Toshiba Hard disk, files stay "Hidden" because of"Drive".bat

[Usman_K]

The folder 493, which doesn't go away even if i delete it.

I have a Toshiba HDD. It got infected by- i think, a virus? So, the problem is that there's a BATCH file named "DRIVE" in it. It doesn't go away even if i delete it. All my Files and Folders in my HDD are HIDDEN. They stay Hidden no matter what.I have Un-hidden them and deleted the BATCH file several times, but nothing seems to work. The BATCH file keeps coming back and the folders go back to being hidden. All my data has been put in a folder named "Drive" automatically and It contains another folder which is named "493" which contains a JScript file and it is named "cnqvody". What do i do to fix this problem?

[unknown]

attrib -h -r -s /s /d F:*.* (CMD)

[HaQue]

Hi,
I am interested in both the .js file and the .bat file.
possible you could zip them for me?

are the files themselves actually ok or encrypted? if the files are ok, I would copy them off to another drive, minus the dodgy ones, then fully wipe drive by repartitioning or windows diskpart tool, and "clean" option.

[Usman_K]

attrib -h -r -s /s /d F:*.* (CMD)

It's not working. shows "Access denied - F:\System Volume Information"

[Usman_K]

I would start by running GMER and check for rootkits. If there are "red" entries on the first scan then delete/stop the servers/processs. Then run CombiFix.

When the scan finish get something like avira and install it. Run a full scan. Now get spybot and run it as well. This will get rid of the majority of virus and malware out of the system.

You should run a full avira scan on all units of your system including the external hdd. Make sure that you update the virus definitions first.

I ran AVG and scanned the Disk for infected files. The program found 5. Deleted them. Then I deleted the Batch file. It's working fine till now. Let's see if it stays that way. Thanks for the tip.

[unknown]

Check the partition now and manually delete the unwanted files and post the results.
Good luck

[Usman_K]

Hi,
I am interested in both the .js file and the .bat file.
possible you could zip them for me?

are the files themselves actually ok or encrypted? if the files are ok, I would copy them off to another drive, minus the dodgy ones, then fully wipe drive by repartitioning or windows diskpart tool, and "clean" option.

Sorry, bro- can't. Scanned the drive by an anti-virus. It found 5 infected files. Deleted them. Then i deleted the Batch and .js file. Looks like it worked this time. The file(s) aren't coming back and the folders stay un-hidden. It worked, I think. Let's see if it stays that way.

[Usman_K]

Check the partition now and manually delete the unwanted files and post the results.
Good luck

I scanned the Disk with an anti-virus program. It deleted the infected files it found. Then, I deleted some suspicious files that i didn't really know of form the drive, manually. Seems like it worked.
Thanks for your Help.

[unknown]

Glad it worked for you.

[HaQue]

one thing you could do is do a search in the registry on a pc this drive was connected to. search for the js file and the batch file. possibly the malware has some registry settings to run them.

did you connect drive to a work or freinds PC recently? possibly they are infected.