Suspicious file
Meyriu-_- -
Hello,
This morning, I noticed that files from my PC had been deleted on their own, without going through the recycle bin. I then ran a Bitdefender scan, which informed me that there were 123 files containing passwords, so I can't access them and I don't know what they are: they are located in C:\ProgramData\ToolLib\{354F28FB-75E0-40EE-BB7D-B86921F41D3E}
Looking forward to your reply
Thank you
3 réponses
Hello again,
If a virus hasn’t deleted the snapshots, you can try to recover your files using Shadow Explorer or another tool:
If the data was on the C: drive:
Download Shadow Explorer 0.9 Portable here:
https://www.shadowexplorer.com/downloads.html
Extract the entire folder somewhere, and run ShadowExplorerPortable.exe
Select your C:\ drive if it’s not already selected.
Choose a date when the files were there.
Navigate to Users > Your name >
Right-click on the folder or file and click on Export
Choose a destination...
If it was on another drive, try Photorec or Recuva (Free)
https://www.cgsecurity.org/wiki/PhotoRec
https://www.ccleaner.com/recuva/builds
There’s nothing stopping you from using them for C:, but it depends more on luck.
Hello,
Analyze with RegRun version Reanimator to see if it finds anything suspicious as well, and take screenshots if you have any questions regarding suspicious detections or need help; otherwise, feedback on the subject would be appreciated.
(Although depending on the file extensions, these may not be executable types and therefore not dangerous in themselves).
https://greatis.com/security/reanimator.html
Click on Fix Problems and then on Fix Malware Issues
Be careful, it detects dubious items, sometimes good, sometimes bad, but sometimes important too; it's crucial to sort through them carefully, using deductions or Internet searches, and/or VirusTotal analyses of executable files or drivers, to only delete viruses or unnecessary items.
https://www.virustotal.com/gui/home/upload
There are tabs at the top to view different types of items.
It shows details such as types, names, and file locations, etc., which often provide concrete clues.
Whether an item is marked in red (often bad), yellow, blue, or green, it's up to the user to assess the relevance of what it detects.
You can use right-click > Copy to Clipboard to copy the text of the detections. (This helps in the searches)
Check the items to delete and not the others and click the red button to delete them, and confirm, then continue by clicking Next to check all the tabs where detected items are present.
Then at Finish!, if necessary, click on the "Restart is Required" button to restart Windows.
If it does not show what you want to detect, use Filter Set or Inspection Mode to see everything, but be extra cautious about what you delete.
Or by closing the first Reanimator window using the X at the top right, and the Reanimator tab > Anti Spyware Full Check...
Thank you, I will see.