I was recently using a tool called swissknife to format an external harddrive to FAT32 format and accidentily quick formatted another external harddrive with all my photos and other stuff on.
In a panic to recover the files I could find no easily explained way of undoing the quick format (I had exited the swissknife program so undoing was not an option) I got hold of a program called EaseUS partition recovery or something through a friend of a friend.
I would normally stay away from files that I am unaware of but I was worried about losing my folder of photos of my children and so morality came second to sensibility.
I installed the program and run it, it took a long time to scan for the deleted files but about 10 minutes into the scan a black window (dos style) popped up with a white underscore (cursor) flickering randomly around the windo, I assumed this was just a window to show that it was running.
The window had at the top C:\documents\..blahdyblah\Temp\setup1j.exe < the blahdy blah is just because I cant remember the filepath exactly but I am definitely sure of it being in Temp and called setup1j.exe.
I blocked the program from accessing the internet and left it to run.
It found all my files and I did recover them with minor faults in just the odd file and foldernames.
Because the photographs where now safe I was still wondering about the black window which still hadnt done anything except the randomization of the white underscore.
I took a chance and closed it, it crashed and closed but the Easeus program still ran normally (recovering less important files.
I decided to look further, a google search of "setup1j.exe" showed only a couple of results, 1 is foreign and the other is to a site promoting malware removal, it showed a list of malware names and the 'setup1j.exe' was in the list.
Norton quick scan showed nothing, a scan of the program installer showed nothing, a scan of my entire documents and setting showed nothing and a scan of the easeus folder showed up clean too.
Yes, I am an idiot for risking installing a program given to me from someone who I hardly know and yes im an idiot for letting it run for around 30 hours or so to scan and restore.
I was in a panic and if I lost the pictures of the kids I would never be able to forgive myself so running a program that might be dodgy and may even land me in trouble was an easy choice and I got my photos back.
however was the window something to worry about or did I just have something running NIS2009 didnt detect?
PS: I have wisely now ordered the program legitimately and rightly so, apart from the apparant malware from the file I was given it did do its job.
PPS: Yes, again, I was an idiot, lesson learnt.