Help needed with Win32/heur on SD card

[KikiA]

Help needed with Win32/heur on SD card
Hi,

I've never posted on one of these sites before and I know very little about this type of thing so please bear with me.

I went travelling and stupidly forgot to lock one of my SD memory cards before putting it into a hostel computer (dumb I know!!!). Anyway, from what I could tell it turned the files into exe. files. When I put the card into my camera you can see all of the pictures as normal. I have just tried to put it into an old laptop I have and used AVG to scan it and it says it is infected with Win32/heur.

Please advise what I can do. Is there any way to save the photos whilst removing the virus? One friend told me there might be an autorun file I have to re-write but I really have no idea where to begin! I would really love to get the pictures back if at all possible!

If anyone could help that would be great!

Thanks

PS sorry, I posted this in the laptop section also!

 

[johnb35]

Unfortunately, what you have is virut and infects all exe files on a drive and is basically unfixable. You will have to format the card and do not back up any exe or scr files.

 

[KikiA]

Thanks for the reply. I just don't understand why I would be able to see the pictures as normal on the camera? From what I have read briefly about these viruses, they create exe. versions of the files and delete the originals but if this is the case why are they still there when the card is in the camera?

 

[johnb35]

You can still see the pics, the virus attaches itself to the exe files and massively replicates itself. The pics are not exe files, most likely jpg or however the camera is set up. There has to be at least one exe file on there for it to attach itself too.

 

[KikiA]

So if I got the anti-virus software to delete the virus is it likely the j-pegs would reamain? I haven't actually opened the card again as I thought it best to lock it when I put it into the computer as I wasn't sure if that would stop it transferring - sorry I really have no clue about this.

 

[johnb35]

You can't delete virut. And if you attach the card to a pc it could infect it as well.

 

[JHM]

@JohnB35 : I have nerver heard of this sort of thing, so if possible a couple of questions :

1) You say there has to be one ".exe" file in there for the virus to attach to. Once it does that, does it literally convert the picture files to ".exe" files ? or does it just change their filename extensions ?
2) If the former then does it replicate itself attaching itself to the picture file ? If the latter would it be possible to manually rename the file ".jpg" ?

Since the best way to get rid of viruses is to delete them, and "Disinfecting" almost never works in my experience, usually winding up in the virus infected file being renamed; if this thing converts files to ".exe" files then attaches itself to them it is then only possible to get rid of it by deleting the infected files.

But since the files still display as pictures I have to wonder what is going on; because ".exe" files are unlikely to display as pictures. If possible explain please.

Finally, how to salvage your pictures ? Might it be possible to display the picture and use "Corel Capture's" "Screen capture function" to capture an uncontaminated version of each picture ?

 

[KikiA]

I would be interested to hear the response to the above also! My pictures only display in my camera when I do the playback mode. So far I have only put the memory card into my computer as a locked card and the antivirus software wouldn't let me open the file without first saying if I wanted to 'delete' the virus so I don't know how the files are labelled in there.

Is there anyway I can open the card without the virus spreading automatically? Clueless!

 

[JHM]

You might try going to this site : http://www.dtidata.com/ They specialize in data recovery and data recovery software; (from dead drives, accidental formats, deleted partitions, and VIRUS ATTACKS); and they even have tech support.