My Folders turned into exe files

You posted your question in the Lion OS X Forum, but your problem is not with Lion, but with your Microsoft Windows files. I would recommend reposting in the Windows Forum to have the experts there help you.

Hope this helps 🙂

That is truly bizarre. I'm not sure that I understand what you're saying about that malware, though. Did you scan your Windows partition and find that it was infected with that malware? Or did you scan the Mac partition and find the file there?

If the former, does the Windows partition have access to the Mac partition while Windows is running? (I'm not that familiar with how Boot Camp works.) If so, it may have done something to the Mac partition. If the latter, this can't have anything to do with that malware.

In any case, though, if I saw that, I would probably erase the hard drive and restore from my last backup. As this is not a problem I've ever heard of before, I have no idea what might have happened or how you might fix it.

RM, note that the problem is occurring on the Macintosh HD, and that all those .exe files are files and folders normally found (minus the .exe) at the root level of a Mac boot drive.

Yes, i did install MacDrive when i was using Boot Camp and i regretted it. The problem here is there isn't a way to fix this virus for Mac OS.

To be accurate, your Mac OS is not infected with that malware. That's not possible. But, since the volume was available for writing by the Windows system, it looks like the malware made changes to the Macintosh HD that are probably not easily reversed. I really think you're looking at needing to reinstall everything from scratch, or restore from a backup made before this happened.

I'm not familiar with MacDrive, but if it can be used to give you read-only access to your Macintosh HD volume, that would be preferable in the future. That way, an infected Windows system cannot affect your Mac system. Also, keep in mind that a Windows system still needs anti-virus software, even though it's running on a Mac, though anti-virus software is far from a guarantee that you won't get infected.

In your Mac open the Terminal application (in the /Applications/Utilities/ folder) and then run the following command. Then copy and paste the output to a posting here so we can see what it looks like:

ls -la /

This command will list all the contents of your root directory (same as your screenshot) but will include hidden files and give additional information about the directory listings.

BnBPhm wrote:

Until i login to my Mac, i see all of the folders on my Macintosh HD drive is now exe files.

So what's the problem? It may be that your Windows system is identifying Mac folders as .exe files because it doesn't know any different.

But when you boot out of Windows and log in to your Mac OS, don't you see them as normal Mac folders?

I think you misread that Tom. As you can see from the screenshot, he IS booted into his Mac.

The 'until' was qualifying the statement before it which said "I noticed nothing strange" until he logged into his Mac.

I hope the OPs posts the output as Topher recommended; I'm fascinated to learn more about this.

What backups do you have?

Ah yeah- missed that, Softwater.

Weird indeed. I've never heard of anyone else experiencing this either in Boot Camp or Parallels so indeed it must be a virus -

I'd like to know more about this too because I've been planning to install Windows with Parallels and AFAIK Windows has to be on the same partition as the Mac OS or Parallels won't work.

😕

That's very odd, as you can see the .exe files are duplicates, and the originals are still there. But I don't understand why you aren't seeing the originals without using the Go menu, or why deleting the file also makes the folder go away.

If you care about your data, you need to backup now, before you do anything else. Then, and only then, proceed as follows.

Drag or copy — do not type — the following line into the Terminal window, then press return:

sudo find / -xdev -type f -name *.exe -delete

You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning. If you don’t have a login password, you’ll need to set one before you can run the command.

The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear. All files on the boot volume with a name ending in ".exe" will be deleted. Other volumes, including the Boot Camp partition, won't be affected. If there are any such files you want to keep, restore them from your backup.

Thomas A Reed wrote:

That's very odd, as you can see the .exe files are duplicates, and the originals are still there. But I don't understand why you aren't seeing the originals without using the Go menu, or why deleting the file also makes the folder go away.

Yes, and the originals are all in root, whilst the execs are all in User. So the originals still exist (phew - so they're not lost, right?) but have somehow got moved to root, which may be why the OP's Finder isn't seeing them ? Does that make any sense?

I sort of found the work around for this problem, Still not sure why its happening..
http://goo.gl/FK7KXF