Questions

HELP! Where did my desktop icon, music, pictures, and videos go?

Tags:
+
0 Votes
Locked

HELP! Where did my desktop icon, music, pictures, and videos go?

macwhallup
Ok so i was on the internet an i started getting trojan viruses an little bubbles kept poppin up saying how i could possibly loose my personal stuff if i dont get the virus in time...well..guess i didnt get it in time. so i downloaded uhm.. malware? an it cleaned everything up nice worked great...but it left my desktop blank i cant find my music but i got my itunes music still ALL my photos are gone my movies videos most of my stuff..gone but get this..i went to go put the itunes icon back on the desktop an some other icons i had on there before i droped it on the desktop an it says move an copy? copy an overwrite. like the icons are there but invisible. i still got my start menu still but its empty like under all programs all gone i dont get it i mean i dint back nothing up on my hard drive..i dont think idk someone PLEASE help me out it would be so appriciative
  • +
    0 Votes
    OH Smeg

    As to how you get rid of it that's a different story.

    You first have to find out what you have infected your computer with before you can take steps to Exterminate it.

    Try scanning your computer in Safe Mode with your Installed AV product that may revel something. As you have some form of Windows to load Safe Mode all you have to do is Press and Hold down the F8 Key when the BIOS Screen appears till you get a White on Black Screen and then use the Arrow Keys on the Keyboard to highlight Safe Mode and then press Enter.

    If that doesn't work you can try using Malware Bytes which you can download and use free from here

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10878968

    Both of the above may not be able to clean the system depending on what it is you have infected the computer with but at the very least they should tell you what the name of the infection is if nothing else then you can goggle a possible cure.

    Col

    +
    0 Votes
    Galeazzo

    A very good and informative article indeed . It helps me a lot to enhance my knowledge, I really like the way the writer presented his views.
    <a href="http://www.donnecercauomo.com">donna cerca uomo</a> ; Very good article from the article you increase the value of information has brought me great help.
    <a href="http://www.fuoristradausati.net">fuoristrada usati</a> ; thanks very much
    <a href="http://www.suvusati.net">suv usati</a> . bye

    +
    0 Votes
    seanferd

    Those bubbles popping up were part of the attack to get you to install the trojan. <b>Never click anywhere on those popups unless you know they belong to your AV or Windows or another security app you have installed.</b> Just close the browser. If it won't close, kill the process, and/or unplug your network cable - whatever you can do the quickest. You can also try a hard shutdown when you first see a popup, but best not if it has already been any length of time, as a reboot can then finish installing malware rootkits. Better to scan first in that case.

    Now, maybe your files are trashed, or maybe everything is just hidden. You can try cleaning the system from Safe Mode after turning off System Restore with http://malwarebytes.org . You probably want to have a go with a rootkit scanner like Rootkit Revealer http://technet.microsoft.com/en-us/sysinternals/bb897445, and AutoRuns can help you see anything wrong in startup entries http://technet.microsoft.com/en-us/sysinternals/bb963902 .

    Check your Desktop - right click it → Arrange Icons By → Show Desktop Icons. If that fixes one symptom, this may not be too bad.

    But your best bet is just to get your files off the drive, then nuke and pave. So, get something to which you can copy your files - another drive, or an external drive housing to connect your drive to another machine.

    Then you want to look for your files with the OS offline, if the malware couldn't be removed, or if stuff is still broken or hidden. So, boot the machine from a Live CD. You can go for one just to look for the files, or you can try one with recovery tools or AV. But to save your files, you definitely need one that can read your disk and move files to another. Knoppix works well for this, giving you a GUI file manager. http://www.knoppix.net/

    More: http://www.ultimatebootcd.com/
    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Once you have recovered your files, wipe the drive (not the recovery partition, if your system vendor provided one) with http://www.dban.org/ then reinstall Windows via whatever method you have - CD/DVD or recovery partition.

