Print this page
Data Recovered from Pendrive Data Recovered from Pendrive Sukla Chinnappa

Recover Data from Infected Pen Drives [ Data/Files Changed to .lnk ]

Written by 

21 March 2016

Bugs & Security Issues
Comments::DISQUS_COMMENTS

The Agonising time when …

  • Your AntiVirus program cleans your PendDrive / External Disk only to leave some “.lnk” / Shortcut files
  • You used an already infected pen drive on a computer with a decent antivirus program
  • You need to get your important data, which you have no back up of

Run this in Command Prompt (Windows Key+R (winXP) or just the Windows key on higher versions, type cmd, press Enter) as Administrator (Instead of enter, right click and select run as administrator) under Microsoft Windows :

attrib -h -r -s /s /d e:\*.*                     -- For a entire drive, where e:\ is our drive

attrib -h -r -s /s /d e:\"My Folder"     -- For a entire drive, where e:\My Folder is the path to the folder where the data recides

The files & folders are generally inside a folder with whitespace as the filename Example E:\ \MyFilesAndFolders, you could try cd " " or entering the folder without a name to see your files 

 

Word of Caution :

  • DO NOT STOP YOUR ANTIVIRUS TO STOP IT FROM CLEANING PEN DRIVES AUTOMATICALLY. It is possible to RECOVER most of your data after it cleans up your drive
  • Format your pendrive / external drive after you recover all your data
  • Do not try to recover executables or other files inside which Virus are known to reside (.exe, .dll, Font Files, Screensaver files, MS Office Macro Files etc)
    • Generally an infected computer harbours multiple unwanted executable pieces of code.
    • New Code / viruses continue to be written - Anti-Virus Programs look for patterns in code (from known & recently discovered malicious programs) and could be totally ineffective from the latest viruses in the wild
  • It is generally safe to recover Images, Plain Text (.txt only. but not .doc/.docm etc)
    • Be cautious of executables (its common to see files as MYFILE.jpg.exe) wherein files have multiple extensions. It is the last extension that actually matters (which could be hidden)
    • Check for the actual extension from a terminal (command Prompt)
  • Remember to Format the infect the computer and install everything in the following order
    • Format complete drive (all partitions - after taking a backup)
    • Install your Operating System
    • Install a Antivirus & Update it
    • Restart and update your Operating System (might involve multiple restarts. Update-restart-check for updates till there are no available updates)
    • Scan your data and copy it back
    • Scan your Program installers and install your programs one by one
    • Take a snapshot of your system which you can use later (just in case - this can save significant time)
Read 6322 times

Last modified on Monday, 28 March 2016 11:32

Rate this item
(1 Vote)
Sukla Chinnappa

Website: https://sukla.in