Malware attack. All text documents and pictures gone

  KentE 18:49 21 Jan 2012

Last night I clicked on a video on some site I ended up on. The AVG came up with a window that a virus had been stopped and suggested I quarantined it or whatever. I clicked as I have in the past OK for it to go ahead and handle the threat and was about to click "back" in the browser, when the PC started to shut down and restart. It had never done that before when AVG antivirus stops a virus. As it starts up the screen is black and just a few of the icons appear and in the wrong place. Then I get a pop up that looks like a windows utility for scanning for problems. I clicked scan and a whole list of all kinds of disastorous faults appear (memory, hard disc, programs, etc. all with gorss faults). When the "scan" is completed a "pay now" button appeared. First now did I realize what had happend, so I pulled the plug on the router (too late of course). That "Utility window" remained on the desktop and nothing could remove it. If I restarted the same thing happend again. In start menue all the Right hand stuff like Computer or Documents were gone. I ran a scan in AVG but nothing came up. So I started the PC in safe mode and did a System Restore a few day back. When I started it up again the malware seemed to be gone and the PC back to normal. It was now late and I went to bed. Today I just noticed that most files are gone from both harddiscs in the PC. I have got music and some other format files, but all pictures, all documents, videos etc seems to be gone.

I have a backup but it is some weeks old and I did a revamp of my website and have written a few documents that I rather not lose. Is there a way to recover the files this malware most likely locked up until I pay the ransom?

Any advice for someone that is not a computer genius?

  Fruit Bat /\0/\ 19:14 21 Jan 2012

name of scanning software asking you to pay?

  Input Overload 19:20 21 Jan 2012

The files haven't gone they are just hidden hidden by this malware, it puts most or files on the PC with the hidden attribute. You need to know the name of the ransom-ware though to remove it.

  dagbladet 19:33 21 Jan 2012


This sounds like something that happened to my computer after one of the cherubs (honest) clicked on something. Firstly, don't panic, your stuff isn't gone, it's just hidden. Next have a look at the link below and see if that is the rogue 'utility programme' that you have. then follow the instructions on the link. All safe, comes from the 'Bleepingcomputer' site.

  robin_x 19:33 21 Jan 2012

Bleeping computer unhide.exe may help

Also run a Malwarebytes scan (even though Restore seems to have worked)

Under no circumstances pay any money to these or other fraudsters. Paying by debit or credit card leaves you open to theft.

  dagbladet 19:41 21 Jan 2012

I also discovered that those that were unfortunately misguided enough to pay for the 'solution' are sent a key which actually does sort the problem out.

If you are suffering from the virus/malware in my link above the key, which is the same for everybody is 1203978628012489708290478989147.

Once entered your PC will look as it did before and it will be easier to get in and remove the rougue.

  KentE 22:21 21 Jan 2012

I guess I have to undo the last Restore to find out who this was. I do not remember that there was a name, and it had the appearance of a Microsoft window. The Malwarebytes scan came up clean. So I guess I have to now undo the restore and deal with it from there. It did not look as fancy as the "Windows Recovery" but pretty much said and did the same thing. So it might be another version.

Any better idea that does not involve undoing the restore, as it was next to impossible to do anything with the PC in that state.

  robin_x 22:28 21 Jan 2012

I would advise don't undo the restore. Concentrate on the unhiding.

The name doen't matter if it's mostly gone.

  KentE 23:28 21 Jan 2012

Yipeee!! Unhide.exe did the job! Thank you so much for your help.

Lots of Love


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5T review: Hands-on

Illustrator Andrés Lozano on his improv line work, brazen use of colours & hand sketching

iPhone X review

Comment envoyer gratuitement des gros fichiers ?