Yesterday I ran a scan and Avast found 3 virus. It suggested I ran a boot time scan which I did and once it returned to my desktop, it had deleted all my files. ALL of them! My computer looks as though it just came from the factory.
I attempted a system restore but the only possible restores are the ones from system checkpoint which is useless and it won`t let me go back far enough to were I had cleaned my computer completely. Is there any way I can recuperate these files?
I run Windows XP Media Center Edition. Thank you
Bootime scans don’t delete all your files. Whatever the virus might have been, it might have been that. But I don’t know much, just wait for a few responses from the avast! team.
I probably should have said that the process deleted the files and file folders as I am aware that the scan itself did not do the damage. I still need to know if there is a way to recuperate the lost files.
Open Avast GUI by clicking the Orange Ball at the bottom in the taskbar
Click maintenance
Click Virus Chest
Send us a print screen of that
and also whille you are there, click on Scan computer, then click Scan logs
if you see one that says Virus found in red click on it. Create a printscreen of that.
Attach them in your next post
Anthony 
Just a thought…
Some of the rogue malware progams HIDE (or MOVE) your personal files, placing them in “temporary” areas. Your desktop appears empty, as if everything is gone. IF that’s what happened here, it may be possible, under guidance, to recover them… AS LONG AS you don’t run any “temp file cleaners” (such as Disk Cleanup or CCleaner).
Typically, such a rogue program would have alerted you, either claiming to have found lots of errors on your system… perhaps even asserting it was about to crash… and offering to “fix” everything for you… for a FEE. Sometimes, they explicitly make a “ransom” demand, telling you they’ve encrypted all your files, and that you must pay them to get your files back. If you didn’t experience either of these symptoms, then my “thought” might not apply to what happened to you.
regardless, I would NOT run any “temp file cleaners” until you’re sure it won’t permanently impact your system in a negative way.
Do not use any temporary file cleaners
[*] Download RogueKiller and save it on your desktop.
[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
[*]The report has been created on the desktop.
[*]Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
[*]The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
This just happened to my dad’s computer. I got nowhere by searching google for the answer, so i just poked around for a while. What i figured out made me laugh. Most all of his files were all in the exact same places, but they were all set to “hidden.” (i say most, because there were a few programs he hadn’t found yet) go into a folder, find the folder options selection from the Tools menu, go to the View tab, scroll down to find “Hidden files and folders” and select to show hidden files and folders. Hope this helps!
As I conjectured in my post, it sounded like a rogue in which user files were HIDDEN and/or MOVED. So UNhiding would fix the hidden (-only) aspect.
Perhaps the “few programs [your dad] hadn’t found yet” were in fact moved (as well).
By the way, simply UNhiding the files removes a SYMPTOM of the rogue… but it does NOT remove the rogue itself — which might still be present. That’s why EssexBoy offered a more comprehensive solution.
Ironically, we never heard back from the OP.
while i know the problem isnt 100% fixed, at least you can back up your important stuff [that should already be backed up]. thank you for your help!
If this helps I can’t say, but I’ll digress and ‘may’ throw some hope.
I accidentally formatted a back-up drive once with all my PCB cad work, Jpegs and text docs., my fault, no-one else to blame, but I got them all back with Recover My Files http://www.recovermyfiles.com/, if you do this it will let you see if they are recoverable or not… then it’s up to you if you want to purchase the license to enable ‘recovery’, this may sound like I’m selling I’m not - but it’s letting you know they are there and are ‘able’ to be recovered.
You could then go routing around for free software that may do the trick, rather that sit back and say nothing I’d rather speak up letting you know that all ‘may not’ be lost in getting them back - it gives you the chance to see!
It doesn’t bother me should this post get’s deleted, but it IS denying you the chance of recovering those files one way or another!
Always keep a clean cloned drive - always! For few minutes work you are back in business, whether its the main drive or back up drive.
Dave
Sorry it took so long but a family emergency took out of town. Came back this morning so here are the screen captures you asked for.
And the second one
And the background info
Last one
Haven’t seen a trace of any HDD Rogue and I already applied the ‘show all hidden files’ action with no success. It’s the first thing I did.
All my ‘‘programs’’ are still accessible. It’s the data that is missing. All pictures, documents, shortcuts etc… and the Temp folder in C:\Documents and Settings\Default User\Local Settings\temp is totally empty.
You need to follow essexboy’s advice in reply 6.
You might also want to hide your gmail address from the public - spammers have been known to harvest e-mail addresses from forums like this.
While Rogues typically identify themselves — in order to try to extort a ransom — I still think it’s worth following Essexboy’s directions. It may not help… but it shouldn’t hurt.
A rogue might remove [or hide] such personal files — but a virus scan shouldN’T.
I don’t know WHERE the rogue (if that’s what it was) might have moved the files. Hopefully, it’s to a directory beside the one you’ve already checked to find empty.
But if it moved them to SOME temp directory… and that directory has since been emptied… there may not be much that can be done at this point.
+1
Another thing I should mention is that I just tried ‘searching’ for pictures using .jpg and all of them are there, but in folders to which I no longer have access. So I guess what I need to do is find a way to restore the folders and everything should be ok. Right?
Done, there you go: