Problem accessing files in portable HDD - virus infected

Sarath

iDota
I recently lent my portable HDD to a friend and on returning it seems to have become a dud. All my folders appear as short cuts which link to the same file "G:\teudu.scr". G drive is the port HDD. I ran a scan to find a few viruses which I failed to note down (my bad) using Avast.

The HDD still shows as 580GB occupied which makes me believe my data is still there. I want to know how I can access or recover this data.

:(
 

Vignesh B

Youngling
Allow showing hidden folders and important system files. You will find the original data hidden.
Btw delete that teudu.scr file immediately.
 

whitestar_999

Super Moderator
Staff member
almost all viruses simply hide the data by making it system file/folder which are hidden by default in windows.either unhide them using folder & search option in organize tab in explorer or access the hdd using live linux.
 

Vignesh B

Youngling
On a side note, henceforth if you are giving your flash drive/external hard drive only for giving data, enable write protection on it. It can prevent getting infected.
There are plenty of software(s) out there doing the job.
 
On a side note, henceforth if you are giving your flash drive/external hard drive only for giving data, enable write protection on it. It can prevent getting infected.
There are plenty of software(s) out there doing the job.
Nice tip :) BTW can you post links of some similar software?
 
OP
Sarath

Sarath

iDota
Thanks a lot for that info. I have been able to retrieve some of the files. Although there seems to be a problem. Like I mentioned, the "some" folders I could retrieve are all single named folders. When I try to retrieve folders with long names with 2-3 words it gives the following message - "Parameter format not correct"

Eg: attrib movies -h -r -s (works) but if the file name is longer than something like attrib music 2012 -h -r -s gives the error I mentioned above.

Please help with this

Please suggest a free AV to your friend.
My friend lost her laptop and got an older replacement, one which was infected. I will surely send the message :)

On a side note, henceforth if you are giving your flash drive/external hard drive only for giving data, enable write protection on it. It can prevent getting infected.
There are plenty of software(s) out there doing the job.

Well, I always keep my HDDs to myself and I do not use others pen drives either. I don't know when it was taken away. But that sure is a good suggestion for times when hiding the HDD in the closet doesn't work :)
 
Thanks a lot for that info. I have been able to retrieve some of the files. Although there seems to be a problem. Like I mentioned, the "some" folders I could retrieve are all single named folders. When I try to retrieve folders with long names with 2-3 words it gives the following message - "Parameter format not correct"

Eg: attrib movies -h -r -s (works) but if the file name is longer than something like attrib music 2012 -h -r -s gives the error I mentioned above.

Please help with this


My friend lost her laptop and got an older replacement, one which was infected. I will surely send the message :)



Well, I always keep my HDDs to myself and I do not use others pen drives either. I don't know when it was taken away. But that sure is a good suggestion for times when hiding the HDD in the closet doesn't work :)
> Enclose the multi word file names in double quotes, like: attrib "music 2012" -h -r -s
 

Vignesh B

Youngling
Nice tip :) BTW can you post links of some similar software?

Well, I always keep my HDDs to myself and I do not use others pen drives either. I don't know when it was taken away. But that sure is a good suggestion for times when hiding the HDD in the closet doesn't work :)

here's a simple one usb write protect
In fact there is an inherrent issue with the write protection softwares.
All they do is manipulate the registry key on the local PC that prevents the legitimate OS from writing to the USB drive.
A compromised system is not likely to 'honour' that setting, and for that matter, you can have a chicken and egg scenario if the utility that prevents the PC from writing to the USB drive is ON the USB drive, and hence you have to stick the drive into the (non-write-disabled) system before you can turn off the 'write to usb' capability. If you seriously want a USB flash drive to be protected, you need one with a feature (hardware switch is probably best) that enables you to 'lock' the drive from being written to.

