Recovering files from a Virus-infected Hard Drive Windows XP

Posted on 2012-09-06
Last Modified: 2012-09-06
Our clerk has a virus-infected hard drive on a home computer that we provided for off-site work (so I have to support it.)  Crash was over the weekend, and she took it to a local guy first since I was not available.

Anyway, now I have the drive.  My usual method for dealing with this situation is to add the infected drive as a slave on a working computer.  I did so, and when I booted the computer, it ran Scan Disk on the new drive.  I saw some index issues that were apparently repaired, got busy with something else, and suddenly got the login screen.  It was much quicker than I expected, but apparently everything was working fine.  The bad drive showed up as drive D.

In MY COMPUTER, Drive D was visible, but displayed no files.  On a whim, I had my antivirus (Kaspersky) do a "Scan Now" on the disk.  It displayed the files being scanned, and they were all there.

So here is my problem.  The files still exist on the harddrive, but don't display so I can pull them off.  Is there a way I can still get to them?
Question by:srsdtech
    LVL 6

    Accepted Solution

    Go to the D drive and folder options/show hidden.

    The drive is infected.  Once you rescue your files, get it back in the machine and run malwarebytes and combofix.  Before running combofix disable AV and AS software.
    LVL 28

    Expert Comment

    Leave the drive connected to your computer and boot with a Knoppix disk.

    You then should be able to either copy the files to your hard drive or a flash drive.

    After the files are copied and safe you can then format the infected drive and reinstall.

    On my home computer I have a 160GB drive installed with Knoppix and when I get an infected drive from someone I connect their drive to my computer and boot into Knoppix to access it.

    This protects my real hard drives from infection and works very well.
    LVL 95

    Expert Comment

    by:Lee W, MVP
    I agree, it sounds like the files were all hidden and your computer hasn't been set to show hidden files.  Adjust the Explorer options to show all hidden files and you should see everything.  (My usual config for any machine *I* work from is in the image below).

    Explorer Settings

    Author Closing Comment

    Wow.  I can't believe it was that easy.  I never would have thought of the hidden filese thing.  One more trick for my book.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
    First I will try to share a design of a Veeam Backup Infrastructure without Direct NFS Access backup.  ( Note: Direct NFS Access backup …
    In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now