How do i recovering an infected files?

Discussion in 'NOD32 version 2 Forum' started by steven17, Sep 7, 2006.

Thread Status:
Not open for further replies.
  1. steven17

    steven17 Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    5
    Yesterday i run nod32 for the first time.
    And my computer was infected with Win32/NoonLight.A worm.
    I deleted all the infected files and folders, but some of them turn out to be my only data, i don't have backup anywhere.

    How can i get those files and folders back?
    No files stored on the quarantine and I was using blackspear setting.

    Help me
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    HI steven17, welcome to Wilders.

    How did you "delete" the files? As in the Tutorial automatically cleans and quarantines, and if it can't, then it deletes and quarantines, there are no prompts for action as this is not how the Tutorial is designed.

    Blackspear.
     
  3. steven17

    steven17 Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    5
    I had no idea sir.
    When nod32 found a virus, the popup windows appear, ask me to chose (if i'm not forget): "rename", "delete", "quit". So i choose delete.
    It infected on folders and on *.doc files.
    My only change to your setting was the nod32 notification on my email.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That would be the title addressed to my Grandfather by a someone that didn't know him ;) :D I'm simply Blackspear :D


    If you had the Tutorial settings, then there is no possibility of it “prompting”, as such you have deleted a file without it being copied to quarantine.

    I’m afraid if this is the case, and there are no “quarantine” files found in C Drive> Program Files> NOD32> Infected then you are left to your own backup files that you have created.

    Cheers :D
     
  5. steven17

    steven17 Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    5
    Ok blackspears.

    I'm already comparing your setting with my nod32 setting. On the DMON; setup; actions; "if cleaning cannot be performed" was unable to check the radio button "copy to quarantine". I think it was the problem my quarantine empty.

    So, my infected data was lost, right? Oooh..

    Thanks blasckspear.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No worries :D


    See the following screenshot.


    Without the the screenshot setting checked then quarantine will be empty, and recover not possible through NOD32’s software, you might be able to use 3rd party recovery software.


    By the sounds of it, yes.


    My pleasure.

    Cheers :D
     

    Attached Files:

    • DMON.gif
      DMON.gif
      File size:
      39.8 KB
      Views:
      228
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We are analysing the Noonlight.A worm, but so far it does not look like a file infector.
     
  8. steven17

    steven17 Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    5
    Any sugestion for 3rd party recovery software for deleted files by nod32?

    My Noonlight.A worm infected folders (change it to screensafer files/ *.scr) not files as i mentioned before. But since the files was in the folder, it will deleted too, if i chose to "delete" when the popup warning appears.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We'll need to get a sample of it. Neither of the samples we have is file infector, nor other AV companies flag it so.
     
  10. steven17

    steven17 Registered Member

    Joined:
    Sep 7, 2006
    Posts:
    5
    My computer is clean now, but i can get the sample again from my client computer, since we always exchange data weekly. They don't have nod32.

    Still, any suggestion for recovery software?
     
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    If you did not have an option for 'clean' then I would suggest that the file was no longer your data file. If you are presented with the alert window again, select 'Quarantine' before taking any other action. (I'm thinking that even if you managed to recover the last state of the file it would not have your data in it)

    Please run through Blackspears tutorial again very carefully - with those settings in place NOD32 is set to quarantine before taking any action whatsoever for exactly the 'just-in-case' moment you just experienced.

    I've experienced good file recovery results in the past with Pc Inspector File Recovery from here but make your own deciscion before you use it.
    Or you may wish to look at File Scavenger from here - your choice.

    Cheers :)
     
  12. Texcritter

    Texcritter Registered Member

    Joined:
    May 6, 2005
    Posts:
    1,985
    Location:
    Teesside, North East England
  13. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    have found
    getdataback pretty good
    or in some cases badcopypro
     
Thread Status:
Not open for further replies.