[Guest]

Dear fellows,

On 9/27/2010 during the after hours of the day, I experienced some anomalies with my laptop. At the time, I was uploaded some large bootable emulators to TOC and downloading some new ones to upload later. While I was waiting, I was watching a movie. Movie got over so I decieded I wanted to play some Zelda - Parallel Worlds on my laptop. I double clicked the shortcut on my desktop and to my surprise, recieved an error saying that ZSNES is not a valid Win32 application... Odd, I was on it just over an hour ago and it was working fine...

I figured it may be something stupid and I would just restart the computer and maybe some service that had stopped would be restarted. Ok, the upload finished and I restarted the laptop. Boots up. My desktop that had about 15-20 shortcuts, now only 4 actually "show up" as the normal icon.
Everything else looks like:

error.png

Now im startin to get nervous. I start double clicking the progs hoping to open them and every one of them gives me the same error as before. This is not a valid Win32 Application. Firefox somehow survived for whatever reason and so I get on the internet to look up some answers. Its such a generic error that I cant find any relevant information about my situation.

The night is late and so I must sleep.

...
...
...

The next day I awaken and go to my only class. Around noon I get back home and get on the computer, hoping something has changed. Not at all. My family interrupts and most of the day I had to spend with them, computer lying dormant at home. Later that night though I was able to make 2 calls to both Microsoft and Sony hoping to get some answers. Microsoft referred me to Sony and Sony says im out of warranty so it would cost. Hell No! I noticed though that in "My Computer" my C:\ Drive seemed to be missing about 150 GB of information. Where the night before I only had 20GB of space left, now the drive was half empty. My heard dropped as I knew that meant bad things. But I also had to sleep once again. Let me tell you, the nightmares I had that night were terrible ones...

...
...
...

Now today, I have my classes all day but I have a 2 and a half hour break right before my last one. So naturally, I packed up my laptop and brought it with to do some more work on it. My thoughts were that the 32 bit portion of my computer (I run windows 7 64-bit) had somehow been deleted and so Win32 applications would not run. That really was the only thought I had but it seemed stretched. But I had to start somewhere. Break time comes and I go to the Activity Center and plug in and start up. I see one of my friends and he comes and sits with me. He has a MAC because his school actually REQUIRES a MAC. Oh well. So I told him about my situation and my plan was to use some recovery disks to "reinstall the missing parts" that I believed were missing. Basically a shot in the dark.

We got to talking about it and he is tech savvy almost as much as I am but in somewhat different fields. I told him all the symptoms and we basically just threw our thoughts out into the air for each other to hear and build off of. I am very grateful of his presence because he was the one who brought us a step closer and noticed things I had not before. We went to the program files of random programs that werent working and he pointed out that the .exe for that program was 0 kb. The file was there, but the size was empty. I looked at multiple others and the same thing was there. This made sense because it accounted for the lost space and the file not being able to run. If nothings in it, how can it run. Knowing what I do about computer and software and such, it makes sense the error I received. I have archives where I save downloaded programs just in case I ever want them and possibly need another version of a program. So I went into them wonder what would happen in I just reinstalled a program...

Once again, all my .exe were empty in my archives. Now im starting to get frustrated. We are beginning to see that whatever is going on is targeting files and emptying them of contents. Erasing them but leaving the file. I got on the internet and downloded CCleaner. Trusty little application. Re-installed it (if you can call it that at this point) and ran the program. It worked! And as a plus, my preferences had also been saved. We inspected the program files again as to why this was and found that .ini files were not touched (emptied). Only the .exe was in that folder. Its better than nothing I guess..

We talked about these new discoveries and we couldnt figure out why SO MUCH SPACE had been lost, because even with my archives empty, that still didnt account for all 100ish GB of space. He asked me, what files do you have an extraordinary amount of that would take up a huge amount of space... I thought for a moment and then it hit me. My music, with over 20,000 songs. A vast collection. Almost instantly though after realizing this I froze as what this meant really hit me. My music + the space missing = Huge problem. He watched me as I began to open up my music folder...

My music was gone. All of it. Every single file was there, but empty. I really just sat stunned. He was just as lost. I forced myself to think and what this could mean. I tried putting things together quickly. I then opened up my pictures folder and all my files were empty. At this point I became furious but seeing as anger was not going to fix the problem it quickly dissipated. Its not entirely true that ALL my pictures were gone. .JPG were all empty and other file types such as .bmp, .png. .gif were all left untouched and fine.

