Hello,

we have a case at the school where students missing their files and replaced with a text files that have the same names and extensions!!


the text files has the following message:
{QUOTE-> Sorry I am really sorry. I don't want to do it again. This is my first and may be the last if you agree to help me.

Do you want to get your files back? That is so easy just do this. I want you to write a mail to
Zlovel_4evr@yahoo.com
stating how much I loved her.

You know… I gave her everything I had, my heart my phase…. all what I can and had but she gave me nothing
except pain. Now she leaves me alone and I am felling now empty inside. I can't to live without her. That is why I
burnt your files. I know may be this file is vital for you as your mail is for me. Be sure I will give your files back with
out any damage. Be sure and trust me.

Take a minute from your busy time and write a nice message to her. Then you will get all your files as befor.

Thank you for your cooperation. And I hope you will give me a pardon for my miss use of knowledge. I did it
because I left with no other option. <-QUOTE}


after looking around I found that all the files are there and they are hidden and renamed Hide_filename


what disturbed us that NOD32 in our school's computer did not find the program or the script that does this!!!

any idea how to stop that?


cheers

Hi !

I have never seen such thing but it sounds funny ... Anyway , it is a problem for you and your users.

{QUOTE->
any idea how to stop that? <-QUOTE}


Download and run ESET SysInspector
http://www.eset.com/download/sysinspector.php

When the utility has collected the information , click File > Save Log
Confirm your wish. A log file , placed in a zip archive , will be created.

Contact ESET Technical Support , samples@eset.com or to your local Support Dept. (depending on where you are located (http://www.eset.com/partners/worldwide.php)).

In the email describe the case , include a link to your thread here and attach the log file . Note , you may wish to send 2 or 3 log files from some different machines , for better analysis.

Besides sending the SysInpspector log to samples[at]eset.com with this thread's url in the subject, also attach the default template used by MS Word and Excel. Also try installing ESET NOD32 Antivirus which has better detection capabilities than v2.

A couple of links that may be helpful for research:

http://in.answers.yahoo.com/question/index?qid=20080717043409AAod3bz

http://tibebeantonios.wordpress.com/2008/03/10/53wedew-aysiku/
{QUOTE-> Solution:

Goto Control Panel -> Folder Options -> View Tab -> Show Hidden files and folders. Then in your flashdrive, where the “virus” files are. You will see your old files with Hid_ at the beginning of the file. That is your original file. Delete the virus file (one without Hid_). Open the file with the Hid_ at the begining of your file, save as a new file. Your done, your files is back again. <-QUOTE}

Before you delete anything if it's that simple, I'm sure Marcos would love a copy to analyse.

Cheers :)