Photos gone, then Avira disappears! Is a bug?

Hi,
I am a fairly experienced tech but have never seen this kind of problem before. This unit started popping up a message offering to do a system restore while I was doing other tasks. I just closed the popup and ignored it. The third time it happened it forced a revert to old restore point when I tried to close the popup. After the restart I noticed 100 of 200 pics in my pictures folder were missing, and not in trash. A search failed to find them. I will resort to forensic recovery tools once I eliminate the current threat. An Avira full scan found nothing. Then I went to look at the remaining pics. There were only a few left and the were being deleted one at a time as I watched! I was doing nothing, it was deleating all on its own. So I went back to Avira to do another scan and guess what? Avira was totally gone without a trace, not even a folder left in Programs. I do a search for Avira, it finds nothing. I never managed to get a screen shot of the System Restore popup.

Ok, I have dealt with some difficult threats, but I have never heard of a case like this. Should I just go for the full MG Cleaning Protocol or does this hdd need reformatting and a new OS?

Any insights welcome. Thanks!

UPDATE: Now Firefox has disappeared without a trace!

Samsung notebook NP-RV510-A0FUK
Win7 Home Prem x64, 3Gb ram, Celeron Dual Core T3500@2.1GHz
No SP1 installed, checking now I see it shows that it failed to install SP1, error Code 80004004 at last auto update.

 

Greetings, mannshands...

Yes - go through the Malware Forum's R&R thread asap...

Also, on the machine in question physically disconnect from the internet as a test - do you then see the symptoms (the disappearing act) stop? If so, then it's likely that your machine is being remotely controlled.

 

Hi Caliban,
The auto-deleting action has been observed both on and off line. The lost photos would be nice to recover, but everything else is backed up. So first I am planning on running RecoverMyFilesPro to see if I can find the photos. Then I will move on to the full MG Windows clean. What else do I need to do to prevent remote control? Botnets are active here in Spain.
Would using Samsung recovery to reset the OS to factory setting be quicker and safer?
Thanks
Mannshands:major

 

Just my opinion, but I would head to the Malware Forum's R&R as Caliban suggested. No need to take unwanted chances.

 

Good morning...

Navigate to Desktop > My Computer (or Start > Computer), right-click the icon, click 'Properties'. On the left hand side click 'Remote Settings' and open the 'Remote' tab. Check or uncheck the appropriate buttons (illustrated below) and click "Apply' and 'Ok'.
.

 

As an added preventive measure run services.msc and ensure that the Remote Access Auto Connection Manager and the Remote Access Connection Manager services are not started.

You should also invest in a good firewall software if your region is experiencing botnet activity - however, I advise waiting to do this until you've received the all-clear from the Malware Forum gurus.

 

Something like this used to happen at the last place I worked. People would try to copy a file from the corporate network to their desktop (or vice versa), and the file would simply disappear from both places. It only affected the few users who had Win 7. I kept XP until I retired so never personally experienced the issue. Also don't know what (if any) the fix was.

 

Thanks for the suggestions. I ran RecoverFilesPro and retrieved the lost files, so far so good. Scanned those...full of infections! Quaranteened the bugs, burned the files to dvd, made a Samsung recovery cd, then formatted hdd and reinstalled win 7. All nice and new again. Thanks again.:wave

 

Good job - nothing cures infections better than a good format. Thanks for the feedback, and good luck!