Away from home, I get a call from The Son saying he was online when my PC told him I had x number of infected files, a message not from my A/V. He did nothing, says he, having been STRONGLY cautioned against any response to those messages, then saw messages saying "disk full" then "deleting files". He shut down the PC and didn't go back to it. He's not good with understanding computers and I felt lucky that he'd remembered anything at all about the error messages, sketchy as his information was.
When I got home I found that everything was missing from My Documents other than an empty Downloads folder. That seems to be the only area with anything missing. There are no abnormal Windows events in the log.
I ran scans in Safe Mode (Avast, Malwarebytes), nothing came up. I used Recuva to recover deleted files, found maybe half of what had been in My Documents, about two thirds of which (outside of the ones I'd expect to be unrecoverable because they were deleted eons ago and were overwritten) were either poorly recoverable or totally unrecoverable.
While the recovery was going on, Avast 5.0 found 14 files with what it saw as Win32.Hupigon. All of those files were part of a long list of ringtones he'd downloaded at one time or another. I had Avast delete them, not really caring whether it was a false positive since they were just ringtones. After recovery I ran scans twice on both my external drive (where I'd recovered the files to) and on my desktop, they came up clean each time.
Can Win32.Hupigon delete files? I haven't seen anything that tells me it can. I don't want to think that he'd have done it either accidentally or on purpose, but I have to wonder. While the information I've provided is admittedly hazy, does anyone have thoughts on what might have caused a mass deletion of files? Does this event ring a bell with anyone?
XP SP3, HP Pavilion a345w desktop, 80 Gig hard drive with 15 or 20 Gigs free before the event (45 free after the deletions).
When I got home I found that everything was missing from My Documents other than an empty Downloads folder. That seems to be the only area with anything missing. There are no abnormal Windows events in the log.
I ran scans in Safe Mode (Avast, Malwarebytes), nothing came up. I used Recuva to recover deleted files, found maybe half of what had been in My Documents, about two thirds of which (outside of the ones I'd expect to be unrecoverable because they were deleted eons ago and were overwritten) were either poorly recoverable or totally unrecoverable.
While the recovery was going on, Avast 5.0 found 14 files with what it saw as Win32.Hupigon. All of those files were part of a long list of ringtones he'd downloaded at one time or another. I had Avast delete them, not really caring whether it was a false positive since they were just ringtones. After recovery I ran scans twice on both my external drive (where I'd recovered the files to) and on my desktop, they came up clean each time.
Can Win32.Hupigon delete files? I haven't seen anything that tells me it can. I don't want to think that he'd have done it either accidentally or on purpose, but I have to wonder. While the information I've provided is admittedly hazy, does anyone have thoughts on what might have caused a mass deletion of files? Does this event ring a bell with anyone?
XP SP3, HP Pavilion a345w desktop, 80 Gig hard drive with 15 or 20 Gigs free before the event (45 free after the deletions).
Comment