Malware on SD cards, can I save the files?

Welcome to MajorGeeks!

To eliminate the obvious - is the SD card's switch in the "Unlocked" position? Is the card in a built-in multicard reader or a USB cardreader ---> tried changing the device used to read it?

Also try the below:
Step 1:
Please have all your removable storage devices ready for disinfection.
Download Flash Disinfector by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it.
• Your desktop and icons may disappear. This is normal.
• It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
• Follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• There will be no GUI interface or log file produced.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Step 2:
The following assumes that your SD Card drive letter is G - change it to the correct letter assignment if needed.

• Click on "Start" -->Run --> type cmd and click on OK.
• Enter this command.
  
  
  Code:

  [b]attrib -h -r -s /s /d [color=darkgreen]g[/color]:\*.* [/b]

• NOTE:You can copy the above command --> Right-click in the Command Prompt and paste it.
• Press Enter

Are your files now visible on the SD Card? If so, please do this:

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

 

Then continue on and skip the flash disinfector step and follow the rest of the instructions that Dr Moriarty gave you.

 

Things seem to be pointing in that direction - I now need to review the logs created from running the tools listed in the READ & RUN ME FIRST. Malware Removal Guide.

Please complete the steps and attach the requested logs.

dr.m