Another work-around is the following script.
:Write Protect Drive::Description: This script will write protect a flash drive by using all the remaining free space.
::Modification: modifications are clearly marked by the <MOD> and </MOD> flags
::Last Synced with Awesome Script Version 1.3.5
::Author: xorangekiller
::Released: 10 December 2009
@echo off
::<MOD> the following code did not exist (it was handled by the awesome script)
:start
::set the default errorlevel
set exitCode=0
::change the starting directory (if necessary)
set firstdir=NULL
if "%cd%\"=="%~dp0" goto writeprotect
set firstdir=%cd%
cd /D "%~dp0"
::</MOD>
:writeprotect
::attempt the write protect the drive (presumably a flash drive) by creating a dummy file to use all remaining free space
::this prevents viruses and such from attaching themselves to files or copying themselves to your drive
::this does NOT, however, prevent files from being deleted and replaced!
::<MOD>set current=writeprotect</MOD>
fsutil 1>nul 2>nul
if %errorlevel%==1 goto writeprotectNoAdmin
:writeprotectDialog
echo.
echo Write protect the specified drive by using all available free space.
echo.
echo To protect the current drive just type "current" at the prompt.
echo.
set /p userinp=Which drive would you like to protect?
::special cases of the variable
if "%userinp%"=="" set userinp=%cd%
if "%userinp%"=="current" set userinp=%cd%
::check to make sure that we have a drive path
if not "%userinp:~1,1%"==":" goto writeprotectPathError
::eek:nly use the drive letter, colon, and slash regardless of the path entered
set userinp=%userinp:~0,3%
if not "%userinp:~2,2%"=="\" if not "%userinp:~2,2%"=="/" set userinp=%userinp%\
::this check was implemented because of Cooper... DO NOT TRY TO WRITE PROTECT YOUR C: DRIVE!
if "%userinp:~0,2%"=="%systemdrive%" ( echo.
echo Error! You are attempting to write protect your system drive.
::according to my PL (Dave DiCarlo) using rehtorical questions in this manner is something New Yorkers primarily do
echo Are you sure you want to do that? I don't think so!
echo.
echo Press any key to try again . . .
pause >nul
::<MOD> "goto start" is not the proper reference
goto writeprotect )
::</MOD>
::create a directory to hold the (potentially large) number of dummy files
::set /p userinp=%userinp%IamDummy\
::mkdir %userinp%IamDummy
setlocal ENABLEDELAYEDEXPANSION
:writeprotectCreateLoop
set bytesfree=0
::capture the bytes free determined by dir and remove the commas (because fsutil doesn't like those)
for /f "tokens=3-6 delims==, " %%a in ( 'dir "%userinp%" ^| findstr /C:"bytes free"' ) do ( if %%a==bytes goto writeprotectEndLoop
if %%a GTR 0 set bytesfree=%%a
if %%b==bytes goto writeprotectEndLoop
if %%b GTR 0 set bytesfree=!bytesfree!%%b
if %%c==bytes goto writeprotectEndLoop
if %%c GTR 0 set bytesfree=!bytesfree!%%c
if %%d==bytes goto writeprotectEndLoop
if %%d GTR 0 set bytesfree=!bytesfree!%%d
if %%e==bytes goto writeprotectEndLoop
if %%e GTR 0 set bytesfree=!bytesfree!%%e)
::the EndLoop label is a hack to break the loop if necessary
:writeprotectEndLoop
::it is absolutely necessary to check if there is no space left free and break the loop
::although there IS such a number as infinity most computers cannot reach it within a reasonable amount of time
::so this is a good "workaround"
if %bytesfree% EQU 0 goto writeprotectComplete
::1024 Bytes = 1 Kilobyte; 1048576 Bytes = 1 Megabyte; 1073741824 Bytes = 1 Gigabyte
::1 gigabyte in bytes
set gb=1073741824
::determine the dummy file(s) to create
if %bytesfree% GEQ %gb% set bytesfree=%gb%
set filenum=0
::check to make sure that the dummy file does not already exist... it causes problems
:writeprotectFileNumCheck
if not exist %userinp%IamDummy%filenum% goto writeprotectCreateDummy
set /A filenum=%filenum%+1
goto writeprotectFileNumCheck
:writeprotectCreateDummy
::create a dummy file
::echo Writing file %userinp%IamDummy%filenum% of size %bytesfree% . . .
fsutil file createnew "%userinp%IamDummy%filenum%" %bytesfree%
::check to see if we need to repeat the procedure with another dummy file (recurse)
::although infinite looping is generally not a good thing batch gives us no choice
::"The time has come for the cobra to come up and reveal himself. You will call me - Commander."
goto writeprotectCreateLoop
:writeprotectComplete
endlocal
::brag by printing a message informing the user that we did our job successfully (hopefully, bytes free should be ZERO)
echo.
dir "%userinp%" | findstr /C:"bytes free"
echo.
pause
::<MOD> "goto start" is not the proper reference
goto end
::</MOD>
:writeprotectNoAdmin
echo.
echo ERROR! You need administrative privileges to run this function!
echo.
pause
::<MOD> "goto start" is not the proper reference
goto end
::</MOD>
:writeprotectPathError
echo.
echo ERROR! You must enter a valid drive path!
echo.
echo Example: %cd:~0,3%
echo.
set /p userinp=Continue or Quit (C\Q)?
set userinp=%userinp:~0,1%
::<MOD> "goto start" is not the proper reference
if "%userinp%"=="Q" goto end
if "%userinp%"=="q" goto end
::</MOD>
goto writeprotectDialog
::<MOD> the following code did not exist (it was handled by the awesome script)
:end
::revert the current directory (if necessary)
if not "%firstdir%"=="NULL" cd /D "%firstdir%"
::exit the script but not cmd.exe
exit /B %exitCode%
::</MOD>
Disclaimer : Its not my script.
 

whitestar_999

Super Moderator
Staff member
^^correct.only reliable way to prevent pen drive modification is by using a hardware lock because viruses/malware on an infected pc have full authorization to overcome any software based restriction & they also modify/replace files beside writing new ones.
 

coderunknown

Retired Forum Mod
one of my pen drive was infected by a virus with similar symptoms. all i did was scan the pendrive with avast and then perform a error checking. and it was back to normal. all the folders back to normal.

i guess Sarath's problem is already fixed.
 
Top Bottom