Questions

Query regarding partial data loss and inability to perform a system restore

Tags:
+
0 Votes
Locked

Query regarding partial data loss and inability to perform a system restore

Discombobulated
Hi!

I wonder if someone can help, please.

Last night I lost my entire 'My Documents' folder and I am unable to perform a system restore to any time point. I can't find the folder anywhere on my hard drive.

A few days ago, I was bidding for an editing job on a Freelance writing site. The client contacted me asking if I could edit his thesis document. He sent me the document to look at so that I could give him a price for the work, which I duly did. He eventually chose another contractor which was all well and good. He had,made it clear in his job posting that he would expect any contractor to agree to sign a full disclosure.

I wondered if it might be possible for 'someone' to target a cyber attack on this single folder on my hard drive? And if so, is there any way of retrieving the lost data?

The only other thing I have downloaded since then is a program called 'Sibelius Scorch' to allow me to view online sheet music. I believe I may have been prompted to install an Active X add-on.

If this is the the problem rather than the paranoid client scenario, does this suggest some sort of malware? I have run a full scan and my Kaspersky isn't picking up any problems. I have noted that some posters on various forums suggest a program called 'Malwarebytes'. Is this safe to use, and is it likely to help me with my problem?

Thankfully, I didn't lose very much work but I would appreciate any help or advice you could offer.

Thanks.
  • +
    2 Votes
    OH Smeg

    And Malwarebytes is a Brilliant Program which is ideal provided that you download it from a safe source though now you may not be able to install it depending on what Infection you have picked up.

    You can get it here just click on the Free Download link

    http://www.malwarebytes.org/

    After it's installed and updated restart your system in Safe Mode and run the scan and rerun the AV Scan again in Safe Mode.

    You are more likely to find infections and be able to remove them in Safe Mode than with Windows running normally.

    Or you could try a Rescue CD like one of the ones available here

    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Col

    +
    0 Votes
    Discombobulated

    Thanks, OH Smeg,

    Thanks for your reply and your suggestion. I downloaded and updated malwarebytes from the link you provided. Once I have finished here, I'll do as you suggest and run a scan in safe mode. I'll let you know how it goes...

    +
    1 Votes
    SmartAceW0LF

    First, I second the nod for Malwarebytes Anti-Malware heartily. Second, being familiar with Sibelius, I find it highly unlikely that is the source of your problem. Nonetheless, it is important to realize that often times, the site you happen to have been on when you experience a sudden change or symptom in your system, may or may not be responsible. Many malicious programs reside in your temporary files for a bit before finally being executed at a later point. Sometimes, hours, other times days or even months.
    Finally, -and the most significant reason for my additional post on this point- currently there are several flavors of malicious code at large that will first, set the attributes of your personal files to be hidden. They will still be on the system, just not visible via the default settings of Windows Explorer. If left to continue its aggravation, the code will do the same for all of the files on your desktop and on to the typical default files necessary for all users which normally reside in the default user profile. Left long enough, it will even begin deleting those files. It can be a real pain to clean up, and though MBAM (Malwarebytes) will find and clean the offending code from your PC, it will not fix the issues caused by this particular coding.
    So before you get distraught over the loss, be sure to enable the ability to view hidden files within windows explorer. Open Windows Explorer go to Tools/Folder Options in the file menus at top. Click the View tab on the property sheet, put a tic in the settings to "Show Hidden Files and Folder" and untic the option to "Hide All Protected Operating System Files". Then check to see if your folders and files are now visible. If so great. If not, depending on the relative importance of recovering the files in question, you might consider shutting the machine down and asking for further assistance from a different machine. Do run a scan with MBAM first though. Also, MBAM may be installed, updated and run from Safe Mode With Networking. Good luck.

    +
    0 Votes
    Discombobulated

    Thanks for your suggestions, SmartAceWOLF and Sue T. One of the first things I did when I couldn't find my folder was to check the 'hidden files and folders' options. I only thought to do this because itunes decided to hide my music from me at one point in the past :-) But I didn't know to uncheck the option to 'Hide All Protected Operating System Files'. I have since done this and alas, no joy, I'm afraid.

    Can you please explain what would be involved in 'asking for further assistance from a different machine'? Sorry if this is a dim question...!

    +
    1 Votes
    Sue T

    see if for some reason or another that your My Documents folder is not a hidden folder that you may have to just unhide. Have you tried opening a document that was in that folder by first opening the application (like Word) and then choosing file open. Does the document open? If so, then you know you your documents are still there.
    Good luck

    +
    0 Votes
    Discombobulated

    Hi Sue T. Thanks for your reply. As you can see from my reply above, I tried doing as you suggest. I did try to open a document that I had been working on before the crash and the file pathway is missing. Do you think this means the folder is definitely gone?

