Solved Windows Defender - delete virus, rescue data

brato92 · Nov 20, 2013

Hi everyone, i have a problem with my USB stick: i've borrowed it to a colleague 20 minutes, and now, when he returned me i have a little surprize: instead of finding my personal data from faculty, i found these shorcuts, who turns out that are viruses (Windows Defender alerted me).

The stick was used in one of our laboratory class. I want to recover my data because i have about 1.5gb of files which are very important to me. When i scan the USB with Malwarebytes Anti-Malware, it detects nothing, but scans even my personal files, despide i cannot see them (even if i pick 'Show hidden folders and files' option), only Windows Defender finds the viruses.

Is it possible to delete the viruses and save my personal files (txt's, doc's and pdf's), without formatting the stick ? Thanks !

View attachment mbam-log-2013-11-20 (11-05-07).txt

Wullail · Nov 20, 2013

if the virus deleted your files and overwrote them...it's unlikely you can recover them.....you did back them elsewhere up didn't you ?

brato92 · Nov 20, 2013

No, unfortunately i didn't back up all of them. This means that i have no chance getting back them (most of them are Office documents) ?

mikeytg · Nov 20, 2013

There are "file undelete" tools available, although I have not used one in a long time. There is a chance that you could recover some of your files with one.

Perhaps someone here knows of a good one. Googled for "file undeleter" and found this among many others:

15 Free Data Recovery Software Tools (Free File Recovery Software)

Borg 386 · Nov 20, 2013

Viruses like to play hide the files in some instances.

Have you deleted the virus successfully? If not, another suggested AV program is SuperAntiSpyware. The free version will work fine.

SUPERAntiSpyware - Downloads

The files may/may not still be there. The virus has probably changed the attributes of the files to render them hidden. Once you have cleaned the FD, Have a look at these articles, they will guide you through unhiding them using the command prompt:

~~Long title is long~~: TIPS: Unhide hidden files (caused by viruses)

How to Open the Hidden Files in a USB Pen Drive: 6 Steps

brato92 · Nov 20, 2013

Windows Defender doesn't have a 'Delete' option for quarantined items. The virus is quarantined. Also, Super Anti-Spyware didn't detect anything suspect. Maybe i need another tool to remove it.

EDIT: i just followed your first tutorial, and i managed to unhide my files in 2 steps. The files were stored in a new folder. There were more shortcuts, but i've deleted them. I'll copy the files to my HDD, then format the Stick to delete the virus. Thanks ! Just didn't know it was so simple.

Borg 386 · Nov 20, 2013

Glad you got your files back.

You may want to consider immunizing your FD's with this tool.

USB Immunizer | Bitdefender Labs

It disables autorun-related threats before they access the computer. Once installed, it constantly watches for newly inserted USB storage devices and immunizes them on the fly. If you accidentally plug in an infected USB drive that has not been immunized, the computer will not auto-execute the piece of malware located on the USB storage device.

To check to see if your saved files have been compromised, you can upload them to Virus Total (Maximum file size: 64MB)

https://www.virustotal.com/

VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.

brato92 said:
Thanks ! Just didn't know it was so simple.

Yepperz, the command line still proves useful & knowing some basic commands is a good thing to learn

brato92 · Nov 20, 2013

I'll try USB Immunizer. Good to know about it. Thanks again !

PJL · Nov 20, 2013

brato92 said:
Windows Defender doesn't have a 'Delete' option for quarantined items. The virus is quarantined. ...
...

Hmmm...when I look at the History tab in Windows defender, there is a Remove and a Remove All option. In fact, I see a Remove button in your screen shot in your first post.

brato92 · Nov 21, 2013

That button removes the viruses from History tab, not remove it permament. It is still there.

PJL · Nov 21, 2013

brato92 said:
That button removes the viruses from History tab, not remove it permament. It is still there.

Can you provide a web link that confirms this? This page says this deletes the file. See Remove or restore items quarantined by Windows Defender.

Solved Windows Defender - delete virus, rescue data

New Member

My Computer

Active Member

My Computer

New Member

My Computer

New Member

My Computer

ADHD member

My Computer

New Member

My Computer

ADHD member

My Computer

New Member

My Computer

Member

My Computer

New Member

My Computer

Member

My Computer