strange virus fills up hard drive (screenshots included)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by haryanto, May 23, 2005.

  1. haryanto

    haryanto Private E-2

    Summary: new folders and files with wierd filenames appear on my desktop. i restart the computer but get stucked while booting. later find out virus had filled up my hard drive with those files and all my folders dissapear except windows and program files. wat virus is this? can i still recover my files?

    The whole story: Hi people, please help me. I feeling at a loss because i think i’ve just lost 100 GB of data from my hard disk due to a strange virus. Few days ago i opened adobe photoshop and 2 error windows poped up both saying something about windows/system32/xxx.dll file. I think one of them was twain.dll or smth. I just pressed ok to both boxes and continue. Then later when i wanted to save my work to the desktop, i find out that there were about 10 new folders and another 10 unidentified files on my desktop! This really shocked me. The folders are empty. And both the folders and the unidentified files have un-readable filenames. When i right click properties it shows that they take 0 bytes space.

    [​IMG]

    After i saw all these strange files i had enough so i decided to restart the computer. Then i got stucked at that boot screen? I don’t know what it’s called that black screen. After it checks the master and slave drive things, i go to this black screen. There is a cursor at the top blinking and then it goes down one line and continues blinking. After that it just get stucked there everytime. I can’t even enter Windows.

    So i decide to install windows xp to another hard drive i got. A seagate 80GB ide hard drive. After i installed windows xp to this drive, i tried to connect the 200GB hard drive (F: drive -> the one which won’t startup/with the virus/with all the files) to this 80GB (C: Drive) thinking i can simply transfer my files over. I was wrong. It turns out the 200GB hard drive only had 3 folders left! And all of them can be opened except the Windows one.
    - F:\Windows
    - F:\Documents and Settings
    - F:\Program files
    - F:\CanonMP (hidden) -> printer folder

    [​IMG]

    Avast antivirus scan
    [​IMG]

    I used to have a folder “F:\Everything” which, yes -_-, i put everything in. It has now dissapeared. So i assume its gone. However, the strange folders and files were still there. And these unidentified files are so huge in size! They are 1-3 GB each! Just those 10 files or so take up 47GB! Then i immediately checked my F: drive space. My 200GB(186GB) hard drive only had 770MB left!

    [​IMG]

    I think the aim of this virus is to bombard the computer with huge files to fill up the whole hard drive and maybe erase existing files in the process.

    I restarted my computer and they demand to check for the consistency of the F: drive. Check disk marks all the system32 files as invalid. For eg. “the size of /windows/system32/xxx.dll entry is not valid” or “/windows/system32/xxx.dll entry contains a nonvalid link.” Now check disk is still running after 2 hours. I has been showing “Bad links in lost chain at cluster XXXXXX corrected” for more than an hour. It is now at “Bad links in lost chain at cluster 381598 corrected” as i’m writing and it keeps on running.

    Should i stop running this check disk? If no, how long will it take?

    Most importantly, can i still recover the lost data in the hard drive?

    Any help will be very much appreciated, thank you.
     
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Thge main issue here is to back up your data asap. If it has not been deleted, you can burn it to CDR, but keep in mind, you MIGHT transfer that virus in the process, so I would clean your machine of the virus if possible first. This one looks like such a nightmare, if it were me, I would save anything I could and format it and reinstall your operating system. Forget Checkdisk or any system tools right now, they will not be accurate.

    I would try and get to safe mode and do a complete online virus scan, otherwise, before we can procedd, you need to run the tutorial.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds