0

I'm running Windows 10, and my system Downloads folder's contents (mapped to E:\Downloads suddenly vanished. Nothing shows up in a file explorer window, yet the files are all present if I look from the command prompt.

Here's my dir output -

Spaces in the filename

As you can see, the default DIR entry has been changed with a load of spaces. As I write this the rest of my drive is slowly being changed as well I'm not sure what sort of malware this is, or horror of horrors, if it's ransomware. I use the [Sysinternals][2] suite, and have not found anything suspicious with Autoruns and Process Explorer (the former lists out every single startup entry launched every possible way, and the latter is a taskmanager on steroids). Is there any other way I can retrieve my files? The directory in question is on my hard disk, it's not a removable drive. I haven't used any unknown USB sticks recently, and in general I block ads and am very careful about safe browsing habits. The last time I had any sort of malware was on XP in 2003, and I've been using nothing but Windows as my primary home OS since '95.

Does anyone even know what malware this is or what I should use to look for it? Can I manually stop this process? Is there a good remover?

Improve this question
6
  • I can see other files disappearing as I type. A folder that was accessible half an hour ago no longer is. And my profile is intact on C:, it's the default download folder that I have mapped using the built in ability to do so (i.e. no registry hacks or non standard tricks)
    – Rex
    Commented Sep 19, 2016 at 19:18
  • A regular dir listing would show the current directory as . and parent as ... Here the current directory is only shown, and it is using non standard whitespace characters before the .
    – Rex
    Commented Sep 19, 2016 at 19:19
  • The effective directory name is ` .` and the whitespace isn't the regular space character.
    – Rex
    Commented Sep 19, 2016 at 19:20
  • The top level directory shows up, but if I change to the downloads directory, I see nothing inside.
    – Rex
    Commented Sep 19, 2016 at 19:21
  • I only have windows. Just now I found what looks like a suspicious process - a file called lockfilehost.exe that's 41kb, as opposed to the regular Microsoft file that's 225 Kb. The file is located at C:\Windows\WinSxS\wow64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.10586.0_none_9280cdea41e697da and can't be deleted
    – Rex
    Commented Sep 19, 2016 at 19:31

1 Answer 1

Reset to default
0

No. Make a low level format, flash the bios and start from the scratch. Once you are infected you cant know for sure if your computer is or not infected even if you erased malware with an antivirus. Also, do the same with every device in your same network. Thats the only way to be safe. I would advice you to use linux also from now on... windows10 has lots of vulnerabilities.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .