Posted 29 May 2011 - 02:09 AM
Ok, I was infected with the Windows Recovery Virus. I booted into safemode and began to run virus removal programs.
I first ran TDSSKILLER which removed 1 item.
Then I ran Malwarebytes which removed 4 or 5 other items.
To ensure before rebooting that nothing was left I ran Cleanup! to empty my temp files and RegSeeker's cleaning utility to remove any additional registry errors.
Once I rebooted into regular windows I ran command prompt and used attrib -h *.* /s /d to unhide my files and folders. I also ran unhide.exe and unhider.exe to ensure that all files should be visible. I did recover most of my files in this manner. The background on my windows is basic blue so the background was changed but that is no serious issue. Most of my icons were back I was missing my firefox icon and maybe one or two others. In the start menu about half of my slide outs are available but under them there is no actual program listed as they are all (empty). One important thing I noticed was that all of my excel files are gone. The folders they were in are there and other files in the folders (pictures and other file types) are there but the .xls and .xlms files are all missing. I haven't noticed anything else missing. I did notice on one site that many files for someone else were transferred into temp folders and by me running cleanup! may have wiped any folder like that clean.
So I ran 2 or 3 undelete programs to see if maybe the file had been deleted. I did not find any excel files had been deleted. So I am confused if they haven't been deleted and they aren't hidden and search isn't finding them then they must have been renamed perhaps? I tried restoring to a previous point but all of my restore points do not work. I have had previous trouble in the past getting them to complete the save points so I believe all of them are corrupt or incomplete. That is not due to this virus as it was happening prior to the virus. I am planning to wipe the system as my laptop has a thinkvantage ability to restore to factory settings which may be easier than dealing with where the virus has left me. However, I cannot find the excel files to back them up to my external storage drive.
I was wondering if windows has a log of actions to show maybe what they could have been renamed to or any suggestions on recovering the excel files before I give them up for lost?
My current system is Windows XP.