Win7 - System Unusable after virus detection
F-Secure detected and quarantined a couple of files indicating it detected virus W32/Malware.593e93!Online.
IIRC a dialog indicated that to complete the quarantine process it needed to reboot the system. After rebootubg the system is completely unusable. I'm able to start windows file explorer and poke around but C:\Users\<my user directory> is gone, c:\Program Files is gone, C:\Program Files (x86) gone, along with a bunch of other stuff.
I ran the F-Secure rescue cd and indicated that no virus was detected. (Which I thought was odd since there is a tar file with the quarantined files still on the system...
All the files are still there windows just can't see them.
Any suggestions on what this might be or how to recover without having to completely rebuild?
you can try to unquar the files. Go to the end of the tread there are instructions
This sound to be symptoms after a rogue infections, all your files and folders should be still on your system but attributes was set to hidden by the rogueware.
1. Try set to view hidden files in Folder Options.
- Open Folder Options.
- Select Show hidden files, folders, and drives.
- Uncheck the Hide protected operating system files box, click Yes.
2. Unhide your files and folders.
- Go to Computer > c:\
C:\Program Files (x86)
C:\Windows and any of your other folders.
- Right click > Properties.
- Uncheck Hidden, click Ignore all when prompt.
I tried un-hiding the directories that had been hidden and that made things marginally better but there was still a number of applications that I couldn't get to a lot of preferences and desktop items that would not work, and the start menu was still missing applications.
I ended up booting from the windows installation cd and going back to a restore point prior to the virus infection which seems to have done the trick.
It looks like whatever site we visited dropped a number of viruses. When I un-hid one of the directories an icon showed up on the desktop called "System Restore" that pointed to an executable that I had already manually cleaned up.
Thanks for the help and hopefully this won't happen again.