Strange Problem with Windows Folders?

sirstinky · Jul 13, 2013

Hi everyone.

I logged into my file server at work for some maintenance checks (I'm the IT/do all tech guy there) and noticed a strange problem with the files in the Company Share folder...

The folders are all misshapen and blocky. Not only that, but they aren't "Folders" anymore, but applications. When I'd go to open them up, it takes forever and the system just keeps working and working and they never open, or I get a warning that I need to open it with another program.

I checked this out on the other machines in the office that use it, and they see the same thing when they open the CS. Strange.

I have no idea what's going on here and don't know how to even go about troubleshooting it. I don't want to lose all the data in the CS if I have to start over. I still need to try to backup the files, but haven't been able to yet as the machine got a virus (System Care Antivirus infection, nasty, took 8 hours to disinfect).

I am not sure if the two are related? Anyone else had that issue?

I'd really appreciate some insight here. If you need it, I can send a screen shot of the CS if you want to see it.

Thanks!
Nick

USAFRet · Jul 13, 2013

Virus or malware would be my first guess.

Dogsnake · Jul 13, 2013

Check that the folders are to be displayed as icons and see if adjusting icon size helps. Someone may have fooled with the settings.

sirstinky · Jul 13, 2013

Dogsnake :

I will try that, but it doesn't explain why it's acting so weird. I will send you a picture if that's ok.

Thanks!

sirstinky · Jul 13, 2013

USAFRet :

Dogsnake :

That's what I was thinking, but the virus is gone. I ran a scan of all the CS files and the folder with no hits. I even ran a scan of just the HDD hooked to my VM to be sure and it came up clean. Could it be that the virus was able to alter the folders? It's really strange because it's not acting like they're corrupted or anything.

Thanks!

bigpinkdragon286 · Jul 13, 2013

I've seen similar happen, and yes it's a pain. Frankly, the virus has done damage to the point it's far faster and easier to reinstall the affected system from the ground up, than to repair, and even after repair, do you really want to trust that all affected bits of software are back to their uneffected state?

For the purposes of backing up data, I would pull the hard drive(s) containing the data out of the affected machine and do all backups on a machine you are certain was not involved in the virus infestation. After a good backup is made, wipe the drives and go from there.

While your virus scanner may no longer be able to detect any virus signatures at this point, leading you to a reasonable assurance that the virus is gone, it hasn't guaranteed that you don't have broken bit in any files that used to contain the virus. I would use the analogy that, although a person may be cured of severe bug bites, there can be scarring. At least however with a computer, there are means of restoring the device to an equivalent of perfect health, provided the hardware is undamaged.

Saga Lout · Jul 14, 2013

I posted into another thread of the same name without realising it was a duplicate. I can't merge at the moment so I'll just cross reference it here just for information.
http://www.tomshardware.co.uk/answers/id-1732553/strange-problem-windows-folders.html

bigpinkdragon286 · Jul 14, 2013

Presuming the only thing wrong are the file associations, your fix looks good, but if things have already gotten that bad, I have a strong suspicion there will be other software damage as well.

Agree with your comment in the linked thread about finding the person responsible.

I have taken to letting certain offenders go a few weeks before paying return visits, when they have proven themselves especially troublesome. Repairing the same machines for the same reasons gets old fast, and letting them appreciate their problem for a little while usually cures them.

Saga Lout · Jul 14, 2013

I couldn't agree more on the malware side - I would run ComboFix after file associations were working properly and always recommend a thorough reading of the instructions down at bleepingcomputer.com before starting.

sirstinky · Jul 15, 2013

Saga Lout :

Wow thanks! Saga, the thread was a duplicate and I read your post on the other one as well...for some reason it did it twice.

I had a suspicion that it could have been virus-related, and I first noticed it when I accessed the CS from my Mac (the folders were displayed as .exe's). Then I remoted into the server to investigate and found the issue. The other PC I use was also infected, and seemed to be the source as it was the hardest to fix.

Not sure when it happened, but whatever happened it sucks. I have never seen this sort of damage before from a virus and I have seen some nasty ones that DID require a system wipe to fix things. I will do the file reassociation step you mentioned. There's some "treasures" in there (big data sheets) that might be hard/impossible to replace. There aren't many things running on the server PC, just Firefox, Adobe Reader, Flash, etc. Nothing major it's just a storage device really. I wouldn't be a big deal to wipe it, but I am keeping my fingers crossed that there's no permanent damage. I'll report back when I do the fixes.

