the folder is empty. This is done to make it seem like there is corruption on your hard drive that is causing your files to not be displayed.'
Windows Diagnostic is relatively new, and I don't know much about it yet. I don't want to get your hopes up. But I see too many "seems" and "appears" in the above description to convince me the files are definitely gone.
It also says in the removal guide:
'It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.'
DID you do this? Have you tried a Rescue Disk such as Avira's, which boots outside Windows?
Carol
In "Remove Windows Diagnostic (Uninstall Guide)" it states when describing this specific rogue:
'To further make it seem like your computer is not operating correctly, Windows Diagnostic will also make it so that certain folders on your computer display no contents. When opening these folders, such as C:WindowsSystem32 or various drive letters, instead of seeing the normal list of files it will instead display a different folder's contents or make it appear as if the folder is empty. This is done to make it seem like there is corruption on your hard drive that is causing your files to not be displayed.'
Windows Diagnostic is relatively new, and I don't know much about it yet. I don't want to get your hopes up. But I see too many "seems" and "appears" in the above description to convince me the files are definitely gone.
It also says in the removal guide:
'It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.'
DID you do this? Have you tried a Rescue Disk such as Avira's, which boots outside Windows?
Carol
Reply 5 : Windows Diagnostic virus - lost folders and files
atlanticgirl..
Some malware will change your settings to use a proxy server. It may (or may not) be the case, in this instance, but check it anyway.
Open Internet Explorer. Go to Tools>Internet Options>Connections Tab. Click on the LAN settings button. See if there is a check mark next to "Use a proxy server for your LAN". If there is, UNcheck it and click OK. Then OK, again.
Carol
Some malware will change your settings to use a proxy server. It may (or may not) be the case, in this instance, but check it anyway.
Open Internet Explorer. Go to Tools>Internet Options>Connections Tab. Click on the LAN settings button. See if there is a check mark next to "Use a proxy server for your LAN". If there is, UNcheck it and click OK. Then OK, again.
Carol
Reply 6 : Windows Diagnostic virus - lost folders and files
Carol, as someone else who has been hit by this, let me say I'm really glad to see someone take an active interest in it. Your words here are encouraging.
I followed the removal instructions at http://www.bleepingcomputer.com/virus-removal/remove-windows-diagnostic
And it seems like I've gotten the malware removed, but my files are still missing. As with the OP, I'm strongly motivated to recover the data, as it is the sum of a lot of work. (2+ years, and I need it to graduate).
I did follow the instructions, running rkill and malwarebytes. Malwarebytes has quarantined 6 files and 1 registry entry.
During the phony error messages, before I got it cleaned out, it threw out warnings about hard drive errors and being unable to save some files, etc. But the messages seemed consistent with the description of phony warnings, so I wasn't too worried.
Anyway, I *think* I have it cleaned out. But as I mentioned, my files are still missing. My OS is windows Vista, and when I navigate to the users folder in my c drive, the admin account folder is missing; there's only a guest and public folder. (As a backdoor?-> )I can use the search function to find a few specific files in the downloads folder of my account, but I can't find them all that way. Further, when I navigate to the download folder in the directory pane (not through the c drive/users), it appears to be empty. Also, the documents, pictures, music, etc, folders appear to be empty when checked like this.
The three or four quick icons (firefox, show desktop, cycle active pane, etc) that sit in the (system tray? Taskbar?) Immediately to the right of the start button have also disappeared.
As a point of interest, on start-up, a calendar program called rainlender, that I've been using for a long time throws an error message that it cannot open a .log file that is kept in c:usersadminuseraccount.rainlender2 ainlender2.log. It says " (error 5: access is denied.)
The hard drive capacity/usage seems to be what it was before this problem, if I remember correctly?
I have not tried a rescue disk, and unrelated, the optical drive is dead, but flash drives work for loading things if I couldn't download them. It seems to be able to navigate the web fine.
While searching (for this post it seems
), I came across this link http://www.socialblogr.com/2010/09/how-to-restore-files-hidden-by-virus-on-windows-7.html, which discusses what sounds similar on a windows 7 computer, while I have vista, I'm wondering if this is a direction we should consider?
I'm wondering is if the files are still there and can be restored without resorting to more dramatic means, such as a recovery program?
I followed the removal instructions at http://www.bleepingcomputer.com/virus-removal/remove-windows-diagnostic
And it seems like I've gotten the malware removed, but my files are still missing. As with the OP, I'm strongly motivated to recover the data, as it is the sum of a lot of work. (2+ years, and I need it to graduate).
I did follow the instructions, running rkill and malwarebytes. Malwarebytes has quarantined 6 files and 1 registry entry.
During the phony error messages, before I got it cleaned out, it threw out warnings about hard drive errors and being unable to save some files, etc. But the messages seemed consistent with the description of phony warnings, so I wasn't too worried.
