Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

HELP!! Windows Recovery Virus

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

HELP!! Windows Recovery Virus

Old 04-23-11, 12:21 AM
  #1  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
HELP!! Windows Recovery Virus

How do I get rid of this thing?
Old 04-23-11, 07:38 AM
  #2  
DVD Talk Special Edition
 
E. Honda's Avatar
 
Join Date: Jan 2007
Location: A sweaty sauna somewhere in Japan
Posts: 1,728
Likes: 0
Received 2 Likes on 2 Posts
Re: HELP!! Windows Recovery Virus

Boot into safe mode

Run RKILL to stop the malware processes (download here http://www.bleepingcomputer.com/down...ti-virus/rkill)

Run a full anti-virus scan with malwarebytes or similar program, and make sure the definitions are current and updated before you scan.
Old 04-23-11, 11:04 AM
  #3  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

I stopped the virus. I will have to go back and run a full scan with malwarebytes.. But now I noticed that my desktop is screwed up, as its missing all of my shortcuts. I am also missing all of my internet favorites, and everytime I enter a web address it redirects me to another site.

Any ideas?
Old 04-23-11, 11:09 AM
  #4  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

I also get a pop up about an internet script error...
Old 04-23-11, 12:22 PM
  #5  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Some people think they are able to remove this virus, the truth is, you will most likely never 100% get rid of it (especially with automated tools)

Nuke and pave, hopefully you have an image backup of some type you can restore from.

If not, nuke and pave and then make an image backup so you can recover the next time this happens. The software is free and USB drives are dirt cheap, no reason not to.

http://www.todo-backup.com/products/home/


http://www.newegg.com/Product/Produc...82E16822204069
Old 04-23-11, 04:24 PM
  #6  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,946
Likes: 0
Received 2 Likes on 2 Posts
Re: HELP!! Windows Recovery Virus

Back up data.

Format.

Reload.
Old 04-23-11, 05:02 PM
  #7  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Aren't there other options?

Now my internet explorer keeps redirecting me. Everytime I enter a website it takes me somwwhere else..
Old 04-23-11, 07:04 PM
  #8  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Originally Posted by ANDREMIKE View Post
Aren't there other options?
Sure, but those other options are not worth the time and effort and I am going to guess you don't have the skill set to manually remove something like this.

Backup data
Format
Reload
Buy a USB drive
Use imaging software to backup to the USB drive (and actually USE it)
don't get caught again
lesson learned
Old 04-23-11, 07:21 PM
  #9  
DVD Talk Limited Edition
 
Nazgul's Avatar
 
Join Date: Jan 2001
Location: Jayhawk Central, Kansas
Posts: 7,125
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Originally Posted by ANDREMIKE View Post
I stopped the virus. I will have to go back and run a full scan with malwarebytes.. But now I noticed that my desktop is screwed up, as its missing all of my shortcuts. I am also missing all of my internet favorites, and everytime I enter a web address it redirects me to another site.

Any ideas?
Run unhide.exe from bleepingcomputer, it will 'unhide' your files.

Likely it's put entries in your host file or forcing you through a proxy.
Old 04-23-11, 07:38 PM
  #10  
DVD Talk Legend
 
Hokeyboy's Avatar
 
Join Date: Oct 2001
Location: Fort Lauderdale, FL
Posts: 19,281
Received 55 Likes on 45 Posts
Re: HELP!! Windows Recovery Virus

If you can, boot up to a previous Restoration point. Then scan and kill.
Old 04-24-11, 09:27 AM
  #11  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

I fixed IE.. My host file is clear, I checked that. Why did all of my IE favorites disappear? Why is my desktop missing all of my shortcuts?

Now I am hearing commercials coming out of my computer. and I have no windows open... They start and stop automatically...
Old 04-24-11, 01:18 PM
  #12  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Originally Posted by 4KRG View Post
Sure, but those other options are not worth the time and effort and I am going to guess you don't have the skill set to manually remove something like this.

Backup data
Format
Reload
Buy a USB drive
Use imaging software to backup to the USB drive (and actually USE it)
don't get caught again
lesson learned
I backed up all my data. I have a IBM X41 laptop with windows XP professional. Ho do I reload? The IBM laptop has the access IBM button on it, and it gives me the option to restore the hardrive like it left the factory. Probably without XP. How do I download XP to the laptop and where can I download a copy?
Old 04-24-11, 02:11 PM
  #13  
DVD Talk Legend
 
Join Date: Oct 2001
Posts: 18,422
Received 123 Likes on 93 Posts
Re: HELP!! Windows Recovery Virus

Originally Posted by ANDREMIKE View Post
I backed up all my data. I have a IBM X41 laptop with windows XP professional. Ho do I reload? The IBM laptop has the access IBM button on it, and it gives me the option to restore the hardrive like it left the factory. Probably without XP. How do I download XP to the laptop and where can I download a copy?
Why do you think it wouldn't have XP? Did the laptop come with XP pre-loaded onto it?
Old 04-24-11, 02:40 PM
  #14  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

My laptop has xp professional. I thought they were recommending to format the harddrive? Doesn't that wipe away xp? Don't I need a disc to reinstall t? Or are you recommendingv something else.. please help
Old 04-24-11, 02:44 PM
  #15  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Originally Posted by Jay G. View Post
Why do you think it wouldn't have XP? Did the laptop come with XP pre-loaded onto it?
I guess I assumed when it sais to restore to fac,tory.. tghat means nothing on it.. except maybe ibm stuff
Old 04-24-11, 02:58 PM
  #16  
DVD Talk Legend
 
Dr Mabuse's Avatar
 
Join Date: Jun 2007
Location: 75 clicks above the Do Lung bridge...
Posts: 18,946
Likes: 0
Received 2 Likes on 2 Posts
Re: HELP!! Windows Recovery Virus

Andre, that will set the laptop back like it was the day you first turned it on. If it had XP Pro when you turned it on, then that's the way it will be. Just like the day it left the factory.

That's what you want to do.

when done, you'll have to reinstall your applications you use, and INSTALL good antivirus and antispyware software. THEN restore your data, so it can be scanned for infections.

When you get the system back to the way you want it, follow 4KRG's advice and image that drive to a thumbdrive or the like.

If this happens again, you can format the hard drive, then just copy over that image and it will save you restoring applications and the like.
Old 04-24-11, 04:59 PM
  #17  
New Member
 
Join Date: Apr 2011
Location: Mobile, AL
Posts: 2
Likes: 0
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Mike,

Don't freak out. I got this virus yesterday and have it cleaned off of my computer already. You and I apparently started having the problem at the same time, got it fixed and was just doing a little additional research to see what was known about the virus when I noticed your question. You have gotten some correct advice already from some folks so you just need to keep a clear head and sort the good info form the BS. I don't think you need to reformat your hard drive just yet. Save that when for when nothing else has worked. That is pretty much throwing out the baby with the bath water if you can get rid of the virus.

First off to answer some of your questions. The reason that your IE favorites and other things have disappeared is due to the hidden files. The info for the favorites list is inside your Windows folder and a lot of files and folder in there had their attributes changed to hidden. I had to go in and change the attributes to some of it manually, even after supposedly changing them in mass. I did this before I discovered the unhide.exe program so I don't know if that program adequately unhides everything or not. I spent a lot of tedious hours last night making folders unhidden. It hid my wallpaper and icons for my desktop and in fact managed to make it so I couldn't find my desktop for awhile. Trust me, after you get everything unhidden, everything starts to work again. I had to reset my wallpaper because the virus changes the desktop wallpaper to black as the default. It was while setting the wallpaper back that I noticed the file was a washed out color indicating it still had some hidden attributes even though I could see it

The main points are go to the page: bleeping computers site and follow the instructions. I'm a new member so it wouldn't allow me to post the URL.

