ehanner
asked on
All JPEG files gone
A friend brought me his laptop that was having trouble launching into Vista. I was able to run the launch repair and get it to boot. There was a screen saver text message saying there were no images or videos in a certain location. I dumped the screen saver routine and ran Avast in normal and safe mode. It found something in normal and two infected files in Safe mode. One had the word Kill App in the w32 description and I don't remember the other. Before I started the scan, I noted the structure of folders in the Pictures directory, each with JPEG image files. After the scanning and removal of the infected files, the image folders are gone as well as the files located inside.
To be sure I was able to view the files properly, I DL a JPEG image to a location, checked it was there and it open in windows photo viewer fine.
Even the sample images in the pictures folder are gone.
I have heard of such virus attacks but have not seen it personally. I'm guessing the file extensions have been changed some how and that the actual files may still be around.
Does anyone have a solution for finding the folders and files that are gone?
To be sure I was able to view the files properly, I DL a JPEG image to a location, checked it was there and it open in windows photo viewer fine.
Even the sample images in the pictures folder are gone.
I have heard of such virus attacks but have not seen it personally. I'm guessing the file extensions have been changed some how and that the actual files may still be around.
Does anyone have a solution for finding the folders and files that are gone?
wuyinzhi
Set your folder options so it can view hidden files and system files (Folder Options - View - check Show hidden files and folders, uncheck Hide protected operating system files). If the files not appear, maybe the files was deleted by virus.Then you can try recovery application like Recuva (http://www.undelete-plus.com/files/undelete_plus_setup.exe) or Undelete Plus (http://www.undelete-plus.com/files/undelete_plus_setup.exe) to search n recover deleted files.
sorry typo, recuva: http://www.piriform.com/recuva
probably marked as hidden as noted above, if they are "gone" try and avoid doind anything and then run some file recovery tool such as ontrack easy recovery. Ideally with the hard drive removed and put into a usb cradle in another machine as any temp files created or new files saved could overwrite any deleted files.
my money is still on the folders being marked as hidden though as this is a common;ly annoying "feature" of some recent viruses
my money is still on the folders being marked as hidden though as this is a common;ly annoying "feature" of some recent viruses
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The Vista Home Premium version does not have an interface for Shadow Copy. However the article you sent me to showed me how to DL and run Shadow Explorer. All I had to do was select the date and time yesterday when I started to work and BANG there were the missing folders and files. Interesting that the basic versions of Vista have this shadow copy feature running in the background in all versions, using up 15% of the disk space but don't give you a way to use the feature. I'm very happy it exists.
thanks for the feedback - and glad you have everything
ASKER
I spoke a little to soon it seems. After exporting the folders/files over to an external drive, I still couldn't see the files. I could in Shadow Explorer but not in Explorer or for that matter in my computer. I had to go into folder options and check the "show hidden files" button. It all seems to be OK now.
>> I had to go into folder options and check the "show hidden files" button << t view the files? you should not have to do that; maybe the hidden attribute is on
in that folder, open a cmd, and type attrib what does it show? if it displays h, you can run attrib -h
in that folder, open a cmd, and type attrib what does it show? if it displays h, you can run attrib -h
ASKER
Interesting nobus. I did have an h in the attrib query. I ran the -h and that was successful but I still couldn't see the files. I went to the primary folder property settings and checked the hidden box and the applied it and reversed the hidden attribute. That worked for some reason.
After all this I wasn't liking the way the Vista Home Premium was working. I couldn't run the win-7 upgrade checker for example. It would error out when trying to run. Bottom line, I convinced the guy who owns this box that 7 would be better overall. So I saved the goods and reformatted the drive after all.Reinstalled the Vista OS so I could upgrade and tried the upgrade adviser again, it worked now. I have installed 7 Ultimate and it runs great. The virus must have hosed some OS files. Learning about the shadow copy in Vista Home running makes all this worth worth while. Thanks again for your help with this.
After all this I wasn't liking the way the Vista Home Premium was working. I couldn't run the win-7 upgrade checker for example. It would error out when trying to run. Bottom line, I convinced the guy who owns this box that 7 would be better overall. So I saved the goods and reformatted the drive after all.Reinstalled the Vista OS so I could upgrade and tried the upgrade adviser again, it worked now. I have installed 7 Ultimate and it runs great. The virus must have hosed some OS files. Learning about the shadow copy in Vista Home running makes all this worth worth while. Thanks again for your help with this.
i was also grateful to learn it's existence...