External HardDrive - folders

Hello everyone,

Recently my computer contracted a virus called WindBlade. After I have identified the virus, I backed up many folders of files using a harddrive. Then I recovered/reimaged the computer and the virus was off of my computer for good.

HOWEVER, all the folders in my harddrive have been turned into .exe's. I tried renaming them, removing the ".exe" under properties, but then the new copy turned into DOS shortcuts!!

I've run 2 virus scans (different softwares) on the drive, there was no virus (detected, at least). So could someone PLEASE help me? I used that drive to back up ALL my previous files! And now they're the only copies.

Thank you so much!

 

Hi Tim, thanks for the reply!

I tried and it didn't work. The folders (now .exe's) cannot be opened at all. And at the same time Norton detected virus/trojan in it, and went in an infinite loop of displaying 2 error messages. I've ran a scan with norton earlier, tho it didn't pick up any threats.

Is there another way?

 

I only scanned the external drive. 12 wereDetected/Disinfected, here's the report:

Incident Status Location

Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074878.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074879.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074880.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074881.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074882.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074883.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074885.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074886.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074887.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074888.exe
Virus:Trj/WindBlade.A Disinfected F:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP475\A0074889.exe
Virus:Trj/WindBlade.A Disinfected

 

Um, not really. The files are still the same format, and now, before I even click on any icons to open, norton picks up with the 2 high risk alerts... and get stuck in a loop again. So I will have to restart >.<

 

18 Spyware that were not disinfected.

 

I've deleted all of them.

 

Backing up files from a heavily infected system has a high chance of infecting the backup medium. There is less risk if you use a CD/DVD, because the virus would then have to infect your burning software first. Hard drives or floppies are almost certain to get infected, even if you do not copy any files onto them.

Is there another name for this virus? It does not seem to exist on the internet...

 

Hello,

This is the only name I am aware of. So far, googling has only led me to 2 forum links, where 2 users have described the effects of this virus (exactly as it appeared to me) with no solution yet. I've contacted Norton, and was told that the virus is most likely very new.