Missing Files - MalSign.Generic.87A

I'm working on a Lenovo C440 Win 8.1 (updated from 8) that will not boot, repair or refresh itself even if an 8.1 repair disc is inserted.

I pulled the HDD and attached it to a working PC. The first thing I noticed is it only shows one drive partition (normally Windows 8/8.1 shows multiple partitions).

When I went into the "Users" folder and clicked on the main account name, no folders (e.g. "My Pictures") or files showed up, even after setting things up to show hidden files (FYI, I'm attempting the file restore on a Win 7 64 Ultimate SP1 PC).

I did a full drive scan with AVG. It showed 16 entries of Found: MalSign.Generic.87A in a file called "SerialTrunc".

I let AVG remove the infections; however the folders and files noted above still don't show up.

Is it worth running something like 7-Data Recovery Suite on the drive and/or are there any malware programs that will reverse the damage and restore the files.

Naturally, this is a client who does professional photo editing and has no clue on what "backup" means. rolleyes

Thanks in advance for any help you can give.

 

Update: I finally got in touch with the customer this evening. After questioning her, it appears she had the ransom virus that threatened to (and did) delete her files after 72 hours.

I am reinstalling Windows from a DVD copy tomorrow since the "refresh" and "restore" options won't work. I have a feeling she will never forget the word "backup" again for the rest of her life.

 

The drive shows about 300GB of used space, so I suspect something is still on there. For giggles, I started 7-Data (picture/image only recovery option) on it before I left the shop this evening. I guess I'll find out when I go in Monday if they're encrypted or not.

 

Even though it appeared to be a variant of CryptoLocker (ransomware), I was able to recover about 50% of the .jpg files.

Given the amount of time it took, I will be tripling my fees effective with the next idiot I have to clean this type of mess up for.