Question
-
CreatorTopic
-
September 9, 2012 at 8:41 am #2171149
Query regarding partial data loss and inability to perform a system restore
Lockedby discombobulated · about 11 years, 6 months ago
Hi!
I wonder if someone can help, please.
Last night I lost my entire ‘My Documents’ folder and I am unable to perform a system restore to any time point. I can’t find the folder anywhere on my hard drive.
A few days ago, I was bidding for an editing job on a Freelance writing site. The client contacted me asking if I could edit his thesis document. He sent me the document to look at so that I could give him a price for the work, which I duly did. He eventually chose another contractor which was all well and good. He had,made it clear in his job posting that he would expect any contractor to agree to sign a full disclosure.
I wondered if it might be possible for ‘someone’ to target a cyber attack on this single folder on my hard drive? And if so, is there any way of retrieving the lost data?
The only other thing I have downloaded since then is a program called ‘Sibelius Scorch’ to allow me to view online sheet music. I believe I may have been prompted to install an Active X add-on.
If this is the the problem rather than the paranoid client scenario, does this suggest some sort of malware? I have run a full scan and my Kaspersky isn’t picking up any problems. I have noted that some posters on various forums suggest a program called ‘Malwarebytes’. Is this safe to use, and is it likely to help me with my problem?
Thankfully, I didn’t lose very much work but I would appreciate any help or advice you could offer.
Thanks.
Topic is locked -
CreatorTopic
All Answers
-
AuthorReplies
-
-
September 9, 2012 at 8:41 am #2887462
Clarifications
by discombobulated · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
Clarifications
-
September 9, 2012 at 3:11 pm #2887458
Yes it’s likely to be Malware that came with your Sheet Music Crap
by oh smeg · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
And Malwarebytes is a Brilliant Program which is ideal provided that you download it from a safe source though now you may not be able to install it depending on what Infection you have picked up.
You can get it here just click on the Free Download link
After it’s installed and updated restart your system in Safe Mode and run the scan and rerun the AV Scan again in Safe Mode.
You are more likely to find infections and be able to remove them in Safe Mode than with Windows running normally. 😉
Or you could try a Rescue CD like one of the ones available here
http://www.techrepublic.com/blog/security/rescue-cds-tips-for-fighting-malware/3803
Col
-
September 10, 2012 at 2:25 pm #2887428
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to Yes it’s likely to be Malware that came with your Sheet Music Crap
Thanks, OH Smeg,
Thanks for your reply and your suggestion. I downloaded and updated malwarebytes from the link you provided. Once I have finished here, I’ll do as you suggest and run a scan in safe mode. I’ll let you know how it goes…
-
-
September 10, 2012 at 2:05 am #2887452
A thing worthy of mention here Discombobulated…
by smartacew0lf · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
First, I second the nod for Malwarebytes Anti-Malware heartily. Second, being familiar with Sibelius, I find it highly unlikely that is the source of your problem. Nonetheless, it is important to realize that often times, the site you happen to have been on when you experience a sudden change or symptom in your system, may or may not be responsible. Many malicious programs reside in your temporary files for a bit before finally being executed at a later point. Sometimes, hours, other times days or even months.
Finally, -and the most significant reason for my additional post on this point- currently there are several flavors of malicious code at large that will first, set the attributes of your personal files to be hidden. They will still be on the system, just not visible via the default settings of Windows Explorer. If left to continue its aggravation, the code will do the same for all of the files on your desktop and on to the typical default files necessary for all users which normally reside in the default user profile. Left long enough, it will even begin deleting those files. It can be a real pain to clean up, and though MBAM (Malwarebytes) will find and clean the offending code from your PC, it will not fix the issues caused by this particular coding.
So before you get distraught over the loss, be sure to enable the ability to view hidden files within windows explorer. Open Windows Explorer go to Tools/Folder Options in the file menus at top. Click the View tab on the property sheet, put a tic in the settings to “Show Hidden Files and Folder” and untic the option to “Hide All Protected Operating System Files”. Then check to see if your folders and files are now visible. If so great. If not, depending on the relative importance of recovering the files in question, you might consider shutting the machine down and asking for further assistance from a different machine. Do run a scan with MBAM first though. Also, MBAM may be installed, updated and run from Safe Mode With Networking. Good luck.-
September 10, 2012 at 2:31 pm #2887426
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to A thing worthy of mention here Discombobulated…
Thanks for your suggestions, SmartAceWOLF and Sue T. One of the first things I did when I couldn’t find my folder was to check the ‘hidden files and folders’ options. I only thought to do this because itunes decided to hide my music from me at one point in the past 🙂 But I didn’t know to uncheck the option to ‘Hide All Protected Operating System Files’. I have since done this and alas, no joy, I’m afraid.
Can you please explain what would be involved in ‘asking for further assistance from a different machine’? Sorry if this is a dim question…!
-
-
September 10, 2012 at 9:11 am #2887445
you may also want to check to
by sue t · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
see if for some reason or another that your My Documents folder is not a hidden folder that you may have to just unhide. Have you tried opening a document that was in that folder by first opening the application (like Word) and then choosing file open. Does the document open? If so, then you know you your documents are still there.
Good luck-
September 10, 2012 at 2:33 pm #2887424
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to you may also want to check to
Hi Sue T. Thanks for your reply. As you can see from my reply above, I tried doing as you suggest. I did try to open a document that I had been working on before the crash and the file pathway is missing. Do you think this means the folder is definitely gone?
-
-
September 10, 2012 at 12:31 pm #2887433
Targeted Attack
by a.portman · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
Oh Shmeg is at least partially right. Follow the link on the bottom of hos post to the malware restore tools. A Linux boot CD may allow you to find your My Documents Folder. Although, assuming you downloaded Siebelius from its website and not a bittorrent, you probably did not get the maleware there.
