Buda_vfs.img

lovny63 Posted messages 3 Status Member -  
 lovny63 -
Hello,

I'm new here, so I hope I'm not posting in the wrong forum.

So, I recently found an image file named
: "buda_vfs" on my 64 GB Verbatim USB stick; it is 0 KB. The problem is I no longer have access to my files that are still on the stick (movies); my stick still has my files since it shows 4.71 GB free out of 59.5.

For your information, I am on Windows 7 Home Edition, and I have an administrator account.

Thank you for your upcoming replies, but I’m thinking of formatting it if this continues; it would be a shame.

8 answers

  1. theblazingbeak Posted messages 3 Registration date   Status Member Last intervention   9
     
    Is it too late or what?...

    First of all, let's recap: buda_vfs.img is a file created by the Freebox Player when a DVD is inserted while a USB key or external hard drive is connected.

    This file is essential for the Freebox Player to recognize the USB key and external hard drive. Therefore, it is not a virus.

    This is a "bug" acknowledged by Free:
    https://dev.freebox.fr/bugs/task/8828

    As for the visibility of video files, however... If they are invisible while the music files are visible, it might be worth trying to recover them with data recovery software (but if they are stored elsewhere, you might as well copy them again onto the key once it is formatted)...
    5
  2. lilidurhone Posted messages 800 Registration date   Status Security Contributor Last intervention   3 818
     
    Hello

    It's not an infection but related to the Freebox

    https://forums.commentcamarche.net/forum/affich-25589327-buda-vfs-img-virus-ou-pas
    --
    If there is a problem, there is always a solution
    ~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
    1
    1. lovny63 Posted messages 3 Status Member
       
      Hello
      Thank you for your response.
      I browsed several forums and I didn't specify, sorry.
      My main question is: how do I remove this file that prevents me from reading my files?
      Thank you for your future responses.
      0
  3. lilidurhone Posted messages 800 Registration date   Status Security Contributor Last intervention   3 818
     
    Hello

    This file is created when you connect your USB drive to your Freebox

    So just unplug your USB drive from the Freebox

    It's not an infection but we will check with usbfix in scan mode

    http://www.commentcamarche.net/download/telecharger-34079838-usbfix
    --
    If there is a problem, there is always a solution
    ~~~~~~ Cs ~~~~~~ Away from July 15 to 27
    0
    1. lovny63 Posted messages 3 Status Member
       
      Thank you for your quick response. I'm not home, so I will check this evening and get back to you.
      0
    2. lovny63
       
      Re hello


      Here I haven't explained everything either, sorry I'm with Orange and this file got installed when I plugged my USB stick at a friend's place, who is with Free. Is there a way to remove this file without formatting?
      And I'm attaching the USBFix report, if that can help you, I read it but I don't understand much.

      _[b]############################## | UsbFix V 7.172 | [Search][/b]

      User: les 4thev (Administrator) # LESTHEV
      Updated on 23/06/2014 by El Desaparecido - SosVirus
      Started at 19:02:57 | 29/06/2014

      Website: [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
      Changelog: [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
      Support: [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
      Upload Malware: [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
      Contact: [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]

      [b]################## | System information |[/b]

      MB: Hewlett-Packard (1526)
      CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
      GC: Mobile Intel(R) 4 Series Express Chipset Family
      RAM -> [Total: 3996 Mo | Free: 2198 Mo]
      Bios: Hewlett-Packard
      Boot: Normal boot

      OS: Microsoft(TM) Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
      WB: Internet Explorer: 11.00.9600.16428
      WB: Google Chrome: 35.0.1916.153

      [b]################## | Security Information |[/b]

      AV: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
      AS: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
      AS: Windows Defender [Active | Up to date]
      FW: Kaspersky PURE 3.0 [[b](!) Disabled[/b]]
      FW: Windows Firewall [Active]
      SC: Security Center [Active]
      WU: Windows Update [Active]

      [b]################## | Disk Information |[/b]

      C:\ (%SystemDrive%) -> Hard disk # 98 Go (28 Go free - 28%) [] # NTFS
      D:\ -> Hard disk # 360 Go (92 Go free - 26%) [doc film] # NTFS
      G:\ -> Removable disk # 60 Go (5 Go free - 8%) [STORE N GO] # FAT32

      [b]################## | Active Processes |[/b]

