Search our directory :
HDD Regenerator
| Home | Directory | Recommended Readings | Guides, Tips, and Tricks | Related News | Partner Links | Contact Us | Comments | Blog |

How to recover files from virus attack part 1

by : nevt

One day a friend came asking for our help. He uses Microsoft Windows XP operating system. Suddenly lots of his files became some sort of ".bmp" files. And those files can be viewed, but they're really not a nice picture. We're it was somekind of virus attack. We started to plan a strategy.

  1. Get the newest update for the anti virus definition and database
  2. Recover infected files

First we must know, which process/server are running in this machine. We can use 'tasklist' and 'service.msc' commands for this.

We typed “tasklist” first on the command prompt.

c:\tasklist

The screen displayed a suspicious service named “kspool.exe”. Next we called the “service.msc”.

C:\service.msc

The result was the same. We tried to stop this service and ...it started again automatically :). Then we checked the dependency of “kspool.exe”. Ooops it's used by 'explorer.exe'.

To kill 'kspool.exe' process we must kill its parent process first - that's the 'explorer.exe' process. Using “CTR+ALT+DEL” we killed the explorer process and then we proceed to stop the kspool process. Everything works fine then.

File recovery can be started normally, but we thought it’s not a good option. The virus was still there, so we must erase it first. We started the explorer services again.

c:\explorer

Using Windows Explorer we found 'kspool.exe' in the system32 folder. We deleted the file (but not after we copied it to our flash disk for later research ;).

The virus has been erased, then we proceed to check the registry to find the key contains the 'kspool.exe' string.

We found it in :
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”

The description says “kernel spool”. That's old trick. We deleted it.

Time to recover lost or infected files. We recommend Recover My Files, DOC Regenerator for broken .DOC files, and XLS Regenerator for broken .XLS files. And again don't forget to update anti virus definition and database.

Read More Guides :

  • Top Computer Problems Leading To Data Recovery
    There are a number of easily remedied computer problems that users often fear will require data recovery. Fortunately there are a number of equally easy solutions to many of these problems. There are a number of reasons computers can act up. Some may ...
    ...read more >>
  • Online Data Storage
    Most people do not realize it, but online data storage is indispensable to any computer user, serious or not. Online data storage serves as an extension of your computer?s hard drive and acts as an additional source of data storage, as a backup ...
    ...read more >>
  • What is Data Recovery? - A brief Introduction
    What is Data Recovery? Data Recovery is the process of retrieval of inaccessible or corrupt data from digital media that has become damaged in some way. Data Recovery can be used to recover data from devices as varied as Hard Disk Drives, Memory...
    ...read more >>
  • How to Use Computer Data Recovery Software
    Your computer has a crash! The Black DAY! And now? The start of your first helps is the real first step to get back your datas. About 95 percent of all datacrashes has the chance to get a recovery! It's very important to start with the right steps. To ...
    ...read more >>
  • How to recover files from virus attack part 1
    One day a friend came asking for our help. He uses Microsoft Windows XP operating system. Suddenly lots of his files became some sort of
    ...read more >>

...Back to Related Guides, Tips, and Tricks | Data Recovery Help >>

 
 
copyright © 2007 DataRescueHelp.com
 

Popular Search Terms :