Anyway, I *think* I have it cleaned out. But as I mentioned, my files are still missing. My OS is windows Vista, and when I navigate to the users folder in my c drive, the admin account folder is missing; there's only a guest and public folder. (As a backdoor?-> )I can use the search function to find a few specific files in the downloads folder of my account, but I can't find them all that way. Further, when I navigate to the download folder in the directory pane (not through the c drive/users), it appears to be empty. Also, the documents, pictures, music, etc, folders appear to be empty when checked like this.
The three or four quick icons (firefox, show desktop, cycle active pane, etc) that sit in the (system tray? Taskbar?) Immediately to the right of the start button have also disappeared.
As a point of interest, on start-up, a calendar program called rainlender, that I've been using for a long time throws an error message that it cannot open a .log file that is kept in c:usersadminuseraccount.rainlender2 ainlender2.log. It says " (error 5: access is denied.)
The hard drive capacity/usage seems to be what it was before this problem, if I remember correctly?
I have not tried a rescue disk, and unrelated, the optical drive is dead, but flash drives work for loading things if I couldn't download them. It seems to be able to navigate the web fine.
While searching (for this post it seems
), I came across this link http://www.socialblogr.com/2010/09/how-to-restore-files-hidden-by-virus-on-windows-7.html, which discusses what sounds similar on a windows 7 computer, while I have vista, I'm wondering if this is a direction we should consider?I'm wondering is if the files are still there and can be restored without resorting to more dramatic means, such as a recovery program?
Reply 7 : Windows Diagnostic virus - lost folders and files
they may just be hidden. I got some friends on another forum to hold my hand and walk me through unhiding things.
they referenced this:
http://moniroth.wordpress.com/2008/05/16/unhide-folder-after-clean-viruses/
this is what worked for me-
go to start-> run-> type cmd
then type all this in at once.
attrib C:*.* /d /s -h -r -s
press Enter key.
my background still seems jacked up and there are a few wonky bits here and there, but it looks like my files are visible again.
carol, does this all make sense? my friends reccomend saving all the files on another drive and doing a fresh install if I can swing it.
they referenced this:
http://moniroth.wordpress.com/2008/05/16/unhide-folder-after-clean-viruses/
this is what worked for me-
go to start-> run-> type cmd
then type all this in at once.
attrib C:*.* /d /s -h -r -s
press Enter key.
my background still seems jacked up and there are a few wonky bits here and there, but it looks like my files are visible again.
carol, does this all make sense? my friends reccomend saving all the files on another drive and doing a fresh install if I can swing it.
Reply 8 : Windows Diagnostic virus - lost folders and files
^ I mean I know I trust the folks who steered me in that direction, I just mean, can you explain it for the OP if she needs it worked out?
Reply 9 : Windows Diagnostic virus - lost folders and files
My girlfriend encountered the same problem today and I walked her through. Removing the virus yet still all her files are hidden and they are very important. I saw the command you posted and I was just wondering if it is 100% safe. I'm uncomfortable using the command prompt and from what I understand you can seriously mess up your computer with commands. I didn't want to tell her to type it in not knowing what it would do and if it was safe.
If you could explain what it does and if it's completely safe that would be great. It might be too late since she's going to the computer store. But just for reference for others.
If you could explain what it does and if it's completely safe that would be great. It might be too late since she's going to the computer store. But just for reference for others.
Reply 10 : Windows Diagnostic virus - lost folders and files
would work if you know someone with a Mac.
Remove the hard drive from your machine and connect it to the Mac.
As Windows, and the virus, will not be running, all the files on that drive will be visible to the Mac and can be recovered onto the Mac HD.
Any windows virus that is present on the disk will not have any effect on the Mac
P
Remove the hard drive from your machine and connect it to the Mac.
As Windows, and the virus, will not be running, all the files on that drive will be visible to the Mac and can be recovered onto the Mac HD.
Any windows virus that is present on the disk will not have any effect on the Mac
P
Reply 11 : Windows Diagnostic virus - lost folders and files
I'm having the same problem and I still can't see my files. Did you have any success getting your files back?
Reply 12 : Windows Diagnostic virus - lost folders and files
Hi,
I had the same virus, removed with the same procedure and now have the same issue - no programs in start menu or files in explorer.
I'm sure that all files are still on the hard drive though, because when i re-ran Malwarebytes and performed FULL SCAN i can see it checking all my files and programs, so they must still be there, so are hopefully just hidden.
I'm going to try "C:*.* /d /s -h -r -s" in cmd prompt after the scan completes. That will probably be tomorrow, but i'll let you know how i get on.
I had the same virus, removed with the same procedure and now have the same issue - no programs in start menu or files in explorer.
I'm sure that all files are still on the hard drive though, because when i re-ran Malwarebytes and performed FULL SCAN i can see it checking all my files and programs, so they must still be there, so are hopefully just hidden.
I'm going to try "C:*.* /d /s -h -r -s" in cmd prompt after the scan completes. That will probably be tomorrow, but i'll let you know how i get on.
Reply 13 : Windows Diagnostic virus - lost folders and files
I had this same problem. I did a system restore to an earlier date and my hard drive came back but I still could not see any files. Ran Microsoft Secutiry Essentials and Malwarebytes which did not detect anything but my files still appeared to be missing.