      C:\Windows\System32\smss.exe (ID: 388|ParentID: 4|System)
      C:\Windows\System32\wininit.exe (ID: 592|ParentID: 508)
      C:\Windows\System32\services.exe (ID: 656|ParentID: 592)
      C:\Windows\System32\lsass.exe (ID: 688|ParentID: 592)
      C:\Windows\System32\lsm.exe (ID: 696|ParentID: 592)
      C:\Windows\System32\winlogon.exe (ID: 736|ParentID: 584)
      C:\Windows\System32\svchost.exe (ID: 824|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 900|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 956|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 424|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 452|ParentID: 656)
      C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (ID: 520|ParentID: 656)
      C:\Windows\System32\audiodg.exe (ID: 884|ParentID: 956)
      C:\Windows\System32\svchost.exe (ID: 1084|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 1120|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 1316|ParentID: 656)
      C:\Windows\System32\spoolsv.exe (ID: 1440|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 1472|ParentID: 656)
      C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID: 1608|ParentID: 656)
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1696|ParentID: 656)
      C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (ID: 1716|ParentID: 656)
      C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (ID: 1848|ParentID: 656)
      C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID: 1884|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 1908|ParentID: 656)
      C:\Windows\System32\taskhost.exe (ID: 548|ParentID: 656|les 4thev)
      C:\Windows\System32\dwm.exe (ID: 1280|ParentID: 424|les 4thev)
      C:\Windows\explorer.exe (ID: 1104|ParentID: 1580|les 4thev)
      C:\Program Files\IDT\WDM\sttray64.exe (ID: 2416|ParentID: 1104|les 4thev)
      C:\Windows\System32\hkcmd.exe (ID: 2440|ParentID: 1104|les 4thev)
      C:\Windows\System32\igfxpers.exe (ID: 2448|ParentID: 1104|les 4thev)
      C:\Windows\System32\igfxsrvc.exe (ID: 2552|ParentID: 824|les 4thev)
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2576|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\uTorrent\uTorrent.exe (ID: 2632|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 2664|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\Supercopier\Supercopier.exe (ID: 2684|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 2820|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 2188|ParentID: 2828|les 4thev)
      C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ID: 2144|ParentID: 2828|les 4thev)
      C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (ID: 2112|ParentID: 2828|les 4thev)
      C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 2860|ParentID: 656)
      C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 3136|ParentID: 656)
      C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 3176|ParentID: 656)
      C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (ID: 3272|ParentID: 656)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3308|ParentID: 656)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 3396|ParentID: 3308)
      C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (ID: 3784|ParentID: 3272|les 4thev)
      C:\Windows\System32\svchost.exe (ID: 3996|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 3676|ParentID: 656)
      C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1920|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 4272|ParentID: 656)
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4780|ParentID: 2576|les 4thev)
      C:\Program Files\Internet Explorer\iexplore.exe (ID: 4852|ParentID: 1104|les 4thev)
      C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 4236|ParentID: 4852|les 4thev)
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe (ID: 2896|ParentID: 824|les 4thev)
      C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2724|ParentID: 4852|les 4thev)
      C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (ID: 4176|ParentID: 824|les 4thev)
      C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5100|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 5328|ParentID: 656)
      C:\Windows\servicing\TrustedInstaller.exe (ID: 1800|ParentID: 656)
      C:\Windows\System32\svchost.exe (ID: 3348|ParentID: 656)
      C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 3556|ParentID: 4852|les 4thev)
      C:\Windows\System32\taskeng.exe (ID: 5532|ParentID: 452)
      C:\Windows\System32\VSSVC.exe (ID: 6168|ParentID: 656)
      C:\UsbFix\UsbFix.exe (ID: 4912|ParentID: 2944|les 4thev)
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 1584|ParentID: 6072)
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 464|ParentID: 656)
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 6220|ParentID: 6072)
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe (ID: 4712|ParentID: 464)

      [b]################## | Autorun |[/b]


      [b]################## | Regedit Run |[/b]

      F2 - HKLM\..\Winlogon: [Shell] explorer.exe
      F2 - [x64] HKLM\..\Winlogon: [Shell] explorer.exe
      F2 - HKLM\..\Winlogon: [Userinit] userinit.exe,
      F2 - [x64] HKLM\..\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
      04 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      04 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      04 - HKCU\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
      04 - HKCU\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      04 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
      04 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      04 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
      04 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      04 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
      04 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
      04 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
      04 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      04 - [x64] HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
      04 - [x64] HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      04 - [x64] HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      04 - [x64] HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      04 - [x64] HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
      04 - [x64] HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      04 - HKU\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
      04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      04 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
      04 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe

      [b]################## | Generic Search |[/b]


      [b]################## | Registry |[/b]


      [b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]



      And thanks again for everything.
      0
    3. lovny63
       
      I managed to remove the buda_vfs file, but my movies are still inaccessible; however, my USB drive still has 4 GB free out of 59.

      I think I'm going to format it soon. Thanks for everything
      and have a good holiday if I don't talk to you before.
      0
  4. lilidurhone Posted messages 800 Registration date   Status Security Contributor Last intervention   3 818
     
    I told you

    Delete the file, it is not an infection

    --
    If there is a problem, there is always a solution
    ~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
    0
  5. lovny63
     
    Yes, you told me, but I still don't have access to my movies. Damn it, I thought that would solve everything, but no.
    0
  6. lilidurhone Posted messages 800 Registration date   Status Security Contributor Last intervention   3 818
     
    They may have gone into hiding?

    --
    If there is a problem, there is always a solution
    ~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
    0
  7. lovny63
     
    Hey no. I tried
    I restarted with the USB stick plugged in but it didn't change anything.
    I think I'm going to format it, I'm the type to solve my computer issues like that.
    Thanks for everything.
    0
  8. lovny63
     
    Hello

    Thank you for your reply, but since I'm not very patient and I had already stored my files on another medium, I formatted everything. Thank you.
    0