Virus huyu amenitia hasara; Nifanyeje?

[Sinkala]

Hivi karibuni niliingia kwenye Internet café moja na katika kuchukua vitu vichache, nilijikuta pen drive yangu imeingiliwa na virus kwani niliona dhahiri mafaili ambayo mimi binafsi sikuyacreate, na hata extension yake ilikuwa tofauti kwani mengi yaliyojitokeza yalikuwa na extension ya fileName.exe . Niliporudi "kwa ofisi", niligundua kwamba mafailili yangu ya Word na Excel yalipofunguka, badala ya kuwa na ile content niliyosave, yalikuwa na content hii:

Sorry I am really sorry. I don't want to do it again. This is my first and may be the last if you agree to help me.

Do you want to get your files back? That is so easy just do this. I want you to write a mail to
Zlovel_4evr@yahoo.com
stating how much I loved her.

You know… I gave her everything I had, my heart my phase…. all what I can and had but she gave me nothing
except pain. Now she leaves me alone and I am felling now empty inside. I can't to live without her. That is why I
burnt your files. I know may be this file is vital for you as your mail is for me. Be sure I will give your files back with
out any damage. Be sure and trust me.

Take a minute from your busy time and write a nice message to her. Then you will get all your files as befor.

Thank you for your cooperation. And I hope you will give me a pardon for my miss use of knowledge. I did it
because I left with no other option.

BitDefender iliondoa virus wote lakini ndo hivyo, nimepoteza contents. So nawapa tahadhari na kushare experience iwapo naweza kupata njia humu ya kurudisha mafaili yangu.

 

[Abdulhalim]

Duh, mazee pole sana. Hicho kirus sidhani kama unaweza recover file. Kirus kama hicho chenye extension ya Executable kilishawahi way abck kunisababishia niformat PC, maana kiliniacha bila option kikaenda mpaka kikala mafaili flani ya graphic..yaani ilikuwa balaa.

 

[Ramthods]

Pole sana. Sidhani kama unaweza kurecover chochote hapo!

 

[LazyDog]

Sinkala,
How big is your flash? Tuambie pia free space iliyopo ni kiasi gani?

Your files are probably hidden. Nimewahi kukumbana na tatizo la mfano wako mara mbili, japo hiyo message haikuwepo. Also it was a bit tricky to unhide the files, but I bet they're probably safe.

Fuatilia hii link hapa uone mbinu zitakazoweza kukusaidia kupata ma-file yako.

 

[Bluray]

The other thing is, do you have a back up? Always back up your important files, preferrably in several different places and online if you can.This way if worse come to worse you can always format and start anew.

 

[Sinkala]

Sinkala,
How big is your flash? Tuambie pia free space iliyopo ni kiasi gani?

Your files are probably hidden. Nimewahi kukumbana na tatizo la mfano wako mara mbili, japo hiyo message haikuwepo. Also it was a bit tricky to unhide the files, but I bet they're probably safe.

Fuatilia hii link hapa uone mbinu zitakazoweza kukusaidia kupata ma-file yako.

It's a 1-GB flash memory, na free space ni 27.4 MB. I'm going to visit that link just now.

The other thing is, do you have a back up? Always back up your important files, preferrably in several different places and online if you can.This way if worse come to worse you can always format and start anew.

Yeah, I did back-up of my important ones, but others I didn't. I plan to format it, but should be the last option. Sijaiformat kwanza ili nione kama possibility ya kuyarudisha ipo, ila hata nikiamua kuformat, sitoathirika sana.

 

[LazyDog]

Imebidi niweke picha maana greater than symbol inaniyeyusha. Text nitaweka kwenye post inayofuata

​

 

[LazyDog]

*Click Start - then Run
*type cmd and press enter..
A black window opens (msDOS).
*type the letter of your flash and add a colon e.g F: (and press Enter)
(to know the letter of your flash go to my computer and check out the letter there)
*it should appear as F:\
*then write attrib –h –r –s /d /s and press enter
(make sure that there are spaces in between the letters)
*type
*exit
and press enter


FYI, the attrib -s -h -r /s /d command unhides all files in all subfolders where the command is run. This is more reliable than going to control panel to unhide since some viruses make it difficult to show hidden files.


p.s. It's good to delete file1.exe from all programs - startup

 

[Pentest]

pole sana, naweza kurecover file zako kwa kutumia software
tuwasiliane nikupe hiyo software its easy na simple.

 

[Sinkala]

Thank You JF
Hivi ndivyo mafaili yalivyorudi katika hali yake original:
Nimerun DOS commands kama nilivyopewa na Mkuu Lazydog, but it didn't work. nikakata tamaa na kuamua kuyapeleka mafaili ya MS Word, Excel na PowerPoint katika Recycle Bin (niliyadelete huku nikiyasikilizia). Baadaye nikarudi kupitia kwa makini comments za thread hii na kuangalia iwapo post mpya zingesolve. Ndipo nikagundua kwamba kuna post moja ya Lazydog (nyingine, si ile ya DOS commands) ilitoa link, lakini hadi wakati huo sikuwa nimeipitia hiyo link (labda kwa kukata tamaa). Ndipo nikaamua kuifuata ile link, nikapelekwa kwenye jamvi la majamaa wa wapi sijui, nikakuta discussion kama hii. Nikaanza kupitia post za mmoja mmoja, na nikaichagua hii hapa:

Solution:
Goto Control Panel -> Folder Options -> View Tab -> Show Hidden files and folders. Then in your flashdrive, where the "virus" files are. You will see your old files with Hid_ at the beginning of the file. That is your original file. Delete the virus file (one without Hid_). Open the file with the Hid_ at the begining of your file, save as a new file. Your done, your files is back again.

Baada ya kufanya hivyo, nikaenda kwenye Recycle Bin na nika-restore mafaili yangu niliyokuwa nimeyadelete tayari. Yaliporudi, new location ilikuwa ni katika Desktop, na nilipofungua moja moja, kila moja lilikuwa na contents zake kama zilivyokuwa kabla sijashambuliwa. Mkuu Pentest naomba uniambie kama hiyo software iko kwenye faili la ukubwa wa kuweza kuwa attached katika Yahoo Mail au la, ili nikutumie e-mail yangu, itasaidia mbeleni. Asante sana wakuu kwa kutumia muda wenu, MY FILES ARE BACK, tuko pamoja!!!