Like Galahad said below I could tell the files were still there because Malware was scanning all of them.
Then I figured it out. In My Computer I right-clicked on the My Documents folder and looked at the properties. The "hidden" box was checked. I unchecked the box and applied the settings to all of the sub-folders and now I can see everything again.
Like Galahad said below I could tell the files were still there because Malware was scanning all of them.
Then I figured it out. In My Computer I right-clicked on the My Documents folder and looked at the properties. The "hidden" box was checked. I unchecked the box and applied the settings to all of the sub-folders and now I can see everything again.
Reply 14 : Windows Diagnostic virus - lost folders and files
I got help through Microsoft doing all that but I had to unhide each folder because it wouldn't do it automatically. Plus my comp is now running slow, my Windows Defender is corrupted, and the sound it makes is still there when my desktop loads. Does anyone experience this as well? The sound won't go away.
Reply 15 : Windows Diagnostic virus - lost folders and files
I just finished removing this virus from my computer.
1. The first thing you want to do is use a non-infected computer to down load a program rkill (Its free on line)and save it to a thumb drive.
2. Use a non-infected computer to download Trojan killer (it costs $45.00)
once the Trojan killer is installed open my computer double click on the C: drive, and open the folder that says Program files. Open Program Files and copy the folder GridinSoft Trojan Killer and paste it on to you thumb drive. After the folder has been coppied to the thumb drive you need to open it on the thumb drive change the trojankiller.exe to iexplore.exe.
3. Plug the thumb drive in to the infected computer and run rkill; you may have to reboot the computer and run rkill as soon as you can open the thumb drive. Once rkill has stopped the process of the virus run scan with Trojan Killer.
4. After you have scanned and removed the virus (it takes a while) you can open my computer and double click the C: drive. At the top of the window there is a Tools tab, click it and select folder options. Go to the View tab and there should be an option that says show hidden folders select it and click apply. All the files and folder should show up and all you have to do is right click on them and select properties and uncheck the Hidden option under attributes.
You will have do this for your documents and setting folder on you C: drive as well. you may need to open the documents and settings folder and unhide the folders in it but changing the attributes of the folder should change the attributes of all the subfiles and sub folders as well.
I hope this helps.
1. The first thing you want to do is use a non-infected computer to down load a program rkill (Its free on line)and save it to a thumb drive.
2. Use a non-infected computer to download Trojan killer (it costs $45.00)
once the Trojan killer is installed open my computer double click on the C: drive, and open the folder that says Program files. Open Program Files and copy the folder GridinSoft Trojan Killer and paste it on to you thumb drive. After the folder has been coppied to the thumb drive you need to open it on the thumb drive change the trojankiller.exe to iexplore.exe.
3. Plug the thumb drive in to the infected computer and run rkill; you may have to reboot the computer and run rkill as soon as you can open the thumb drive. Once rkill has stopped the process of the virus run scan with Trojan Killer.
4. After you have scanned and removed the virus (it takes a while) you can open my computer and double click the C: drive. At the top of the window there is a Tools tab, click it and select folder options. Go to the View tab and there should be an option that says show hidden folders select it and click apply. All the files and folder should show up and all you have to do is right click on them and select properties and uncheck the Hidden option under attributes.
You will have do this for your documents and setting folder on you C: drive as well. you may need to open the documents and settings folder and unhide the folders in it but changing the attributes of the folder should change the attributes of all the subfiles and sub folders as well.
I hope this helps.
Reply 16 : Windows Diagnostic virus - lost folders and files
When you start up your comp and the desktop is loading, do you get a that annoying sound it makes? It's physically gone but I still get it's start up sound. How can I remove this?
Reply 17 : Windows Diagnostic virus - lost folders and files
After unhiding my files I ran rkill and then Malwarebytes again. Malware bytes did find a couple of trojans that were labeled WindowsDiagnostic and HDD. Hopefully this works and you don't need to spend the $45 on Trojan Killer.
Wish these people had better things to do with there time than create trojans and viruses.
Wish these people had better things to do with there time than create trojans and viruses.
Reply 18 : Windows Diagnostic virus - lost folders and files
I got hit with this virus as well and after following the removal instructions on bleepingcomputer a lot of files were missing still.
To my relief, they were just hidden. All of your stuff is still there.
The attrib command is a good solution, but I recommend a slightly different set of options. The -s and -r options are removing the system and read-only attributes, and it does not appear that the virus affects those settings. You really don't want to remove the system flag from actual system files, which the attrib command listed above WILL do. I would just do this:
Log in as an adminstrator
start->run->cmd
cd c:
attrib c:*.* /d /s -h
To my relief, they were just hidden. All of your stuff is still there.
The attrib command is a good solution, but I recommend a slightly different set of options. The -s and -r options are removing the system and read-only attributes, and it does not appear that the virus affects those settings. You really don't want to remove the system flag from actual system files, which the attrib command listed above WILL do. I would just do this:
Log in as an adminstrator
start->run->cmd
cd c:
attrib c:*.* /d /s -h
No comments:
Post a Comment