How to recover files from virus attack part 1
by : nevt
One day a friend came asking for our help. He uses Microsoft Windows XP operating system. Suddenly lots of his files became some sort of ".bmp" files. And those files can be viewed, but they're really not a nice picture. We're it was somekind of virus attack. We started to plan a strategy.
- Get the newest update for the anti virus definition and database
- Recover infected files
First we must know, which process/server are running in this machine. We can use 'tasklist' and 'service.msc' commands for this.
We typed “tasklist” first on the command prompt.
c:\tasklistThe screen displayed a suspicious service named “kspool.exe”. Next we called the “service.msc”.
C:\service.mscThe result was the same. We tried to stop this service and ...it started again automatically :). Then we checked the dependency of “kspool.exe”. Ooops it's used by 'explorer.exe'.
To kill 'kspool.exe' process we must kill its parent process first - that's the 'explorer.exe' process. Using “CTR+ALT+DEL” we killed the explorer process and then we proceed to stop the kspool process. Everything works fine then.
File recovery can be started normally, but we thought it’s not a good option. The virus was still there, so we must erase it first. We started the explorer services again.
c:\explorerUsing Windows Explorer we found 'kspool.exe' in the system32 folder. We deleted the file (but not after we copied it to our flash disk for later research ;).
The virus has been erased, then we proceed to check the registry to find the key contains the 'kspool.exe' string.
We found it in :
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”
The description says “kernel spool”. That's old trick. We deleted it.
Time to recover lost or infected files. We recommend Recover My Files, DOC Regenerator for broken .DOC files, and XLS Regenerator for broken .XLS files. And again don't forget to update anti virus definition and database.
Read More Guides :
- Hard Drive Dead? Bring those Files Back from the Dead
How many times did you hear your colleague remind you to back up those files? Many times already! But did you listen? No. A thing such as data loss can never happen to you. Not with your brand new, shiny pc. But apparently you were wrong. The worse has...
...read more >> - Do It Yourself Data Recovery: Freezer Method
There has been a long running myth about putting your hard drive in the freezer when it crashes in order to revive it just long enough to pull your data off of it. We've run this test for fun on many occasions in different scenarios with junk test ...
...read more >> - Data Recovery: Beginners Tips
Right now you probably in a lot of mental pain, and all you\'re concerned about is recovering your data as quickly as possible - so we\'ll refrain from comments on the wisdom of regular back ups. The time for preventative measures has gone - the issue at.
...read more >> - Hard Disk Data Recovery Expert: Choosing Yours
If you need a hard disk data recovery expert, you need one now. You have just lost a good amount of work that you need to send, well, yesterday. No matter how well versed you think you are in the computer world, chances are that at some point, ...
...read more >> - Online Data Storage
Most people do not realize it, but online data storage is indispensable to any computer user, serious or not. Online data storage serves as an extension of your computer?s hard drive and acts as an additional source of data storage, as a backup ...
...read more >>
...Back to Related Guides, Tips, and Tricks | Data Recovery Help >>
