Solved

A virus setting file sizes to 0!!!

Posted on 2004-05-01
12
211 Views
Last Modified: 2013-12-04
Hi,
My problem is simply that i got infected with a virus (i think) that set all files in the folder it affects to a size of 0. Infected folders containt the file "tmp.tmp". The problem is that the files are not deleted, they are still there but with a zero size. Which makes me unable to recover them with regular HD recovery programs. I treid Final Data and it didn't help. It affected all types of files and i lost about 35 GB of music. I think i got this virus from the network i'm on since it's only present in folders that i'm sharing on the network. I'm using an updated NAV for virus protection and ZoneAlarm as a firewall.

Anyone can provide me with information about that virus?
Is there any solution for this problem (getting the files back) ?
How to protect my pc against this virus?

Regards,

0
Comment
Question by:slimfady
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10968401
Well perhaps another data recovery program may work

Take a look at this comprehensive list of file/data recovery programs and services.
http://crazyone.tekmasters.com/datarecovery.html
0
 
LVL 11

Accepted Solution

by:
ghana earned 225 total points
ID: 10968718
> Anyone can provide me with information about that virus?
I think there are several file viruses that does have this kind of payload. You need an antivirus software that will detect this kind of malware and give it a name (see suggestion below).

> Is there any solution for this problem (getting the files back) ?
The link offered by CrazyOne is an excellent resource!

> How to protect my pc against this virus?
I would try some other virus scanners. Because you have already installed an antivirus software you must not install another one that comes with a realtime scanner. So you can use online virus scanners or on demand only software:

BitDefender Free Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Panda ActiveScan: http://www.pandasoftware.com/activescan/
Trend Micro HouseCall: http://housecall.trendmicro.com/

BitDefender Free Edition doesn't have a realtime scanner. Because of that this  software can be used as a second antivirus software. The other ones are online scanners, without realtime scanning capabilities too. All of them are free. I hope that even one of these programs will be able to detect the virus on your computer and tell us a virus name. This would help us to find information about it.
0
 

Author Comment

by:slimfady
ID: 10970829
All those virus scanners could not detect the virus. It seems that the virus is not on my pc or maybe it just came from the network.
For the recovery, most of those programs recover deleted files. Files in this case are not deleted, they are overwritten with blank data (they still exist with size 0). So, any way to get them back to normal?
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 11

Expert Comment

by:ghana
ID: 10970857
Is your computer part of a network? If not then your machine could have been hacked. In this case I would format the hard disk drive and begin with a new operating system installation.

If your files were overwritten then you can't recover the previous data. That's my knowledge. But I've heard from data restore companies that claim that they were able to restore even overwritten files. But you have to pay thousands of dollars for that.
0
 

Author Comment

by:slimfady
ID: 10971165
You're right, i'll format the hard drive anyway. The thing is that i don't think that i have the virus anymore, it's illogical that all those virus scans are unable to find one. I think that one of the computers on my network has the virus. The virus only attacked folders that i'm sharing on the network.  
I also asked a data restore company and they said that they can restore my data. This what gives me the hope of getting back overwritten files.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10971703
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:slimfady
ID: 10972054
thanx,
since it seems that no one can solve the issue of restoring the files,
All i need now is the virus name.
can anyone find that?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972431
I think ghana is correct that the system was hacked rather than a virus doing this.
0
 

Author Comment

by:slimfady
ID: 10972777
we'll i don't think it's a hacker, cuz i know a lot of people who also got this infection, there's a pc on the network that doesn't even have an anti virus. i think it's the source
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972826
OK it may be a virus but personally I have no idea what the name of it would be. There may be many various viruses out there that does it. To find where it is it may take scanning every machine connected to the network for viruses
0
 

Author Comment

by:slimfady
ID: 10982181
I found a worm called mywife on a computer on the network, but it's not the one i'm after.
Anyway, it seems that my data is gone for good. The online scan is what helped me the most in here.

Thanx everyone
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10987446
The Experts Exchange Help Pages - About Closing Questions
http://www.experts-exchange.com/Security/Win_Security/help.jsp#hi9
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question