Solved

A virus setting file sizes to 0!!!

Posted on 2004-05-01
12
212 Views
Last Modified: 2013-12-04
Hi,
My problem is simply that i got infected with a virus (i think) that set all files in the folder it affects to a size of 0. Infected folders containt the file "tmp.tmp". The problem is that the files are not deleted, they are still there but with a zero size. Which makes me unable to recover them with regular HD recovery programs. I treid Final Data and it didn't help. It affected all types of files and i lost about 35 GB of music. I think i got this virus from the network i'm on since it's only present in folders that i'm sharing on the network. I'm using an updated NAV for virus protection and ZoneAlarm as a firewall.

Anyone can provide me with information about that virus?
Is there any solution for this problem (getting the files back) ?
How to protect my pc against this virus?

Regards,

0
Comment
Question by:slimfady
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10968401
Well perhaps another data recovery program may work

Take a look at this comprehensive list of file/data recovery programs and services.
http://crazyone.tekmasters.com/datarecovery.html
0
 
LVL 11

Accepted Solution

by:
ghana earned 225 total points
ID: 10968718
> Anyone can provide me with information about that virus?
I think there are several file viruses that does have this kind of payload. You need an antivirus software that will detect this kind of malware and give it a name (see suggestion below).

> Is there any solution for this problem (getting the files back) ?
The link offered by CrazyOne is an excellent resource!

> How to protect my pc against this virus?
I would try some other virus scanners. Because you have already installed an antivirus software you must not install another one that comes with a realtime scanner. So you can use online virus scanners or on demand only software:

BitDefender Free Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Panda ActiveScan: http://www.pandasoftware.com/activescan/
Trend Micro HouseCall: http://housecall.trendmicro.com/

BitDefender Free Edition doesn't have a realtime scanner. Because of that this  software can be used as a second antivirus software. The other ones are online scanners, without realtime scanning capabilities too. All of them are free. I hope that even one of these programs will be able to detect the virus on your computer and tell us a virus name. This would help us to find information about it.
0
 

Author Comment

by:slimfady
ID: 10970829
All those virus scanners could not detect the virus. It seems that the virus is not on my pc or maybe it just came from the network.
For the recovery, most of those programs recover deleted files. Files in this case are not deleted, they are overwritten with blank data (they still exist with size 0). So, any way to get them back to normal?
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 11

Expert Comment

by:ghana
ID: 10970857
Is your computer part of a network? If not then your machine could have been hacked. In this case I would format the hard disk drive and begin with a new operating system installation.

If your files were overwritten then you can't recover the previous data. That's my knowledge. But I've heard from data restore companies that claim that they were able to restore even overwritten files. But you have to pay thousands of dollars for that.
0
 

Author Comment

by:slimfady
ID: 10971165
You're right, i'll format the hard drive anyway. The thing is that i don't think that i have the virus anymore, it's illogical that all those virus scans are unable to find one. I think that one of the computers on my network has the virus. The virus only attacked folders that i'm sharing on the network.  
I also asked a data restore company and they said that they can restore my data. This what gives me the hope of getting back overwritten files.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10971703
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 

Author Comment

by:slimfady
ID: 10972054
thanx,
since it seems that no one can solve the issue of restoring the files,
All i need now is the virus name.
can anyone find that?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972431
I think ghana is correct that the system was hacked rather than a virus doing this.
0
 

Author Comment

by:slimfady
ID: 10972777
we'll i don't think it's a hacker, cuz i know a lot of people who also got this infection, there's a pc on the network that doesn't even have an anti virus. i think it's the source
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 10972826
OK it may be a virus but personally I have no idea what the name of it would be. There may be many various viruses out there that does it. To find where it is it may take scanning every machine connected to the network for viruses
0
 

Author Comment

by:slimfady
ID: 10982181
I found a worm called mywife on a computer on the network, but it's not the one i'm after.
Anyway, it seems that my data is gone for good. The online scan is what helped me the most in here.

Thanx everyone
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10987446
The Experts Exchange Help Pages - About Closing Questions
http://www.experts-exchange.com/Security/Win_Security/help.jsp#hi9
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question