Hi guys
I need some help here. A friend of mine gave me a USB stick which was infected by a virus and has a lot of important documents that are infected, and asked me if I can recover them somehow.
AVG reports "worm/vb.yb" and it renamed a bunch of .DOC files to .EXE
AVG gives only an option to delete these files, and even renaming them back to DOC do not solve the problem since the files are still infected and cannot be opened (AVG prevent the opening).
Does anyone knows if these files can be recovered and how, or are they completely lost?
Tried to google for solution, unsuccessfully
Scan the jump drive with http://malwarebytes.org/. I bet it gets rid of it. I have had this happen a lot lately and it never lets me down. AVG is useless for this.
EDIT: After reading up a little on your problem this may not work, but it sure won't hurt. Since docs are renamed they might be tough to recover.
In the link below you'll find lots of great free programs to solve your problem.
http://www.techsupportalert.com/
Thanks guys for replies, I will try that
Any other solution?
Unfortunately no solution Dejan, in those cases it is best to erase/remove the files. Possibly try with some other antivirus programs.
I think Ivan is right here Dejan. Normally if the file was recoverable then AVG - or whatever the scanner is - would give a 'recover' option. Sadly most trojans - and I think worms - can't be repaired as they corrupt the entire content of the file. So a scanner can really only allow you to quarantine or delete the infected file .
I think the best your friend can do is remove the malware from his pc - probably via safe mode with system restore turned off temporarily and then running the virus scanner. S/he will however have lost those infected files .
Her computer at work was infected as well and had to be reformatted so she lost all the files on computer, so only copies of documents remained on her USB drive, which was also infected, and these documents are very important to her.
I read about one possible solution, to install another copy of windows, without antivirus and to try to extract all data I can from the infected files, and then simply to remove these infected windows. If I don't find any other (read: easier) solution I think I'll have to go with this one.
Thanks all for the replies
Are the documents Microsoft Word?
I heard WordFIX is a Microsoft Word recovery software designed to restore corrupt or damaged document files back into new trouble free files. Safely recovers documents that have been infected by viruses. I've however never been infected / tried it myself.
These were word documents
It seems the documents are lost for good, I changed extension of some files to .txt and saw that they were overwritten, and they are all identical, it seems to be a program written in Visual Basic 6, some code is visible inside.
Thanks Azzaboi anyway
regarding re-infection, I did not mean to do it on my current Windows, but to install the second copy of windows on same computer and later on to remove it
Honestly to have to reformat a computer due to a virus is rare if you know what you're doing and have the right protection. I would recommend installing Nod32 on a computer that is "clean", update it and run the scan on the drive.
Thanks for the solution, I managed to recover all deleted files, but unfortunately those word documents were overwritten by the worm, none of them successfully recovered.
I agree with you about the negligence, but there are many people who don't know much about computers, they have basic knowledge in word and excel and that's it.
Update: the documents are fully recovered
I noticed that folders on USB stick showed that there are some files inside, but when opened there were none (although show hidden files is activated on my computer). I added one folder to RAR archive and suddenly all documents appeared in the archive, and I could open them all
And when I extract them back to a folder they remain hidden, but anyway they are here
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)