A virus setting file sizes to 0!!!

Posted on 2004-05-01
Medium Priority
Last Modified: 2013-12-04
My problem is simply that i got infected with a virus (i think) that set all files in the folder it affects to a size of 0. Infected folders containt the file "tmp.tmp". The problem is that the files are not deleted, they are still there but with a zero size. Which makes me unable to recover them with regular HD recovery programs. I treid Final Data and it didn't help. It affected all types of files and i lost about 35 GB of music. I think i got this virus from the network i'm on since it's only present in folders that i'm sharing on the network. I'm using an updated NAV for virus protection and ZoneAlarm as a firewall.

Anyone can provide me with information about that virus?
Is there any solution for this problem (getting the files back) ?
How to protect my pc against this virus?


Question by:slimfady
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 44

Expert Comment

ID: 10968401
Well perhaps another data recovery program may work

Take a look at this comprehensive list of file/data recovery programs and services.
LVL 11

Accepted Solution

ghana earned 450 total points
ID: 10968718
> Anyone can provide me with information about that virus?
I think there are several file viruses that does have this kind of payload. You need an antivirus software that will detect this kind of malware and give it a name (see suggestion below).

> Is there any solution for this problem (getting the files back) ?
The link offered by CrazyOne is an excellent resource!

> How to protect my pc against this virus?
I would try some other virus scanners. Because you have already installed an antivirus software you must not install another one that comes with a realtime scanner. So you can use online virus scanners or on demand only software:

BitDefender Free Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Panda ActiveScan: http://www.pandasoftware.com/activescan/
Trend Micro HouseCall: http://housecall.trendmicro.com/

BitDefender Free Edition doesn't have a realtime scanner. Because of that this  software can be used as a second antivirus software. The other ones are online scanners, without realtime scanning capabilities too. All of them are free. I hope that even one of these programs will be able to detect the virus on your computer and tell us a virus name. This would help us to find information about it.

Author Comment

ID: 10970829
All those virus scanners could not detect the virus. It seems that the virus is not on my pc or maybe it just came from the network.
For the recovery, most of those programs recover deleted files. Files in this case are not deleted, they are overwritten with blank data (they still exist with size 0). So, any way to get them back to normal?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

LVL 11

Expert Comment

ID: 10970857
Is your computer part of a network? If not then your machine could have been hacked. In this case I would format the hard disk drive and begin with a new operating system installation.

If your files were overwritten then you can't recover the previous data. That's my knowledge. But I've heard from data restore companies that claim that they were able to restore even overwritten files. But you have to pay thousands of dollars for that.

Author Comment

ID: 10971165
You're right, i'll format the hard drive anyway. The thing is that i don't think that i have the virus anymore, it's illogical that all those virus scans are unable to find one. I think that one of the computers on my network has the virus. The virus only attacked folders that i'm sharing on the network.  
I also asked a data restore company and they said that they can restore my data. This what gives me the hope of getting back overwritten files.
LVL 12

Expert Comment

ID: 10971703
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren

:o) Your brain is like a parachute. It works best when it's open

Author Comment

ID: 10972054
since it seems that no one can solve the issue of restoring the files,
All i need now is the virus name.
can anyone find that?
LVL 44

Expert Comment

ID: 10972431
I think ghana is correct that the system was hacked rather than a virus doing this.

Author Comment

ID: 10972777
we'll i don't think it's a hacker, cuz i know a lot of people who also got this infection, there's a pc on the network that doesn't even have an anti virus. i think it's the source
LVL 44

Expert Comment

ID: 10972826
OK it may be a virus but personally I have no idea what the name of it would be. There may be many various viruses out there that does it. To find where it is it may take scanning every machine connected to the network for viruses

Author Comment

ID: 10982181
I found a worm called mywife on a computer on the network, but it's not the one i'm after.
Anyway, it seems that my data is gone for good. The online scan is what helped me the most in here.

Thanx everyone
LVL 12

Expert Comment

ID: 10987446
The Experts Exchange Help Pages - About Closing Questions

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question