Inded, thats why I used a VM in the first place, but I also made a very dumb thing and didn't make any backups. Now my host is clean, but all my important data is in that VM and if I do it the easy way and just delete it I will loose everything. If I had backups I wouldn't even bother writing here I would of just deleted it.mpack wrote:Why mess around? Delete the VM. Surely that was the point of you running it as a VM in the first place?
p.s. A PDF is data, not an executable. It isn't possible for a PDF to be infected. What you probably had was a something.pdf.exe, i.e. it's a trap set for those who are dumb enough to let Windows run with it's "Hide extensions for known file types" option still enabled. Hopefully someday Microsoft will get a class action lawsuit for that one.
It was a vulnerability in the viewer probably, because I have extensions enabled and I see that I open pdf's.
Is there a way I could extract the plain text (.txt) files data from that VMDK? I wrote that I tried with photorec but the results weren't good. I dont need the PDF's just the notes that I wrote in the .txt files, can I somehow extract that from inside?
Tried opening the RAR's in HEX WORKSHOP and I was able to recover and read some data plain text from the rars without unpacking them, but only a small part, I couldn't find the other part of the information via that way too.