The latest version of TestDisk, including PhotoRec, can be found here.
1. Use a different, clean computer to download TestDisk, which includes PhotoRec.
2. Save PhotoRec to an external device, and connect this device to the infected machine (this does not pose any threat, as Gpcode.ak cannot spread independently and deletes itself after launching).
3. Run PhotoRec (the file is called photorec_win.exe, and it is located in the win directory of the TestDisk package):
4. Choose the target drive drive for PhotoRec to search for files, and press ENTER to continue:
If you have several hard drives in your system, you should perform this step for every hard drive (e.g. once you have recovered files from one drive, you should repeat the process for the next drive).
5. Select the partition table type (typically 'Intel') and press ENTER to continue.
6. Choose the partition you want to recover files from and press "Enter" to continue.
If your disk has several partitions, you need to repeat this step for each one.
7. Choose the type of file system (Windows users should choose 'Other') and press ENTER to continue.
8. Choose where to search for deleted files and press ENTER to continue. Choose "Whole" to search the entire disk for deleted files.
9. PhotoRec will then ask you to specify a destination directory for restored files. Use the PhotoRec file browser to move to the root directory (by choosing ".." and pressing ENTER).
The root directory shows which disks your system has. Choose the appropriate removable (or network) drive, and the folder in which you want to save recovered files. It is very important to choose an external drive (i.e. don't choose a drive on your infected machine, because deleted files could be damaged).
Before recovering files, please make sure you have created a separate directory on the drive (e.g. "recovered") and choose to save recovered files to this directory, in order to prevent errors arising later in the recovery process. Once you have chosen the directory, press "Y".
Once you have pressed "Y", you will see the file restoration process in action. Please be aware that this process may take a considerable length of time.
Wait for scanning to finish before moving to the next step.
10. The recovered files are now on your chosen external drive. When you open the directory which contains the recovered files, you will notice that the file names do not correspond to the original names of the files on your hard disk.
Your file names will look something like this:
This is due to the way PhotoRec works, and you should not be alarmed. In addition, although the utility can restore the contents of files, it cannot establish their original location.
The utility will process the entire disk and compare the sizes of encrypted and recovered files. The program will use the file size as a basis for determining the original location and name of each recovered file.
The utility will try to determine the correct name and location for each file, recreating your original folders and file names within a folder called "sorted". If the utility cannot determine the original file name, the file will be saved to a folder called "conflicted".
44 
2008 Jun 25 11:05