    +
    0 Votes
    AnsuGisalas

    Perhaps even Malwarebytes Antimalware...
    As I read it, he's complaining that he lost files in the cleanup.

    Of course, it actually sounds like he got a fake AV attack, and followed its "advice". So he could have a rootkit by now.

    +
    0 Votes
    seanferd

    Which is why I'm suggesting a solution for finding the files, if they exist. Probably too much stuff is broken to fix manually, but that is why I suggest the desktop icon fix to test.

    For such a potentially destructive bit of malware, I wouldn't trust the system until it is rebuilt, though.

    +
    0 Votes
    macwhallup

    your right im not sure what i can do i set my icons back up i dont care if i cant get my songs or movies back but my pictures an videos i would love to have back..i knew i should of backed something up

    +
    0 Votes
    AnsuGisalas

    The popups you got were most likely part of the attack, can you describe what exactly you installed?

    +
    0 Votes
    markp24

    Hi, I am in agreement with Seanferd,
    I suggest you boot from a Live CD (ubcd4win, or Live linux cd) and copy your data off the drive or image the systems to an external drive (becaure with restoring the data as well as an image will also may contain the virus as well as your backed up documents..
    format and reload the system, thats the best way to know its gone. Make sure you have a very good antivirus installed prior to restoring your data andreinstalling your applications.

    +
    0 Votes
    terry.baresh

    I've recently cleaned up a few computers that were attacked in the same manner you described above; only to discover that the malicious software apparently modified the attributes of several files and folders. All the Desktop icons were "hidden." The Users folders also were "hidden" and the Startup apps were removed. In both cases, a new partition was created on the hard drive requiring additional partition management before I could "image" the drive. Following the partition repairs, I performed a complete System Restore.

    +
    0 Votes
    Spitfire_Sysop

    It sounds like the behaviour of "Win 7 Anti-Virus 2011" but it's a chameleon it will match your OS so it could be called "Win XP Anti-Virus 2011". It's also armoured so it will protect itself like a rootkit while it is running. It has the ability to defeat common anti-virus programs. MBAM will find it but you have to stop it from running first.

    I found and deleted the files from Linux because it cannot hide in Linux.

    If you don't know how to do this there are instructions on the web for manual removal.

    Use "RKILL.EXE" to close it. (Google this)
    The files you need to delete are in the "documents and settings" tree.

    Once you can kill the process and delete the hidden files you need to clean up temp files and broken registry links. Use CCleaner to do this.

    reboot

    Then your desktop icons will magically return.

    +
    0 Votes
    dave

    You don't say which operating system you are using, but get Windows to display Hidden Files and Folders and see if the files are visible that way. My son had a similar malware infection on his computer and like terry.baresh says, the files have the hidden attribute set.

    +
    0 Votes
    mahaju

    but considering the question he has asked, imho at least, I don't think he will will be able to carry out most of the advices given here
    I don't think he is using Linux, and if he is Windows 7 or Vista, I think someone should tell him the path of the desktop and my documents folders so that he can at least see where his pictures and video files are (assuming of course that all the files have not been hidden in this view as well)
    I've never used Vista or Windows 7 (I don't like anything above XP) but I am sure somebody here definitely knows about this
    If he is using XP,
    Desktop can be found at
    C:\Documents and Settings\..username..\Desktop
    My Documents at
    C:\Documents and Settings\..username..>\My Documents

    Just replace the ..username.. with XP login username
    If you are not sure what this is click on the start menu and it can be seen on the top of the start menu box that appears

    +
    0 Votes
    anthonyis2000

    All of your data and icons are there. As stated - hidden. After the malware removed Rt click desktop to show icons if they are not there. Since you haven't specified what O/S you are using or what malware etc. you may have been hit with, we are kind of guessing as to what needs to correct the issue. I have removed similar types of malware from several Vista and XP computers. As Spitfire_Sysop mentioned, its probably something similar to Win 7 Anti-Virus 2011, XPAnti-Virus xxxx or SystemTool. I may be wrong but the guys at Bleeping computer have an excellent step by step guide to remove one of the malware that cause this problem. SystemTool and XPAntiSpyware xxxx are two that act the similar. No sense in me typing it up. Here is a link to their guide. I hope it helps you. You will need to download rkill and Malwarebytes. http://www.bleepingcomputer.com/virus-removal/remove-system-tool

  • +
    0 Votes
    OH Smeg

    As to how you get rid of it that's a different story.

    You first have to find out what you have infected your computer with before you can take steps to Exterminate it.

    Try scanning your computer in Safe Mode with your Installed AV product that may revel something. As you have some form of Windows to load Safe Mode all you have to do is Press and Hold down the F8 Key when the BIOS Screen appears till you get a White on Black Screen and then use the Arrow Keys on the Keyboard to highlight Safe Mode and then press Enter.

    If that doesn't work you can try using Malware Bytes which you can download and use free from here

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10878968

    Both of the above may not be able to clean the system depending on what it is you have infected the computer with but at the very least they should tell you what the name of the infection is if nothing else then you can goggle a possible cure.

    Col

    +
    0 Votes
    Galeazzo

    A very good and informative article indeed . It helps me a lot to enhance my knowledge, I really like the way the writer presented his views.
    <a href="http://www.donnecercauomo.com">donna cerca uomo</a> ; Very good article from the article you increase the value of information has brought me great help.
    <a href="http://www.fuoristradausati.net">fuoristrada usati</a> ; thanks very much
    <a href="http://www.suvusati.net">suv usati</a> . bye

    +
    0 Votes
    seanferd

    Those bubbles popping up were part of the attack to get you to install the trojan. <b>Never click anywhere on those popups unless you know they belong to your AV or Windows or another security app you have installed.</b> Just close the browser. If it won't close, kill the process, and/or unplug your network cable - whatever you can do the quickest. You can also try a hard shutdown when you first see a popup, but best not if it has already been any length of time, as a reboot can then finish installing malware rootkits. Better to scan first in that case.

    Now, maybe your files are trashed, or maybe everything is just hidden. You can try cleaning the system from Safe Mode after turning off System Restore with http://malwarebytes.org . You probably want to have a go with a rootkit scanner like Rootkit Revealer http://technet.microsoft.com/en-us/sysinternals/bb897445, and AutoRuns can help you see anything wrong in startup entries http://technet.microsoft.com/en-us/sysinternals/bb963902 .

    Check your Desktop - right click it → Arrange Icons By → Show Desktop Icons. If that fixes one symptom, this may not be too bad.

    But your best bet is just to get your files off the drive, then nuke and pave. So, get something to which you can copy your files - another drive, or an external drive housing to connect your drive to another machine.

    Then you want to look for your files with the OS offline, if the malware couldn't be removed, or if stuff is still broken or hidden. So, boot the machine from a Live CD. You can go for one just to look for the files, or you can try one with recovery tools or AV. But to save your files, you definitely need one that can read your disk and move files to another. Knoppix works well for this, giving you a GUI file manager. http://www.knoppix.net/

    More: http://www.ultimatebootcd.com/
    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Once you have recovered your files, wipe the drive (not the recovery partition, if your system vendor provided one) with http://www.dban.org/ then reinstall Windows via whatever method you have - CD/DVD or recovery partition.

    +
    0 Votes
    AnsuGisalas

    Perhaps even Malwarebytes Antimalware...
    As I read it, he's complaining that he lost files in the cleanup.

    Of course, it actually sounds like he got a fake AV attack, and followed its "advice". So he could have a rootkit by now.

    +
    0 Votes
    seanferd

    Which is why I'm suggesting a solution for finding the files, if they exist. Probably too much stuff is broken to fix manually, but that is why I suggest the desktop icon fix to test.

