Solved

A virus setting file sizes to 0!!!

Posted on 2004-05-01
12
207 Views
Last Modified: 2013-12-04
Hi,
My problem is simply that i got infected with a virus (i think) that set all files in the folder it affects to a size of 0. Infected folders containt the file "tmp.tmp". The problem is that the files are not deleted, they are still there but with a zero size. Which makes me unable to recover them with regular HD recovery programs. I treid Final Data and it didn't help. It affected all types of files and i lost about 35 GB of music. I think i got this virus from the network i'm on since it's only present in folders that i'm sharing on the network. I'm using an updated NAV for virus protection and ZoneAlarm as a firewall.

Anyone can provide me with information about that virus?
Is there any solution for this problem (getting the files back) ?
How to protect my pc against this virus?

Regards,

0
Comment
Question by:slimfady
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
Well perhaps another data recovery program may work

Take a look at this comprehensive list of file/data recovery programs and services.
http://crazyone.tekmasters.com/datarecovery.html
0
 
LVL 11

Accepted Solution

by:
ghana earned 225 total points
Comment Utility
> Anyone can provide me with information about that virus?
I think there are several file viruses that does have this kind of payload. You need an antivirus software that will detect this kind of malware and give it a name (see suggestion below).

> Is there any solution for this problem (getting the files back) ?
The link offered by CrazyOne is an excellent resource!

> How to protect my pc against this virus?
I would try some other virus scanners. Because you have already installed an antivirus software you must not install another one that comes with a realtime scanner. So you can use online virus scanners or on demand only software:

BitDefender Free Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Panda ActiveScan: http://www.pandasoftware.com/activescan/
Trend Micro HouseCall: http://housecall.trendmicro.com/

BitDefender Free Edition doesn't have a realtime scanner. Because of that this  software can be used as a second antivirus software. The other ones are online scanners, without realtime scanning capabilities too. All of them are free. I hope that even one of these programs will be able to detect the virus on your computer and tell us a virus name. This would help us to find information about it.
0
 

Author Comment

by:slimfady
Comment Utility
All those virus scanners could not detect the virus. It seems that the virus is not on my pc or maybe it just came from the network.
For the recovery, most of those programs recover deleted files. Files in this case are not deleted, they are overwritten with blank data (they still exist with size 0). So, any way to get them back to normal?
0
 
LVL 11

Expert Comment

by:ghana
Comment Utility
Is your computer part of a network? If not then your machine could have been hacked. In this case I would format the hard disk drive and begin with a new operating system installation.

If your files were overwritten then you can't recover the previous data. That's my knowledge. But I've heard from data restore companies that claim that they were able to restore even overwritten files. But you have to pay thousands of dollars for that.
0
 

Author Comment

by:slimfady
Comment Utility
You're right, i'll format the hard drive anyway. The thing is that i don't think that i have the virus anymore, it's illogical that all those virus scans are unable to find one. I think that one of the computers on my network has the virus. The virus only attacked folders that i'm sharing on the network.  
I also asked a data restore company and they said that they can restore my data. This what gives me the hope of getting back overwritten files.
0
 
LVL 12

Expert Comment

by:trywaredk
Comment Utility
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:slimfady
Comment Utility
thanx,
since it seems that no one can solve the issue of restoring the files,
All i need now is the virus name.
can anyone find that?
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
I think ghana is correct that the system was hacked rather than a virus doing this.
0
 

Author Comment

by:slimfady
Comment Utility
we'll i don't think it's a hacker, cuz i know a lot of people who also got this infection, there's a pc on the network that doesn't even have an anti virus. i think it's the source
0
 
LVL 44

Expert Comment

by:CrazyOne
Comment Utility
OK it may be a virus but personally I have no idea what the name of it would be. There may be many various viruses out there that does it. To find where it is it may take scanning every machine connected to the network for viruses
0
 

Author Comment

by:slimfady
Comment Utility
I found a worm called mywife on a computer on the network, but it's not the one i'm after.
Anyway, it seems that my data is gone for good. The online scan is what helped me the most in here.

Thanx everyone
0
 
LVL 12

Expert Comment

by:trywaredk
Comment Utility
The Experts Exchange Help Pages - About Closing Questions
http://www.experts-exchange.com/Security/Win_Security/help.jsp#hi9
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now