9241 Genie:Variant.Midi.8336 – Recovery
On 18-Mar-2016 I collected a virus viz. Genie:Variant.Midi.8336. I think I collected it when I handed over my 64Gb memory stick to have a some prints done.
In future I will be copying print files to a 1Gb memory stick for printing. My 64Gb memory stick will only be going into "trusted computers."
The file paths are screwed up by the virus inserting a folder above the existing folders
X: \16_64Gb\ existing
X:\@\16_64Gb\ with virus
If I could have found a way to change the @ = unprintable character, a Y with double dots above it, that could have fixed the issue. I had a look with a hex editor but this was not the case in all the folders. I could have done more harm than good. So this is the procedure I followed.
I am using Windows 10 Home – 1511 - 10586-164
To recover the files the ingredients are:-
1 7zip – www.7-zip.org
2 A spreadsheet e.g. OpenOffice or LibreOffice Calc
3 Notepad or your favorite text editor
4 Bucket loads of patience
5 Bucket loads of time
6 Knowledge of DOS helps greatly.
None of the above cost any money :-)
My 64Gb stick was working OK then it wasn't – panic! :-((
In Windows File Explorer after the infection no folders or files were shown. :-)
01. In Windows Command Prompt C:\Users\YOU\800> dir E:*.* nothing not a happy bunny :-(
02. Windows Command Prompt C:\Users\YOU\800> dir/s E:*.* files and folders listed so some hope :-)
03. Windows Command Prompt C:\users\YOU\800> dir/s E:*.* > 00_Files_01.txt - this lists all the files and folders in 00_Files_01.txt. We now have a record of the files that have been "lost." with their dates and file sizes.
04. Windows Command Prompt C:\Users\YOU\ …. > dir/s/A:D E:*.* > 00_Dirs_01.txt this lists only the directories/folders in 00_Dirs_01.txt.
05. Down load, install and use 7-Zip to compress the files on the memory stick to C:/Users/YOU/....
This should result in a zip file 7z-01.7z or similar name with some compression. This will take time to create the zip file … hours as estimated while it works.
06. Create a new folder say C:\Users\YOU\800 - so that it is completely empty
07. Use 7-Zip to extract the files to C:\Users\YOU\800 set the following before commencing the extract:-
07.1 Pathmode – No Pathnames
07.2 Overwrite Mode – Auto Rename Existing Files
The virus has screwed up the path names so they are useless and only "keep" the problem. Auto rename does what it says if we have many copies of file.txt it renames the subsequent copies so that we have
file.txt
file_1.txt
file_2.txt
…
file_n.txt
This will take much the same time to extract as it did to "zip" the files. At the end of the process C:\Users\YOU\800\7z_01\ folder and all available files should be in it. The virus may have "bombed" some files. :-((
08. If you have lost only a few files you could "manually" select and copy the files from C:\Users\YOU\800\7z_01\ to your desired folders. And this may be sufficient.
09. I had 14000+ files so it would have taken some time for me to manually find the folder for each file and move the file to it. 14000 files at 10 secs each file is 39 hours if it is a minute per file we are at 240 hours = 10 days or 6nr 40 hour weeks. So we will let the computer do the work.
10. Copy 00_Dirs_00.txt to 00_Dirs_01.txt. DOS /Command Prompt does not like special characters in file or but especially directory names you are limited to 0-9, A-Z & _ (underscore). I had folders with &, (, ), %. .(dot) & " " (space). E.g.
Simon & Garfunkel <-spaces and & ampersand
Life is a lemon and I want my money back (Remix) <- spaces and () brackets
k.d. Lang <-. (dots) and spaces
As can be seen this will be particularly true of musics files.
10.1 Edit 00_Dirs_01.txt "replace all" &, (, ), %. .(dot) & " " (space) with a characters or characters 0-9, A-Z & _ (underscore). The easiest option is to replace all with _ (underscore). Alternatively a scheme could be devised such as :-
_ = space 1 underscore
__ =( 2 underscores
___=) 3 underscores
and = &
_pc_ = %
_dot_ = . You may have better ideas
10.2 Edit and "replace all" \16_64GB with md ..\16_64GB this results in lines similar to these ..,
md ..\16_64GB\20150916_02\04_Photos\email_02
md ..\16_64GB\20150916_02\04_Photos\email_01
md ..\16_64GB\20150916_02\04_Photos\email_03
md ..\16_64GB\20150916_02\04_Photos\email_04
md = make directory and the "doulble dots" ..\ = 1 level below current directory/folder.