Thanks!

sirstinky · Jul 17, 2013

Well, I went to attempt the fixes for the folder associations this afternoon and...the virus is back! Ugh, it's driving me mad. I didn't have time to go through it and do a disinfection, but will try to get around to it tomorrow when I'm not doing my regular job. I mounted the hard drive USB and tried to manually recover the files, but it was the same deal, all the folders were .exe's, 146 kb each (originally some were gigs in size), and they don't open at all. There was an Excel file in there that opened fine, but the folders were dead. I did this in my VM in case the virus broke out, and whatdayaknow, it did. It infected my VM so I just reverted to a snapshot (thanks Parallels). I'm not touching the hard drive again unless it's installed in a computer. I'll disinfect the server again try the fix, and let you know what happens. I am about ready to throw in the towel and just wipe it. It's seeming like the data is irrecoverable.

bigpinkdragon286 · Jul 17, 2013

Well, depending on the virus you've got, and depending on the computer you're trying to read it with, do yourself a favor and make sure Auto Insert Notification (Autoplay) is turned off.

sirstinky · Jul 17, 2013

Yes I disable that whenever possible. It's a Windows XP SP3 machine, an old like 2003 vintage Gigabyte MB (rockin the AGP 8x and P4 hyper threading and DDR RAM). The virus is nasty. It's unpredictable too as it's a rouge that hides and disguises itself. I washed that PC until it was squeaky clean, only to have it come back.

bigpinkdragon286 · Jul 17, 2013

Like I said, you're likely gonna spend more time trying to clean it, than you would to do a backup, wipe, and reinstall. Was hoping Saga's fix would have worked for you, but that's not always the case.

I would be sure the hard drive goes into a clean machine, not one that ever had issues, and that it's a non mission critical computer. Been down that road.

Saga Lout · Jul 17, 2013

I'm convinced the data are recoverable using Linux and almost equally certain ComboFix could sort this out. Messing around reinstalling and updating from the data of the CD is fine if you have the time but fixing the problem is more satisfying.

Don't forget that you have also to reinstall any programmes you bought or downloaded- messy business!

bigpinkdragon286 · Jul 17, 2013

Funny, I always thought most of the time spent installing Windows was, waiting for the machine to do rote tasks.

Want to agree that I feel the data is all recoverable, just not from the disabled system.

You're welcome to spend the time sifting through the computer trying to fix it, but at this point, when I can see it taking a half hour or more, I consider that treading right toward diminishing returns. There's a finite amount of time necessary to reinstall Windows, but you can spend days looking for gremlins.

While I don't doubt there would be a nice feeling after, I'm to the point of just getting the job done anymore, so I can move to the next thing that's not working.

Still, there's no telling which executable or other software has been damaged at this point, a reinstall of all important applications may already be sitting on the table.

Hmm, wager a pint over lunch that if we imaged two identical copies of the system drive, I would be able to reinstall Windows and have the system back up, likely by the time you had disinfected it.

At this point, the system has been out of commission for how many days? Provided the server's only needed during business hours, a reinstall should be able to take it offline over night and have it ready by the next day.

Perhaps image the drive a few times, mount one in a virtual machine to tinker with, keep one as a backup, and then go to work reinstalling the original?

Saga Lout · Jul 17, 2013

You're probably right but sometimes a problem nearer home influences the advice I give in Tom's Right now, on of the jobs I have here is the screwed up system from Hell because of a faulty hard disk. I need to clone it to a new disk but one of my SATA converter boxes is out on loan and I only have one other. The cloning software is on my server so it has to be done by linking the two disks to that. It's beginning to look like a dismantling job to take one of the disks out of the box and put another in and it's all built into a cabinet with two inches of spare cable round the back. No foresight in this place some days!

bigpinkdragon286 · Jul 17, 2013

Lol, spare cable? What's that! Aren't you only supposed to have those two inches of cable to spare for each install, so when there is a change, new cables are needed!

Not to mention, cram everything into hot air trapping, under desk hideaways, where everything is done by feel. Gee whiz, why is my screen only showing red and green but not blue? I thought my cord was supposed to bend like that...

Strange Problem with Windows Folders?

Distinguished

Titan

Distinguished

Distinguished

Distinguished

Splendid

Retired Mod

Splendid

Retired Mod

Distinguished

Distinguished

Splendid

Distinguished

Splendid

Retired Mod

Splendid

Retired Mod

Splendid

Share this page