    +
    1 Votes
    a.portman

    Oh Shmeg is at least partially right. Follow the link on the bottom of hos post to the malware restore tools. A Linux boot CD may allow you to find your My Documents Folder. Although, assuming you downloaded Siebelius from its website and not a bittorrent, you probably did not get the maleware there.

    Now to, "
    I wondered if it might be possible for 'someone' to target a cyber attack on this single folder on my hard drive? And if so, is there any way of retrieving the lost data?" Are you referring to your potential liability to the originator if your copy of his data is published/used not by him? That is a distinct maybe. Do I think someone targeted your machine to get this file, no. Is it possible that all of your data was compromised and it might get used somehow, possibly, but unlikely.

    I would concentrate on recovering the my files and cleaning my machine. Regretfully, the best way to know it is clean is reformat, reinstall everything.

    +
    0 Votes
    Discombobulated

    Hi a.portman@...Thanks for your reply. It seems as if the folder is indeed gone, so I may well try the link for the Rescue CD OH Smeg suggests. I'll run the anti-malware first and go ahead and do that afterwards. Is this similar to the type of software I downloaded to recover crashed Audacity files, do you know?

    Re. your second comment: I didn't think he would try to damage my documents folder on the basis of the shared document but you never can tell. As it goes, I still have the original attached to my e-mail file which I have tried to access again, simply out of interest to see if it would open...and it does, so if he were targeting my documents folder he would probably have also targeted the contents of my e-mail folder :-) I think the thought only crossed my mind because he was fairly insistent about the disclosure clause.

    I'll go ahead and run the anti-malware and take it from there...

    +
    1 Votes
    gscratchtr

    but make sure you didn't accidentally (via a stuck mouse button, as happened to me) MOVE your 'My Documents' to under another folder. You did say "anywhere on my hard drive." but I just wanted to make a suggestion.

    or, when you were deleting the potentical client's work (was it in 'My Documents' ?) ensure that you didn't delete the entire 'My Documents' folder (as has also happened to me, again by a fat-finger); in my case, it was just moved to 'Recycle' so I had only a few moments of panic.

    +
    0 Votes
    Discombobulated

    Thanks for your reply gscratchtr. I have done this myself before too! But no, on the back of your suggestion, I rechecked other folders in 'My Documents'. I was literally in the process of editing another document when the whole thing 'hung'. When I went to save the file I was working on, there was no sign of my folder. So I wasn't deleting anything when it happened, but I have checked the recycle bin anyway. No sign of anything there.

    Oh, hang on...I have just realised something. I said in my original (and subsequent postings) the my entire 'My Documents' folder had gone missing. That's not actually the case. It is still there but contains everything (everyone else's folders) except my own personal folder (which in turn contains My Music, My Videos, My Documents and lots of others I have created). Oh dear...now I really am discombobulated!

    Off to run a malware scan...

    +
    0 Votes
    Discombobulated

    Hi Everyone,

    Just to let you know that I have had trouble starting up 'safe mode' (with and without networking). I tried to take a screenshot, which I tried to reproduce here (with no luck) but all of the extensions listed on startup indicated some issue with the drivers...

    Anyway, it is very late here and I need to hit the sack. I'll run 'Malwarebytes' overnight and report back...

    Goodnight, all!

    +
    0 Votes
    Will S.

    Good morning Discombobulated! Here's to a fun-filled day of data-recovery excitement.

    As I'm sure you know, there are some amazing bits of malware code out there.

    After reading this thread, I'm not sure I can offer any suggestions that improve your chances of recovering your data, but I'll try.

    First, try not to download anything else to your local machine as to avoid over-writing your files (if they have been deleted).

    Next, log into the machine under a different "administrator" profile/account. Hopefully, you you still have the default admin account...you may need to enable it under control panel-->administrative tools-->computer management-->local users and groups.

    Run your malware scannners: MalwareBytes, Eset online scanner, TDSS Killer (or others). If necessary post your logs into the appropriate forums for the utilities listed above. My personal favorite malware support site is at Bleeping Computers.

    If no malware is reported, focus on the data recovery. Perform a search of your system for the file name, try the trial version of GetDataBack, and/or restore system to previous restore point. Do you have any backup strategies in place?

    Like others have mentioned, it would seem pretty odd to have a targeted attack on your My Documents without the rest of your system being compromised as well. Let us know how things go and we'll see if we can get your files back :)

    Best of luck.

    +
    0 Votes
    Discombobulated

    Hi Will S (and everyone else),

    Thanks for your reply.

    Okay...

    Ran malwarebytes--no problems detected
    Ran own virus software again--no problems
    Created AVG Rescue CD and have pretty much spent the day on AVG tutorials. Plan to run the scan next...

