# Find "Hidden" Data in Flash Drive



## Prem333 (Sep 29, 2007)

Hi,

I scanned my Flash Drive using AVG & it discovered a Trojan & deleted it. I scanned it because all of my folders in the flash drive were changed to .exe format. (I didn't note the trojan name).

Now I cannot access those folders. But when I scan again,
the "deleted" folders are also scanned. Is it possible to recover data from those folders.

Thanks,

Prem.


----------



## coolday (Jul 6, 2005)

Looks like brontok.. I'll suggest kaspersky antivirus. before scanning the pen drive goto
folder options > view > under files and folders check all > under hidden files and folders check show hidden files and folders > uncheck hide protected operating system files


----------



## Prem333 (Sep 29, 2007)

Thanks, Now I could see the files in hidden mode. But I don't have kaspersky. Is there any other way?

Also, my "Address Bar" Toolbar is checked. But doesn't show up.


----------



## coolday (Jul 6, 2005)

U can download the trial version from www.kasperskylab.com, update it using the internet and scan ur sytem for virus. u can also try NOD32 antivirus. I don't trust AVG


----------



## LazLoW (Sep 28, 2007)

Try formatting the drive. I make sure to format my jump-drive every once and a while (FAT32 and NTFS both work fine.) To do this just go My Computer, right click the Jump-Drive, 
"Format..."
File System "FAT32" or "NTFS" I haven't found much of a difference, supposedly NTFS is a more secure file structure.
Allocation Unit Size - Not sure of this exactly, mine is "512 bytes", which it is also a 512 meg drive.
Don't click quick format.

Depending on the size of your jump-drive it might take a long time. My 512megabyte formats in seconds.

Good luck. Laz.


----------



## Prem333 (Sep 29, 2007)

@cday - Sir, I installed Kaspersky, Updated it & found the following Virus/Trojans
1. virus.win32.autohk.a
2. trojan.win32.autohk.a
3. worm.win32.muha.a
4. Trojan.Win32.Agent.aoe

For the first 3, I deleted them. For 4th, I did google search & found this page

```
http://www.thinkdigit.com/forum/archive/index.php/t-63689.html
```
I Followed as said in that.

But still the "Hidden" Folders cannot be made unhidden. Should I simply copy the contents of those folders to my hard disk & delete the hidden folders.

Also, the "Address Bar" Toolbar cannot be viewed even after keeping it in view mode.

(I still have 2 more drives to scan - E & F. I will post its results when scan is completed)

@Laz - Sir, I formatted my Flash-Drive yesterday as U said. But even after that, when I ran virus scan - a virus was detected. I posted the Question for my brother's Flash drive which was also infected but I fortunately did not format it since it had some useful info.


----------



## Go The Power (Mar 5, 2007)

Hello Prem333 and welcome to TSF :wave:

Flash infections can be a pain to remove, please go *Here* and follow the steps and post the required logs in the HJT help section.


----------



## coolday (Jul 6, 2005)

u'll need to change some registry values. Plzz try google or I'll upload the reg file


----------



## coolday (Jul 6, 2005)

Also remember a format always doesn't help ... The same happened for me .... I had to do some registry repairs..


----------



## Go The Power (Mar 5, 2007)

Prem333 please follow my advice below.



Go The Power said:


> Hello Prem333 and welcome to TSF :wave:
> 
> Flash infections can be a pain to remove, please go *Here* and follow the steps and post the required logs in the HJT help section.


Coolday please read this: http://www.techsupportforum.com/sec...g-help/93034-please-read-who-helping-you.html this user has got a flash drive infection that needs special treatment and tools required.


----------



## Prem333 (Sep 29, 2007)

Thank You Cday for helping. But I am also posting HJT log as advised by "Go The Power".


----------

