Resolved Pendrive folders disapper behind a .lnk

Friends another thing puzzling me, never before.


I format a 4G pendrive, then copied files in numerous folders into it. After safely remove the pendrive and reinsert back to the PC, all the folders moved inside a hidden.system folder leaving a .lnk in the root. Within this new containAll folder are two new suspicious looking hidden.system files. All these happened in xpwin.sp3.

More puzzling all other pendrive is ending up the same way, Help!. I just learnt it may have something to do with system volume information or is this a virus, malware or spyware or adware or whatever??


Once affected such pendrive will only appear as a .link in any window.OS unless we make hidden files appear. The following images is done with Total Commander which set to expose all hidden files.

One of these suspicious file without any alphabets is required for the .lnk to work to link to the folders within. If it is removed the .lnk won't work, but the it will be regenerated when the pendrive is reinserted again.

Hope you guys can throw some light, quick ... feeling insecured!!

 

Updates

I suspect some rogue program so i get avast antivirus running, then when problem pendrive is inserted, it says win32: Evo-gen detected pointing to the file without alphabets.

I then use TDSSKiller, followed by RKill and without reboot did a malwarebytes, latter shows some threats at the heuristic scan. While writing this Tony's message came. Will track that too.

 

Final Result

I did a boot scan with Avast and found the the win32: remain in the system volume information folder which was then removed at this scan.

Once this is done, avast will not report any threat anymore when a pendrive is inserted and the removal of the hidden folder can be done permanently without a recreation.

I normally avoid posting virus.malware problems at the relevant forum as it takes too long with the ding ding dong dong. Sorry for saying so, i understand the guys are doing their best at that section, salute to them as it can be a long tiring follow through process. This is also the reason why i don't put my problem there.


For sharing on this rogue, this is what i think happen, correct me if i am wrong
1 The pc making changes to pendrive did not have antivirus. PC with avast is able to block changes to the pendrive.
2 The rogue is within the pc and not in the pendrive, so scanning the latter does not help.

Peace hopefully at last.

 

Tony, I found I have 2 pc without avast messing up pendrives. Once I do a boot scan with avast, rogue was found, quarantine then never again mess up any pendrive. For the affected pendrive, I just have to correct the affected folders & delete the hidden folder created by the rogue. So matter totally resolved

Sent from my GT-I9082 using Tapatalk