    Once I have done this, I'll go on to the other suggestions you make.

    Thanks :-)

    +
    0 Votes
    Discombobulated

    To everyone who helped: I managed to sort the problem and retrieve some of my data (took an age, mind you :-) )

    I would offer to help someone else with a problem on this forum but they would have to possess the computer literacy of a block of wood and the IQ of a shellfish to have any hope of benefiting from my 'knowledge' and 'skills'!

    Many contrafibularities to you all!

    Discombobulated signing off :-)

    +
    0 Votes
    SmartAceW0LF

    It is helpful to others in knowing the resolution of your problem. ;-)

  • +
    2 Votes
    OH Smeg

    And Malwarebytes is a Brilliant Program which is ideal provided that you download it from a safe source though now you may not be able to install it depending on what Infection you have picked up.

    You can get it here just click on the Free Download link

    http://www.malwarebytes.org/

    After it's installed and updated restart your system in Safe Mode and run the scan and rerun the AV Scan again in Safe Mode.

    You are more likely to find infections and be able to remove them in Safe Mode than with Windows running normally.

    Or you could try a Rescue CD like one of the ones available here

    http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803

    Col

    +
    0 Votes
    Discombobulated

    Thanks, OH Smeg,

    Thanks for your reply and your suggestion. I downloaded and updated malwarebytes from the link you provided. Once I have finished here, I'll do as you suggest and run a scan in safe mode. I'll let you know how it goes...

    +
    1 Votes
    SmartAceW0LF

    First, I second the nod for Malwarebytes Anti-Malware heartily. Second, being familiar with Sibelius, I find it highly unlikely that is the source of your problem. Nonetheless, it is important to realize that often times, the site you happen to have been on when you experience a sudden change or symptom in your system, may or may not be responsible. Many malicious programs reside in your temporary files for a bit before finally being executed at a later point. Sometimes, hours, other times days or even months.
    Finally, -and the most significant reason for my additional post on this point- currently there are several flavors of malicious code at large that will first, set the attributes of your personal files to be hidden. They will still be on the system, just not visible via the default settings of Windows Explorer. If left to continue its aggravation, the code will do the same for all of the files on your desktop and on to the typical default files necessary for all users which normally reside in the default user profile. Left long enough, it will even begin deleting those files. It can be a real pain to clean up, and though MBAM (Malwarebytes) will find and clean the offending code from your PC, it will not fix the issues caused by this particular coding.
    So before you get distraught over the loss, be sure to enable the ability to view hidden files within windows explorer. Open Windows Explorer go to Tools/Folder Options in the file menus at top. Click the View tab on the property sheet, put a tic in the settings to "Show Hidden Files and Folder" and untic the option to "Hide All Protected Operating System Files". Then check to see if your folders and files are now visible. If so great. If not, depending on the relative importance of recovering the files in question, you might consider shutting the machine down and asking for further assistance from a different machine. Do run a scan with MBAM first though. Also, MBAM may be installed, updated and run from Safe Mode With Networking. Good luck.

    +
    0 Votes
    Discombobulated

    Thanks for your suggestions, SmartAceWOLF and Sue T. One of the first things I did when I couldn't find my folder was to check the 'hidden files and folders' options. I only thought to do this because itunes decided to hide my music from me at one point in the past :-) But I didn't know to uncheck the option to 'Hide All Protected Operating System Files'. I have since done this and alas, no joy, I'm afraid.

    Can you please explain what would be involved in 'asking for further assistance from a different machine'? Sorry if this is a dim question...!

    +
    1 Votes
    Sue T

    see if for some reason or another that your My Documents folder is not a hidden folder that you may have to just unhide. Have you tried opening a document that was in that folder by first opening the application (like Word) and then choosing file open. Does the document open? If so, then you know you your documents are still there.
    Good luck

    +
    0 Votes
    Discombobulated

    Hi Sue T. Thanks for your reply. As you can see from my reply above, I tried doing as you suggest. I did try to open a document that I had been working on before the crash and the file pathway is missing. Do you think this means the folder is definitely gone?

    +
    1 Votes
    a.portman

    Oh Shmeg is at least partially right. Follow the link on the bottom of hos post to the malware restore tools. A Linux boot CD may allow you to find your My Documents Folder. Although, assuming you downloaded Siebelius from its website and not a bittorrent, you probably did not get the maleware there.

    Now to, "
    I wondered if it might be possible for 'someone' to target a cyber attack on this single folder on my hard drive? And if so, is there any way of retrieving the lost data?" Are you referring to your potential liability to the originator if your copy of his data is published/used not by him? That is a distinct maybe. Do I think someone targeted your machine to get this file, no. Is it possible that all of your data was compromised and it might get used somehow, possibly, but unlikely.