10.3 Save the file. In say C:\Users\YOU\800 copy the the file and rename it 00_Dirs_01.bat.
10.4 At the command prompt in C:\Users\YOU\800> 00_Dirs_01 this runs the batch file. It should create the folders:-
C:\Users\YOU\16_64GB\20150916_02\04_Photos\email_02
C:\Users\YOU\16_64GB\20150916_02\04_Photos\email_01
C:\Users\YOU\16_64GB\20150916_02\04_Photos\email_03
C:\Users\YOU\16_64GB\20150916_02\04_Photos\email_04 and the full folder structure which was on the memory disk.
11. List the files with their full path names at the Command prompt C:\users\YOU\800> DIR/S/B/N E:*.* > 00_FilePath_01.txt - this lists all the files and folders in 00_FilesPath_01.txt. We now have a record of the files with their file paths.
12. Import the file 00_FilePath_01.txt into a spreadsheet say, 00_FilePath_01.ods, use \ as a delimiter.
12.1 Insert a column A on the left side use "edit" "fill series" or similar to number each row of the spreadsheet.
A B C D E F G H I J K
Index
Top level folder
file_name_highest level
file_name_lowest level
12.2 Sort all the data from right to left i.e as shown above by column K, then J then I
12.3 Repeat by selecting the data which is only in columns A-H and sort H, G & F.
12.4 Repeat by selecting the data which is only in columns A-E and sort E, D & C
12.5 Copy the file names from columns C – K to column P
12.6 Sort the spreadsheet by column P then by column A and we now have it sorted by filename. Save the spreadsheet.
13.1 At the Command Prompt C:\Users\YOU\800 Dir 7z_01\*.* > 00_ZipFiles_00.txt This lists all the files available to be restored.
13.2 Import 00_ZipFiles_00.txt to another spreadsheet and save as say, 00_ZipFiles_00.ods, in column B. In column A "edit" "fill series"
13.3 "Select all" and sort by column B then by column A.
14. Copy columns A & B of 00_ZipFiles_00.ods into columns R & S of 00_FilePath_01.ods.
14.1 Manually check that all the files names in columns P & S "match". Due to the 7-Zip renumbering system there may be some work involved. The full check must be done top to bottom to avoid text files being moved to photos or vice-versa.
14.2 Only the files in column S are available for restore. "Select All" and sort by column S then by A this is to move the files that are not available to the bottom of the spreadsheet and "Save"
14.3 Copy 00_FilePath_01.ods to.00_FilePath_02.ods. And delete the rows with nothing in column S.
14.4 insert 7 columns between A & B
B move
C blank
D " "double tick/inverted commas"
E blank
F "
G blank
H "
Columns B – H should look like -> move " " " copy to all rows
14.5 Then copy what was S, now Z, the 7-Zip files names to column E.
Columns B – H should look like move "zipfilename" "
14.6 In column S " <--"double tick/inverted commas" and copy to all rows
14.7 Select All and sort by column A and "save"
14.8 Select all data in columns B-Z > > move " filenameZip " " FilePath\filename "
and copy to a text file
15.1 Save file as 00_Move01.txt
15.2 edit and replace all for each of the following:-
15.2.1 move " move "
15.2.2 " ? "?
15.2.3 ? " ?"
15.2.4 " File "../File
15.2.5 …? \?.. ..?/?..
15.2.6 ? " ?"
and "save" each line of the file should look similar to - move "filenameZip" "FilePath\filename"
15.3 Copy 00_Move01.txt to 00_Move_01.bat
16. Copy the ZipFiles from 800\7Z_1 to 800\ - you now have two backup copies the zip file and those in 7Z_1. Belt and braces but safe. This will take sometime.
17 At the Command Prompt C:\Users\YOU\800> 00_Move_01
Any folders in C:\Users\YOU\800 can be deleted.
Any remaining files in C:\Users\YOU\800> have not been moved. Check 00_Move01.bat and determine the reason why the files have not been moved.
18. I moved 14000+ files and 326 remained … mainly Java scripts, .js files, so I didn't worry about them.
I hope the above helps one or two. Prior to reformatting the USB memory stick you should be able to move back a step with no losses as copies have been made rather than overwriting anything.
Thank you OpenOffice.org and Igor of 7-Zip.
I reformatted my 64Gb USB memory stick and it is operational again
As far as I recall it was less than a weeks work to recover most of the files
# # #