One more time, I moved my mouse and opened my documents folder. Nearly all my documents were empty. I had realized that very common file types had been targeted and emptied.

So this is what im left with: Ive reinstalled a few programs and im running deep scans as I type this. So far nothing. This is very sad. I have listed all my protection in another post and not ONE OF THEM detected anything. I know it was not a "hacker" as my network is not detectable and also with 36+ character, alpha numeric + symbol password, not crackable. It had to be a virus or something.

Current thoughts: I say "it" targeted common file types, yet .psd (the Photoshop save file that has layers etc.) was also empty. Means the ranks I made are missing but lucily I posted the basic. I can still use that but its no longer editable unless I start over. Also, if it targeted common file types then why did it leave .png, .bmp, and .gif along. Those are very common picture files. Also also, while my .exe were emptied, Firefox remain untouched. This fact further led me to believe it was a virus attack because my Firefox has passwords saved that I use for common sites such as my email, here, and many others. Honestly, I saved them because no one is ever on my laptop but me.

I just discovered that ZoneAlarm is also working fine after all this.

Honestly, I just dont know what the hells going on but im getting pretty stressed. I love my computer so much and this is killer that im missing so many files. I dont care about some, but my pictures I do. My music I do because it was such a large collection. They are all attainable through my friends because most of them got their stuff from me but the work required is astounding. Finally, the computer files themselves. Out of everything I have, pretty much pictures are the only thing I can think of that are next to irreplaceable. Lots are on facebook but there are certain ones that are completely lost. All the programs cnan be downloaded again. I have no recent "backups" of my complete harddrive but I do have some older ones. That helps. The operating system is what Im worried about.

I ordered the laptop from Sony and it came with Windows Vista pre-installed. I used this untill the free (for some) upgrade to Windows 7 became available. It is an *upgrade* and so not a complete OS install disk. I am not sure what my recovery options are but I am the kind of person that doesnt trust viruses enough to let a program "isolate" them and keep that them. No, to make sure its gone I fear I am going to have to completely 0 my harddrive. I have a few disks capable of this but its still not something I want to do. I refuse to use my system with the possibility that this could happen again and thats why wiping my drive is an option and currently, one of my only ones.

I am in contact with some higher Techs than me from a few different companies. I am going to see what they have to say and what they think I should do.

Final notes: I wrote this up because I probably wont be on the forum much for a little (as little as possible I assure you) while because I want to focus on resolving this issue first and foremost. I will still be checking in as everything that happens is passed on to me through my phone. So occasionally I may pop in, but for the most part, the Ranks, the uploading I started, will cease until I have fixed this. I estimate a week at most but dont hold me to it.

Wish me luck

[gamfrkI]

i had this happen to me also but on my xp
most of my exes were emulators,vlc,and my virus protection software
i only had backups of half of my music and pics
after a while of looking online doing what some sites say to do
my xp would not boot no more(after many reboots)
my mom took it to a friend that fixs comps he couldnt find the problem so he installed xp pro that fixed the problem

[Kherr]

Hmm... sorry to hear that Guest. I'm also undergoing some sort of virus attack. I don't exactly know what it's supposedly doing to my pc, BUT I think it's a false positive on Kapersky's AV side of my Zone Alarm Extreme Security. I'm getting two alerts. The first one is:

Trojan-Spy.Win32.Ardamax.ilx

No matter how much I look for this virus, I cannot find it. There isn't anything on the web about this particular virus. There is something on Trojan-Spy.Win32.Ardamax.e, but that's not what I have. I think it's a false positive.

The other thing I'm getting that is worrying the SHIT out of me is:

Net-Worm.Win32.Mytob.krv

There's only ONE RESULT on the entirety of google. There is also a very big shortage of information on this particular WORM. There's quite a bit of info on Net-Worm.Win32.Mytob.y, but again, that's not what I have.

Thus far, nothing on my computer is acting strange or working weirdly, I don't have any processes I do not know about running, I also checked my processes to make sure that they were all safe, and they were. Just the standard windows processes (yes I checked lsass.exe to make sure it wasn't a fake one) and my trusted programs. That's it, no odd processes at all.