    I would concentrate on recovering the my files and cleaning my machine. Regretfully, the best way to know it is clean is reformat, reinstall everything.

    +
    0 Votes
    Discombobulated

    Hi a.portman@...Thanks for your reply. It seems as if the folder is indeed gone, so I may well try the link for the Rescue CD OH Smeg suggests. I'll run the anti-malware first and go ahead and do that afterwards. Is this similar to the type of software I downloaded to recover crashed Audacity files, do you know?

    Re. your second comment: I didn't think he would try to damage my documents folder on the basis of the shared document but you never can tell. As it goes, I still have the original attached to my e-mail file which I have tried to access again, simply out of interest to see if it would open...and it does, so if he were targeting my documents folder he would probably have also targeted the contents of my e-mail folder :-) I think the thought only crossed my mind because he was fairly insistent about the disclosure clause.

    I'll go ahead and run the anti-malware and take it from there...

    +
    1 Votes
    gscratchtr

    but make sure you didn't accidentally (via a stuck mouse button, as happened to me) MOVE your 'My Documents' to under another folder. You did say "anywhere on my hard drive." but I just wanted to make a suggestion.

    or, when you were deleting the potentical client's work (was it in 'My Documents' ?) ensure that you didn't delete the entire 'My Documents' folder (as has also happened to me, again by a fat-finger); in my case, it was just moved to 'Recycle' so I had only a few moments of panic.

    +
    0 Votes
    Discombobulated

    Thanks for your reply gscratchtr. I have done this myself before too! But no, on the back of your suggestion, I rechecked other folders in 'My Documents'. I was literally in the process of editing another document when the whole thing 'hung'. When I went to save the file I was working on, there was no sign of my folder. So I wasn't deleting anything when it happened, but I have checked the recycle bin anyway. No sign of anything there.

    Oh, hang on...I have just realised something. I said in my original (and subsequent postings) the my entire 'My Documents' folder had gone missing. That's not actually the case. It is still there but contains everything (everyone else's folders) except my own personal folder (which in turn contains My Music, My Videos, My Documents and lots of others I have created). Oh dear...now I really am discombobulated!

    Off to run a malware scan...

    +
    0 Votes
    Discombobulated

    Hi Everyone,

    Just to let you know that I have had trouble starting up 'safe mode' (with and without networking). I tried to take a screenshot, which I tried to reproduce here (with no luck) but all of the extensions listed on startup indicated some issue with the drivers...

    Anyway, it is very late here and I need to hit the sack. I'll run 'Malwarebytes' overnight and report back...

    Goodnight, all!

    +
    0 Votes
    Will S.

    Good morning Discombobulated! Here's to a fun-filled day of data-recovery excitement.

    As I'm sure you know, there are some amazing bits of malware code out there.

    After reading this thread, I'm not sure I can offer any suggestions that improve your chances of recovering your data, but I'll try.

    First, try not to download anything else to your local machine as to avoid over-writing your files (if they have been deleted).

    Next, log into the machine under a different "administrator" profile/account. Hopefully, you you still have the default admin account...you may need to enable it under control panel-->administrative tools-->computer management-->local users and groups.

    Run your malware scannners: MalwareBytes, Eset online scanner, TDSS Killer (or others). If necessary post your logs into the appropriate forums for the utilities listed above. My personal favorite malware support site is at Bleeping Computers.

    If no malware is reported, focus on the data recovery. Perform a search of your system for the file name, try the trial version of GetDataBack, and/or restore system to previous restore point. Do you have any backup strategies in place?

    Like others have mentioned, it would seem pretty odd to have a targeted attack on your My Documents without the rest of your system being compromised as well. Let us know how things go and we'll see if we can get your files back :)

    Best of luck.

    +
    0 Votes
    Discombobulated

    Hi Will S (and everyone else),

    Thanks for your reply.

    Okay...

    Ran malwarebytes--no problems detected
    Ran own virus software again--no problems
    Created AVG Rescue CD and have pretty much spent the day on AVG tutorials. Plan to run the scan next...

    Once I have done this, I'll go on to the other suggestions you make.

    Thanks :-)

    +
    0 Votes
    Discombobulated

    To everyone who helped: I managed to sort the problem and retrieve some of my data (took an age, mind you :-) )

    I would offer to help someone else with a problem on this forum but they would have to possess the computer literacy of a block of wood and the IQ of a shellfish to have any hope of benefiting from my 'knowledge' and 'skills'!

    Many contrafibularities to you all!

    Discombobulated signing off :-)

    +
    0 Votes
    SmartAceW0LF

    It is helpful to others in knowing the resolution of your problem. ;-)