• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 581
  • Last Modified:

Files disappeared from flash memory ... virus behaviour

Dear Experts,

I have a flash memory with more than 1.3 GB of data. suddenly all files on the flash memory have disappeared!! I display hidden and system files but no files appeared.
 Files in the flash memory
I checked the size of the data on the flash memory and it shows as below:
 Data size on flash
This problem happened with me in before by a virus and files was recovered by running the following command:
 
attrib -r -s -h H: /s /d

Open in new window


This time it is not working with me, it seemed the virus gets stronger and it is not detected and it's effect is not recovered.
I also tried to recover the files using Files Recovery programs, but does not work. The OS dealing with these files as existing files, but can't display them!! I think something wrong with the FAT table.

please any help in this issue.

Regards,
Anas
0
ashunnag
Asked:
ashunnag
  • 5
  • 5
  • 2
  • +1
2 Solutions
 
houssam_balloutCommented:
DID you try it on another computer?
0
 
dbruntonCommented:
Try data recovery tools.

GetDataBack http://www.runtime.org/data-recovery-software.htm

Free to try.  If it sees the files you pay for the full functions.  

But do this on a machine that does not have viruses.
0
 
ashunnagAuthor Commented:
@houssam: yes I tried them on other PCs, but looks like FAT table corrupted on the desk.

@dbrunton: tried this but looks like recovering old deleted files not the one existing on it. the problem is that it is recognizing these files as deleted files, it recognise them as existing files but can't view them.

any help?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
houssam_balloutCommented:
so, the full version I think will let you view them...
0
 
dbruntonCommented:
So try Recuva http://www.piriform.com/recuva/download and see what it can do.
0
 
ashunnagAuthor Commented:
No luck still the same.
did anyone know how I can read the content of FAT table?
0
 
dbruntonCommented:
You could try TestDisk.

TestDisk http://www.cgsecurity.org/wiki/TestDisk

Tutorial http://www.cgsecurity.org/wiki/TestDisk_Step_By_Step

But if GetDataBack and Recuva aren't seeing anything you have serious problems.  Also look at Photorec http://www.cgsecurity.org/wiki/PhotoRec
0
 
ocanada_techguyCommented:
What does it look like under Disk Management?
0
 
ashunnagAuthor Commented:
It looks as I have more sophisticated problem. I can't format the flash mem. now :(
0
 
dbruntonCommented:
That seems like faulty memory.  But if you could format it then you'd wipe out anything that was there.
0
 
ashunnagAuthor Commented:
yes I am thinking to format it then use data recovery tool to get as much of data back. but looks like wouldn't be formated.
How I can format it? in windows it says "Format can't be completed"
0
 
dbruntonCommented:
Formatting will only make the problem worse.

Two methods

http://www.ehow.com/how_2006214_format-flash-drive.html
http://www.quickonlinetips.com/archives/2005/08/fix-format-usb-flash-drives/

But if you've tried and are getting that error the disk is bad.
0
 
ocanada_techguyCommented:
This could also be if the flash stick had encryption.  Depending on the OS version(s) used with it, you ought to have been prompted to "save" the encryption key when set-up.  After that, on that box it works seamlessly... but... try to mess with it on a box that does not have the encryption key and it seems like the stick is much smaller or non-existant as the area with the content is completely hidden.  It really sounds like that is your problem.  Do you recall at all anything about this stick offering to password protect back when you first used it?

With hard disk, failing to do the "safely remove" before unplugging can result in corruption, and while flash sticks are somewhat less vulnerable, sometimes a machine could have a badly written driver that does too much caching fail to write out to the drive without a "safe to remove" triggering it.  Normally Windows is supposed to detect whether the drive is removable and then adjust the behaviour accordingly, but XP is infamous for defaulting to caching for performance as default whereas Vista/7 default to optimized for safe removal.

You are correct that it's not out of the question that a malicious virus could try to corrupt a flash drive.  How many different machines have you connected it to, and have you checked all those machines to see if they have active up-to-date anti-virus and scanned with it?
0
 
ashunnagAuthor Commented:
looks like the flash memory is corrupted ... anyway, thanks all for assistance.

Regards,
Anas
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now