    For such a potentially destructive bit of malware, I wouldn't trust the system until it is rebuilt, though.

    +
    0 Votes
    macwhallup

    your right im not sure what i can do i set my icons back up i dont care if i cant get my songs or movies back but my pictures an videos i would love to have back..i knew i should of backed something up

    +
    0 Votes
    AnsuGisalas

    The popups you got were most likely part of the attack, can you describe what exactly you installed?

    +
    0 Votes
    markp24

    Hi, I am in agreement with Seanferd,
    I suggest you boot from a Live CD (ubcd4win, or Live linux cd) and copy your data off the drive or image the systems to an external drive (becaure with restoring the data as well as an image will also may contain the virus as well as your backed up documents..
    format and reload the system, thats the best way to know its gone. Make sure you have a very good antivirus installed prior to restoring your data andreinstalling your applications.

    +
    0 Votes
    terry.baresh

    I've recently cleaned up a few computers that were attacked in the same manner you described above; only to discover that the malicious software apparently modified the attributes of several files and folders. All the Desktop icons were "hidden." The Users folders also were "hidden" and the Startup apps were removed. In both cases, a new partition was created on the hard drive requiring additional partition management before I could "image" the drive. Following the partition repairs, I performed a complete System Restore.

    +
    0 Votes
    Spitfire_Sysop

    It sounds like the behaviour of "Win 7 Anti-Virus 2011" but it's a chameleon it will match your OS so it could be called "Win XP Anti-Virus 2011". It's also armoured so it will protect itself like a rootkit while it is running. It has the ability to defeat common anti-virus programs. MBAM will find it but you have to stop it from running first.

    I found and deleted the files from Linux because it cannot hide in Linux.

    If you don't know how to do this there are instructions on the web for manual removal.

    Use "RKILL.EXE" to close it. (Google this)
    The files you need to delete are in the "documents and settings" tree.

    Once you can kill the process and delete the hidden files you need to clean up temp files and broken registry links. Use CCleaner to do this.

    reboot

    Then your desktop icons will magically return.

    +
    0 Votes
    dave

    You don't say which operating system you are using, but get Windows to display Hidden Files and Folders and see if the files are visible that way. My son had a similar malware infection on his computer and like terry.baresh says, the files have the hidden attribute set.

    +
    0 Votes
    mahaju

    but considering the question he has asked, imho at least, I don't think he will will be able to carry out most of the advices given here
    I don't think he is using Linux, and if he is Windows 7 or Vista, I think someone should tell him the path of the desktop and my documents folders so that he can at least see where his pictures and video files are (assuming of course that all the files have not been hidden in this view as well)
    I've never used Vista or Windows 7 (I don't like anything above XP) but I am sure somebody here definitely knows about this
    If he is using XP,
    Desktop can be found at
    C:\Documents and Settings\..username..\Desktop
    My Documents at
    C:\Documents and Settings\..username..>\My Documents

    Just replace the ..username.. with XP login username
    If you are not sure what this is click on the start menu and it can be seen on the top of the start menu box that appears

    +
    0 Votes
    anthonyis2000

    All of your data and icons are there. As stated - hidden. After the malware removed Rt click desktop to show icons if they are not there. Since you haven't specified what O/S you are using or what malware etc. you may have been hit with, we are kind of guessing as to what needs to correct the issue. I have removed similar types of malware from several Vista and XP computers. As Spitfire_Sysop mentioned, its probably something similar to Win 7 Anti-Virus 2011, XPAnti-Virus xxxx or SystemTool. I may be wrong but the guys at Bleeping computer have an excellent step by step guide to remove one of the malware that cause this problem. SystemTool and XPAntiSpyware xxxx are two that act the similar. No sense in me typing it up. Here is a link to their guide. I hope it helps you. You will need to download rkill and Malwarebytes. http://www.bleepingcomputer.com/virus-removal/remove-system-tool