hi
read the information at the bottom of the below link about what some malware does regarding hiding your data files and the remedy for it
read Section 17
http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery
Recovering Data After Trojan Virus Infection
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
My desktop PC was infected with Trojan Win32/FakeSysdef virus. I used Windows Malicious Software Removal Tool and a full scan with MS Security Essentials to remove the virus and now it is clear. However, my data, music, and photo files have been deleted as well as Explorer favorites. They are not in the Recycling Bin. Is there a way to recover this lost data?
Windows for home | Other | Recovery and backup
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
{count} votes
Answer accepted by question author
-
Anonymous
2011-06-05T02:28:47+00:00
5 additional answers
Sort by: Most helpful
-
Anonymous
2011-06-05T02:44:11+00:00 Hi,
Sorry, I meant to post this one :
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as
the cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.
These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run
them in regular Windows when you can.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/products/malwarebytes_free
SuperAntiSpyware Portable Scanner - Free
http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
Microsoft Malicious Removal Tool - 64 bit
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
Original version is now replaced by the Microsoft Safety Scanner
http://onecare.live.com/site/en-us/default.htm
Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
After removing any malware :
Also do these to cleanup general corruption and repair/replace damaged/missingsystem files.
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK -
RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
======================================
If needed AFTER you are sure the machine is clean of all malware. (DO NOT USE IF
MALWARE IS STILL PRESENT.)
You can try an In-Place Upgrade or a repair installation.
You can use another's DVD as they are not copy protected however you will need you own
Product Key. It has to be the same 32 or 64 BIT OEM version of Vista. Also the System
maker will usually sell the disk cheap since you already own Windows. Be sure to do a
good backup or 3 (safety in redundancy).
In-Place Upgrade
This tells you how to access the System Recovery Options and/or from a Vista DVD
http://windows.microsoft.com/en-US/windows-vista/What-happened-to-the-Recovery-Console
How To Perform a Repair Installation For Vista
http://www.vistax64.com/tutorials/88236-repair-install-vista.html
=======================================
**For extreme cases :**Norton Power Eraser - Eliminates deeply embedded and difficult to remove crimeware
that traditional virus scanning doesn't always detect. Because the Norton Power Eraser
uses aggressive methods to detect these threats, there is a risk that it can select some
legitimate programs for removal. You should use this tool very carefully, and only after
you have exhausted other options.
http://us.norton.com/support/DIY/index.jsp
================================
If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. Seehttp://www.microsoft.com/protect/support/default.mspx for details.For international information, see your local subsidiary Support site.
Hope this helps.
-
Anonymous
2011-06-05T03:21:22+00:00 hi
in your question you state that you use:
http://www.microsoft.com/downloads/en/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356
Microsoft® Windows® Malicious Software Removal Tool
to help remove the Trojan which was called: Trojan Win32/FakeSysdef
Microsoft® Windows® Malicious Software Removal Tool is a legitimate Microsoft Security Program
I suggest that the other poster READS your question before posting anything!!!!!
_________________________________________________________________
one if its aliases is Windows Recovery
that is why i gave you the CORRECT information
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/FakeSysdef
Aliases
- TR/FakeSysdef.A.20 (Avira)
- Trojan.Inject.12360 (ESET)
- Mal/FakeAV-EA (Sophos)
- Trojan.FakeAV!gen28 (Symantec)
- HDD Defragmenter (other)
- Check Disk (other)
- Windows Repair (other)
- WindowsRecovery (other)
-
Anonymous
2011-06-05T03:36:06+00:00 hi
you will notice that the other poster has now edited his post and deleted the INCORRECT information that he supplied to you
the moderators can see that he deleted where he advised you that the Microsoft Malicious Software Removal Tool that you used was malware
and it takes another poster in these forums to advise an MVP about Microsoft Programs
and he claims to be a security expert
and this is NOT the 1st example of this in these forums by this poster
i will be lodging a complaint about him
_____________________________________________________
"Sorry, I meant to post this one :
that is also incorrect information by the other poster
he purposely stated to the OP that the Malicious Software Removal Tool was MALWARE and this was the link he supplied
http://www.bleepingcomputer.com/virus-removal/remove-ms-removal-tool
-
Anonymous
2011-06-05T18:14:34+00:00 Thank you to all who replied. I will take a look at these posts and try some of the suggestions. I'll let you know how it turns out.
Thanks again!