I recently found out I had a virus in my computer, and to get rid of it I used a couple of malware-deleting softwares, and finally CCleaner.
When the PC restarted, all the preferences/bookmarks had been changed; more importantly, Thunderbird started as if it had never had an account, or emails in it. Tragically as well, no backup exists...
All evidence suggests this was caused by the CCleaner wipe, but Im not sure which part(registry?) I did a Windows system restore point, but that didnt help, so my question would be as follows:
- Can CCleaner generate a report of what it did, so I can try to restore the files that went missing?
- Can anybody suggest a way of restoring the lost account/files?
Ive used Recuva, but im not so familair with it, also posting on their forum.
Thanks for the replies, and apologies for the double post; was trying to address the causes (CCleaner) and the solutions (Recuva) in each one.
Nodles: you mention that CCleaner wont delete emails, but the fact is the Mail folder is empty...I used two other programs to clear the virus_
- DT-Kill, which the developper said after reading the report, that had nothing to do with the deletion
- Malwarebytes' antimalware...which I dont know if it had anything to do with the deleted emails
Thats why I wanted to know if CCleaner had a report generating option to check what actions it had taken...
The Recuva version is 1.42.544 (64bit). I did the deep-scan (only for mail files though) and got as most promising result the empty zip files, which takes me to...
Augeas: Im not sure if you mean there is an option to unzip the file IN Recuva, My recuva doesnt allow many fancy options. As for unzipping it with usual programs, they give error, or produce a 0kB generic file...
I do appreciate the help and any further suggestiosn you might have.
The Fact that Prefs and Bookmarks were changed coupled with the fact that ccleaner does not touch those items, leads me to believe that this issue was caused by the initial malware. Malware has been known to do some of the following:
Move crucial files to temporary folders so that when the user clears temp files those items too are removed
Mark user preferences, appdata folders, Start Menus "all users" based folders and more as hidden
reroute the location (using symbolic links) of all of the above
My guess, and it is just a guess, is that the first of the above may have occurred.
Regrettably, in this case, Ccleaner does not have the ability to recall a cleaned log after it has already been closed and/or rerun. The reason behind this is actually a pretty solid one; if you are cleaning a computer you don't want something that leaves behind, what is essentially, more junk after a clean.
I do not believe that the actual issue is in ccleaner but instead in the Malware infection with ccleaner, perhaps, being the unknowing participant in the Malware's chaos.
Augeas: Im not sure if Im doing something wrong, but when I "recover" the zip Thunderbird file onto a folder on the desktop, the file has 0kB...as I said, when I try to unzip it, it gives an error...is there something Im missing?
Nergal: the malware in question (DT virus) is supposed to be a trojan, with Keylogger, Downloader y Rootkit functions. It is most easily noticed by Spanish users as it repeats the accent character, would there be a way to figure out if it might have moved part of the files as part of its functionality?
Alan B: I had used some cleaners previously, but this was the first time I used Malwarebytes. In the quarantine folders there were a couple of Downloaders and an Adware agent...is there any way I check if things have been deleted?