All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: Toshiba Hard disk, files stay "Hidden" because of"Drive".bat
PostPosted: May 20th, 2017, 11:36 
Offline

Joined: May 20th, 2017, 11:17
Posts: 5
Location: Saudi Arabia
Attachment:
no.3.PNG
no.3.PNG [ 128.53 KiB | Viewed 8252 times ]
Attachment:
1.PNG
1.PNG [ 146.88 KiB | Viewed 8252 times ]
Attachment:
File comment: The folder 493, which doesn't go away even if i delete it.
no.2.PNG
no.2.PNG [ 158.9 KiB | Viewed 8252 times ]
I have a Toshiba HDD. It got infected by- i think, a virus? So, the problem is that there's a BATCH file named "DRIVE" in it. It doesn't go away even if i delete it. All my Files and Folders in my HDD are HIDDEN. They stay Hidden no matter what.I have Un-hidden them and deleted the BATCH file several times, but nothing seems to work. The BATCH file keeps coming back and the folders go back to being hidden. All my data has been put in a folder named "Drive" automatically and It contains another folder which is named "493" which contains a JScript file and it is named "cnqvody". What do i do to fix this problem?


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 11:52 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
attrib -h -r -s /s /d F:*.* (CMD)


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 11:58 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
Hi,
I am interested in both the .js file and the .bat file.
possible you could zip them for me?

are the files themselves actually ok or encrypted? if the files are ok, I would copy them off to another drive, minus the dodgy ones, then fully wipe drive by repartitioning or windows diskpart tool, and "clean" option.


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:47 
Offline

Joined: May 20th, 2017, 11:17
Posts: 5
Location: Saudi Arabia
unknown wrote:
attrib -h -r -s /s /d F:*.* (CMD)

It's not working. shows "Access denied - F:\System Volume Information"


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:50 
Offline

Joined: May 20th, 2017, 11:17
Posts: 5
Location: Saudi Arabia
Spildit wrote:
I would start by running GMER and check for rootkits. If there are "red" entries on the first scan then delete/stop the servers/processs. Then run CombiFix.

When the scan finish get something like avira and install it. Run a full scan. Now get spybot and run it as well. This will get rid of the majority of virus and malware out of the system.

You should run a full avira scan on all units of your system including the external hdd. Make sure that you update the virus definitions first.

I ran AVG and scanned the Disk for infected files. The program found 5. Deleted them. Then I deleted the Batch file. It's working fine till now. Let's see if it stays that way. Thanks for the tip.


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:51 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Check the partition now and manually delete the unwanted files and post the results.
Good luck


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:54 
Offline

Joined: May 20th, 2017, 11:17
Posts: 5
Location: Saudi Arabia
HaQue wrote:
Hi,
I am interested in both the .js file and the .bat file.
possible you could zip them for me?

are the files themselves actually ok or encrypted? if the files are ok, I would copy them off to another drive, minus the dodgy ones, then fully wipe drive by repartitioning or windows diskpart tool, and "clean" option.

Sorry, bro- can't. Scanned the drive by an anti-virus. It found 5 infected files. Deleted them. Then i deleted the Batch and .js file. Looks like it worked this time. The file(s) aren't coming back and the folders stay un-hidden. It worked, I think. Let's see if it stays that way.


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:57 
Offline

Joined: May 20th, 2017, 11:17
Posts: 5
Location: Saudi Arabia
unknown wrote:
Check the partition now and manually delete the unwanted files and post the results.
Good luck

I scanned the Disk with an anti-virus program. It deleted the infected files it found. Then, I deleted some suspicious files that i didn't really know of form the drive, manually. Seems like it worked.
Thanks for your Help.


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 12:59 
Offline

Joined: October 21st, 2007, 8:48
Posts: 1631
Glad it worked for you. :)


Top
 Profile  
 
 Post subject: Re: Toshiba Hard disk, files stay "Hidden" because of"Drive"
PostPosted: May 20th, 2017, 22:46 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
one thing you could do is do a search in the registry on a pc this drive was connected to. search for the js file and the batch file. possibly the malware has some registry settings to run them.

did you connect drive to a work or freinds PC recently? possibly they are infected.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Majestic-12 [Bot] and 92 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group