These particular viruses are being found in ONLY:

Trojan-Spy.Win32.Ardamax.ilx = Skulltag.exe (ST-v098c_windows.zip and in the main skulltag.exe itself)
Net-Worm.Win32.Mytob.krv = FRAPS.exe (and it's installer)

Now skulltag is an encrypted file and I KNOW for a fact that it is NOT a virus nor has one contained in it. So I KNOW it's safe, but ZA keeps deleting the file on me because it can't heal what doesn't exist. So I had to add it as an exception in the virus database so that it wouldn't delete it on me when I tried to play.

FRAPS 2.6.exe however... This was downloaded from TPB because it doesn't just take keycodes to unlock, it literally is custom to the purchaser... so you have to torrent it. Anyway, since I did that with this, I'm weary of it simply because it's coming up as a worm, but yet my computer is fine and nothing that I'm aware of is wrong at all. There isn't a severe power drain, functioning completely 100% normal.

Matter of fact, I used that exact installation of FRAPS to record my gameplay vids that I've upped to youtube. They came out just fine.

I just want to know why I have these on here and why there isn't ANY INFORMATION ON THE NET whatsoever about EITHER of these "problems."

[crustyasp46]

Good luck, Guest, hope you get it figured out, hope it wasn't caused by one of the links I sent you. I scan everything before I download or upload, but that does not seem to matter anymore as hackers always seem a step ahead of the best virus programs, and the virus programs seem to react most of the time after the fact.

[Hot Trout]

Very sorry to hear that Guest. I have come across this virus in the past at work. Have you checked for this

look in
Windows/System32/Activescan/imscan.dll for infection with VBS/Newlove.a

use
Vexira Antivirus Rescue Disk System from

Code: Select all

http://www.centralcommand.com/downloads.html

I do hope you will find an answer. If the files are at 0 size I suspect that only a restore from backup will solve the issue. Can you perform a system restore/check point?

[JAHGoVeg]

I don't know if when it deleted your files it overwrote them with zeros, but if not you Might be able to use A file recovery software like Recuva It's made by piriform the same people who make CCleaner.

Code: Select all

http://www.piriform.com/recuva

[arinlares]

A tip to help you calm down, Guest: Remember that it's only software. It can be fixed. If it can't be fixed, it can be replaced, either with the same or close, with a few exceptions.

Kherr: Search the virus name with the antivirus software in Google, and check the programs on

Code: Select all

ProcessLibrary.com

. It generally identifies any known infected files.

Guest& Kherr: I keep hearing

Code: Select all

www.malwarebytes.org

is great at kicking some virus butt from folks who have had serious problems. I haven't had Windows get raped except once, and I was able to fix that with a system recovery, though. If you haven't tried this yet, give it a shot.

[Kherr]

1 - Kherr: Search the virus name with the antivirus software in Google, and check the programs on ProcessLibrary.com. It generally identifies any known infected files.

2 - Guest & Kherr: I keep hearing Malwarebytes Anti-Malware is great at kicking some virus butt from folks who have had serious problems. I haven't had Windows get raped except once, and I was able to fix that with a system recovery, though. If you haven't tried this yet, give it a shot.

1 - I have done that already, I love processlibrary. :3 I also love google. Neither could find anything about them... Besides, I've decided that they're false positives simply because of the lack of info on them on any site whatsoever, and because there was nothing out of order happening on my laptop. So yea...

2 - It may have helped some people out, but nothing ever works the same for others. Kapersky is the one who Zone Alarm licenses it's AV from. Among the most trusted websites, Kapersky is rated between number one and number three. Somehow on pcworld norton made number two, beating kapersky. I don't see how that's possible, but... anyway... I might give this a try after my 30 day trial of Zone Alarm Extreme Security runs out IF I can't find the registry key for the program and remove it allowing me another 30 days of free protection. :3

[Guest]

So I never did figure out what was exactly wrong with my computer or what "virus" I actually had.

I ended up wiping my computer and reinstalling windows. I lost some pics and music, but that was probably the worst of it. I lost alot of time too. But im back and Ill be using an external Terabyte hard drive to back up my files every week or so.

If I have any advice to give that Ive learned from this it would be: BACK UP YOUR STUFF! I had an old backup that saved me a little bit but I still lost alot which is unfortunate.