06-30-2011 02:12 AM
With this post I just want to share my experience with some very frustrating malware. Fortunately I managed to solve the problem.
The situation was the following:
I have two usb flash memory sticks and one portable usb HDD. Once I pluged in one of the usb sticks and discovered that all folders have been changed to shotcuts. When I open one shortcut the original folder in the usb stick appear. I checked the destination of the shortcut and it was very long and strange path. When I just pointed the shortcut apeared the destination "C:/windows/system32/cmd.exe" Then I checked the other usb stick and the usb hdd and discovered the same problem. I opened task manager and discovered unknown process which consume 50% of the processor.
So I googled the problem and tried the following unsuccessful procedure:
1. From Folder Options/View I cheked the option "Show hidden files and folders" and unchecked the option "Hide protected operating system files (Recommended)"
2. I opened the Task Manager and stopped the unknown process consuming 50% of the processor. But before terminating the process and I made rigth click of the process and opened the file location of the process and deleted.
3. I pluged in one of the usb sticks and discovered that together with the shortcuts I can see the original folders which appeared as hidden foldres and one additional folder Recicle with two files in it on of them was .exe with strange name - combination of numbers and letters.
4. I deleted the folder shortcuts and the folder Recicle and created new foldres and moved the information from the hidden folders to the new one and then deleted the hidden foldres. I repeted the procedure to the other usb stick and usb HDD.
5. Then I pluged in again one random usb stick and the antivirus program NOD32 showed warning message that some unknown program have been activated and NOD32 stopped it and deleted it. But the old shortcut problem appeared again, but without the unknown process in the Task Manager. I repeted step 4 but without success.
Then I found the program ComboFix and some guide how to use it and did the follwing:
1. On local drive C I created a folder and named it "Combo"
2. I put the file ComboFix.exe in the folder C:/Combo
3. I closed all running applications and turned off the antivirus program (in my case NOD32)
4. I started the combofix.exe with the Command Prompt as administrator
5. I waited ComboFix to complete its operations. When the program finished it created a report as .txt file. Computer rebooted.
Then I pluged in one of the usb sticks and saw again the ugly shortcuts, but I deleted them, deleted also the folder Recicle and moved the information from the hidden folders to new ones and deleted the empty hidden folders. Then I unpluged and plugged again the usb stick and the problem appeared to be solved. I did the latter to the other usb stick and usb HDD and since then I haven't experienced the problem again. That is
Thank you for reading
10-12-2011 10:06 AM
Thank you for the great sharing, I recovered about 2GB data (documents) from my 4GB USB flash drive on my HP Pavilion with this post and another article file folders become shortcuts - the fix solution. I nearly lost the hope, thank you so much.
01-12-2013 06:41 PM
Read your messages - what do you do if this happened not on a USB but on a folder that is on the C: drive? I tried the command prompt attributes with the C: drive and nothing was resolved. I have also selected view hidden files. I have lost my work folder (Microsoft Word, Excel and Powerpoint files and PDF files) in one folder only. When I do a search I can fidnd the file, but a message says "the item XXX that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?"
I have not found a solution yet. I am running Windows 7 professional and Office 2010.
- Performing an HP System Recovery (Windows 8)
- Performing an HP system recovery (Windows 7)
- Troubleshooting HP System Recovery Problems (Windows 8)
- Read this before ordering your Recovery Discs! (US and Canada Only)
- Using Recovery Manager to Restore Software and Drivers (Windows 8)
- Using Recovery Manager to Restore Software and Drivers (Windows 7)