Now to, ”
I wondered if it might be possible for ‘someone’ to target a cyber attack on this single folder on my hard drive? And if so, is there any way of retrieving the lost data?” Are you referring to your potential liability to the originator if your copy of his data is published/used not by him? That is a distinct maybe. Do I think someone targeted your machine to get this file, no. Is it possible that all of your data was compromised and it might get used somehow, possibly, but unlikely.I would concentrate on recovering the my files and cleaning my machine. Regretfully, the best way to know it is clean is reformat, reinstall everything.
-
September 10, 2012 at 2:46 pm #2887421
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to Targeted Attack
Hi a.portman@…Thanks for your reply. It seems as if the folder is indeed gone, so I may well try the link for the Rescue CD OH Smeg suggests. I’ll run the anti-malware first and go ahead and do that afterwards. Is this similar to the type of software I downloaded to recover crashed Audacity files, do you know?
Re. your second comment: I didn’t think he would try to damage my documents folder on the basis of the shared document but you never can tell. As it goes, I still have the original attached to my e-mail file which I have tried to access again, simply out of interest to see if it would open…and it does, so if he were targeting my documents folder he would probably have also targeted the contents of my e-mail folder 🙂 I think the thought only crossed my mind because he was fairly insistent about the disclosure clause.
I’ll go ahead and run the anti-malware and take it from there…
-
-
September 10, 2012 at 12:53 pm #2887431
I know it will sound stupid
by gscratchtr · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
but make sure you didn’t accidentally (via a stuck mouse button, as happened to me) MOVE your ‘My Documents’ to under another folder. You did say “anywhere on my hard drive.” but I just wanted to make a suggestion.
or, when you were deleting the potentical client’s work (was it in ‘My Documents’ ?) ensure that you didn’t delete the entire ‘My Documents’ folder (as has also happened to me, again by a fat-finger); in my case, it was just moved to ‘Recycle’ so I had only a few moments of panic.
-
September 10, 2012 at 2:59 pm #2887420
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to I know it will sound stupid
Thanks for your reply gscratchtr. I have done this myself before too! But no, on the back of your suggestion, I rechecked other folders in ‘My Documents’. I was literally in the process of editing another document when the whole thing ‘hung’. When I went to save the file I was working on, there was no sign of my folder. So I wasn’t deleting anything when it happened, but I have checked the recycle bin anyway. No sign of anything there.
Oh, hang on…I have just realised something. I said in my original (and subsequent postings) the my entire ‘My Documents’ folder had gone missing. That’s not actually the case. It is still there but contains everything (everyone else’s folders) except my own personal folder (which in turn contains My Music, My Videos, My Documents and lots of others I have created). Oh dear…now I really am discombobulated!
Off to run a malware scan…
-
-
September 10, 2012 at 6:32 pm #2887415
Update…
by discombobulated · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
Hi Everyone,
Just to let you know that I have had trouble starting up ‘safe mode’ (with and without networking). I tried to take a screenshot, which I tried to reproduce here (with no luck) but all of the extensions listed on startup indicated some issue with the drivers…
Anyway, it is very late here and I need to hit the sack. I’ll run ‘Malwarebytes’ overnight and report back…
Goodnight, all!
-
September 11, 2012 at 5:49 am #2887402
Data Recovery
by will s. · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
Good morning Discombobulated! Here’s to a fun-filled day of data-recovery excitement.
As I’m sure you know, there are some amazing bits of malware code out there.
After reading this thread, I’m not sure I can offer any suggestions that improve your chances of recovering your data, but I’ll try.
First, try not to download anything else to your local machine as to avoid over-writing your files (if they have been deleted).
Next, log into the machine under a different “administrator” profile/account. Hopefully, you you still have the default admin account…you may need to enable it under control panel–>administrative tools–>computer management–>local users and groups.
Run your malware scannners: MalwareBytes, Eset online scanner, TDSS Killer (or others). If necessary post your logs into the appropriate forums for the utilities listed above. My personal favorite malware support site is at Bleeping Computers.
If no malware is reported, focus on the data recovery. Perform a search of your system for the file name, try the trial version of GetDataBack, and/or restore system to previous restore point. Do you have any backup strategies in place?
Like others have mentioned, it would seem pretty odd to have a targeted attack on your My Documents without the rest of your system being compromised as well. Let us know how things go and we’ll see if we can get your files back 🙂
Best of luck.
-
September 11, 2012 at 2:23 pm #2887376
Reponse To Answer
by discombobulated · about 11 years, 6 months ago
In reply to Data Recovery
Hi Will S (and everyone else),
Thanks for your reply.
Okay…
Ran malwarebytes–no problems detected
Ran own virus software again–no problems
Created AVG Rescue CD and have pretty much spent the day on AVG tutorials. Plan to run the scan next…Once I have done this, I’ll go on to the other suggestions you make.
Thanks 🙂
-
-
September 12, 2012 at 2:16 pm #2887313
Fixed with many thanks
by discombobulated · about 11 years, 6 months ago
In reply to Query regarding partial data loss and inability to perform a system restore
To everyone who helped: I managed to sort the problem and retrieve some of my data (took an age, mind you 🙂 )
I would offer to help someone else with a problem on this forum but they would have to possess the computer literacy of a block of wood and the IQ of a shellfish to have any hope of benefiting from my ‘knowledge’ and ‘skills’!
Many contrafibularities to you all!
Discombobulated signing off 🙂
-
September 13, 2012 at 8:04 am #2887296
Reponse To Answer
by smartacew0lf · about 11 years, 6 months ago
In reply to Fixed with many thanks
It is helpful to others in knowing the resolution of your problem. 😉
-
-
-
AuthorReplies