Solved

A virus setting file sizes to 0!!!

Posted on 2004-05-01
12
208 Views
Last Modified: 2013-12-04
Hi,
My problem is simply that i got infected with a virus (i think) that set all files in the folder it affects to a size of 0. Infected folders containt the file "tmp.tmp". The problem is that the files are not deleted, they are still there but with a zero size. Which makes me unable to recover them with regular HD recovery programs. I treid Final Data and it didn't help. It affected all types of files and i lost about 35 GB of music. I think i got this virus from the network i'm on since it's only present in folders that i'm sharing on the network. I'm using an updated NAV for virus protection and ZoneAlarm as a firewall.

Anyone can provide me with information about that virus?
Is there any solution for this problem (getting the files back) ?
How to protect my pc against this virus?

Regards,

0
Comment
Question by:slimfady
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10968401
Well perhaps another data recovery program may work

Take a look at this comprehensive list of file/data recovery programs and services.
http://crazyone.tekmasters.com/datarecovery.html
0
 
LVL 11

Accepted Solution

by:
ghana earned 225 total points
ID: 10968718
> Anyone can provide me with information about that virus?
I think there are several file viruses that does have this kind of payload. You need an antivirus software that will detect this kind of malware and give it a name (see suggestion below).

> Is there any solution for this problem (getting the files back) ?
The link offered by CrazyOne is an excellent resource!

> How to protect my pc against this virus?
I would try some other virus scanners. Because you have already installed an antivirus software you must not install another one that comes with a realtime scanner. So you can use online virus scanners or on demand only software:

BitDefender Free Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Panda ActiveScan: http://www.pandasoftware.com/activescan/
Trend Micro HouseCall: http://housecall.trendmicro.com/

BitDefender Free Edition doesn't have a realtime scanner. Because of that this  software can be used as a second antivirus software. The other ones are online scanners, without realtime scanning capabilities too. All of them are free. I hope that even one of these programs will be able to detect the virus on your computer and tell us a virus name. This would help us to find information about it.
0
 

Author Comment

by:slimfady
ID: 10970829
All those virus scanners could not detect the virus. It seems that the virus is not on my pc or maybe it just came from the network.
For the recovery, most of those programs recover deleted files. Files in this case are not deleted, they are overwritten with blank data (they still exist with size 0). So, any way to get them back to normal?
0
 
LVL 11

Expert Comment

by:ghana
ID: 10970857
Is your computer part of a network? If not then your machine could have been hacked. In this case I would format the hard disk drive and begin with a new operating system installation.

If your files were overwritten then you can't recover the previous data. That's my knowledge. But I've heard from data restore companies that claim that they were able to restore even overwritten files. But you have to pay thousands of dollars for that.
0
 

Author Comment

by:slimfady
ID: 10971165
You're right, i'll format the hard drive anyway. The thing is that i don't think that i have the virus anymore, it's illogical that all those virus scans are unable to find one. I think that one of the computers on my network has the virus. The virus only attacked folders that i'm sharing on the network.  
I also asked a data restore company and they said that they can restore my data. This what gives me the hope of getting back overwritten files.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10971703
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:slimfady
ID: 10972054
thanx,
since it seems that no one can solve the issue of restoring the files,
All i need now is the virus name.
can anyone find that?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972431
I think ghana is correct that the system was hacked rather than a virus doing this.
0
 

Author Comment

by:slimfady
ID: 10972777
we'll i don't think it's a hacker, cuz i know a lot of people who also got this infection, there's a pc on the network that doesn't even have an anti virus. i think it's the source
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972826
OK it may be a virus but personally I have no idea what the name of it would be. There may be many various viruses out there that does it. To find where it is it may take scanning every machine connected to the network for viruses
0
 

Author Comment

by:slimfady
ID: 10982181
I found a worm called mywife on a computer on the network, but it's not the one i'm after.
Anyway, it seems that my data is gone for good. The online scan is what helped me the most in here.

Thanx everyone
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10987446
The Experts Exchange Help Pages - About Closing Questions
http://www.experts-exchange.com/Security/Win_Security/help.jsp#hi9
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now