Search our directory :
HDD Regenerator
| Home | Directory | Recommended Readings | Guides, Tips, and Tricks | Related News | Partner Links | Contact Us | Comments | Blog |

How to recover files from virus attack part 1

by : nevt

One day a friend came asking for our help. He uses Microsoft Windows XP operating system. Suddenly lots of his files became some sort of ".bmp" files. And those files can be viewed, but they're really not a nice picture. We're it was somekind of virus attack. We started to plan a strategy.

  1. Get the newest update for the anti virus definition and database
  2. Recover infected files

First we must know, which process/server are running in this machine. We can use 'tasklist' and 'service.msc' commands for this.

We typed “tasklist” first on the command prompt.

c:\tasklist

The screen displayed a suspicious service named “kspool.exe”. Next we called the “service.msc”.

C:\service.msc

The result was the same. We tried to stop this service and ...it started again automatically :). Then we checked the dependency of “kspool.exe”. Ooops it's used by 'explorer.exe'.

To kill 'kspool.exe' process we must kill its parent process first - that's the 'explorer.exe' process. Using “CTR+ALT+DEL” we killed the explorer process and then we proceed to stop the kspool process. Everything works fine then.

File recovery can be started normally, but we thought it’s not a good option. The virus was still there, so we must erase it first. We started the explorer services again.

c:\explorer

Using Windows Explorer we found 'kspool.exe' in the system32 folder. We deleted the file (but not after we copied it to our flash disk for later research ;).

The virus has been erased, then we proceed to check the registry to find the key contains the 'kspool.exe' string.

We found it in :
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run”
“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”

The description says “kernel spool”. That's old trick. We deleted it.

Time to recover lost or infected files. We recommend Recover My Files, DOC Regenerator for broken .DOC files, and XLS Regenerator for broken .XLS files. And again don't forget to update anti virus definition and database.

Read More Guides :

  • Data Recovery - It May Not be to Late After All
    The salvaging of lost data or making available the previously damaged data stored on various damaged media such as hard disk drives, magnetic tapes, magnetic disks, zip disks, CD-Rom, flash cards and other storage media is known as Data recovery...
    ...read more >>
  • RAID Disk Recovery
    RAID is short for Redundant Array of Independent (or Inexpensive) Disks, a category of disk drives that employ two or more drives in combination for fault tolerance and performance. RAID disk drives are used frequently on servers and increasingly being ..
    ...read more >>
  • Recovering your data with Data Recovery
    Looking for the best data recovery software can be a real nightmare when you have just lost, seemingly irretrievably, much of your work. But if you don't panic and look carefully for the best solution, than very often it is possible to retrieve much if...
    ...read more >>
  • Disaster Recovery Preparing for the Thinkable and Unthinkable
    Most businesses may think they will never need a disaster recovery plan or they have everything under control, but they are wrong. It is vital that all businesses take the opportunity to protect itself before they regret it. A serious event can occur ...
    ...read more >>
  • Where to Turn to When You Need Data Recovery Services
    There is perhaps no worse feeling in the world of technology than having your hard drive crash and realizing you have not made a backup of the valuable data it contains. These days most of us end up storing vast amounts of personal data on their ...
    ...read more >>

...Back to Related Guides, Tips, and Tricks | Data Recovery Help >>

 
 
copyright © 2007 DataRescueHelp.com
 

Popular Search Terms :