Most importantly run the iExplore program downloaded and run it to get the darn windows recovery virus program killed

Next download, install, and run the Malwarebytes program and run a FULL Scan

Next download and run the unhide.exe program

If that doesn't get back things like your IE Favorites go in and look at your windows folder first. If some of the folders are visible but look somewhat washed out in color, there are still hidden folders files and sub folders. Right click on the folder and select Properties. Uncheck the HIDDEN box and click reply. You may get some messages about needing administrator privileges, I just clicked on ignore all and continue and it kept on going. You may need to switch to an account with administrator privileges though if that doesn't work. If you continue to have folders that are kind of washed out in color you must need to keep doing this until they are all unhidden. Again, the unhide.exe program might solve this. I don't know because I did this all manually before I notices the program. It takes a long time to run, but it also takes a long time to unhide a lot of the files and folders.

This virus was a bit of a PITA and it took a few hours but following the above and after a few reboots, I got it fixed. I wouldn't reformat until you go through all of the fixes. May sure you read that bleeping computers page and follow instructions.

Last edited by smithkf51; 04-24-11 at 05:43 PM.
Old 04-24-11, 05:29 PM
  #18  
DVD Talk Special Edition
 
Decadance's Avatar
 
Join Date: Jul 2001
Location: El Paso, TX
Posts: 1,781
Likes: 0
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Step 1. Don't Ever Use IE ever again.
Old 04-24-11, 07:09 PM
  #19  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Thanks, I wil try all that.. my ie is still redirecting me to other sites. I'm still geting randon sounds coming out of my computer.

I bought the computer used so I'm not sure what it will boot up with if I do a restore
Old 04-24-11, 09:46 PM
  #20  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Originally Posted by smithkf51 View Post
I don't think you need to reformat your hard drive just yet. Save that when for when nothing else has worked. That is pretty much throwing out the baby with the bath water if you can get rid of the virus.
If you agree with the above comment, NEVER perform online banking or anything you really care about on this machine.

I assume people want their machine to be 'safe' to use after they remove a virus. If all you ever do is surf porn with this machine, then follow advice to 'clean' it and whack away.

If you have anything on this machine you want to keep somewhat safe, nuke and pave.

I sometimes forget that many people just use computers as toys in this day and age. I assume they are used for more than that.

Last edited by 4KRG; 04-24-11 at 09:51 PM.
Old 04-24-11, 09:51 PM
  #21  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Originally Posted by Decadance View Post
Step 1. Don't Ever Use IE ever again.
This is not always the correct advice anymore. Yes there was a day when IE pretty much let every infection under the sun on to your machine, but that is not the case anymore starting with IE8.

If you are a non-computer person and just want to surf the net without thinking about it, then newest version of IE with all patches (windows update) applied is statistically your safest bet TODAY.

If you are a techo-nerd, run firefox with a handful of add ons (and know how to use the add ons) and you will be much safer. No script and Flash block just to name a couple, are very useful in preventing 'drive by' infections.

I would more suggest anyone looking to improve security to get rid of XP and upgrade to Windows 7 and run all your 'daily use' activities as a non-admin account.
Old 04-25-11, 11:29 AM
  #22  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

SO I just reformatted my computer. So far so good. Now I need to restore everything. Right now I am insatalling all the updates. Then I will install all my software again.

I am having trouble mapping a network drive. My computer used to be networked to my other computers secondary harddrive. I can't seem to find it to map to it.. the group names are the same name.. any ideas?
Old 04-25-11, 04:25 PM
  #23  
New Member
 
Join Date: Apr 2011
Location: Mobile, AL
Posts: 2
Likes: 0
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Originally Posted by 4KRG View Post
I sometimes forget that many people just use computers as toys in this day and age. I assume they are used for more than that.
I guess anyone who gets their advice from on computers from dvdtalk.com is probably not going to get the best advice in the world anyway. Sorry I interupter your "nuke and pave" camapaign but it looks like you scared poor Mike into doing it anyway.
Old 04-25-11, 07:06 PM
  #24  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jan 2000
Location: Chicago
Posts: 4,181
Received 0 Likes on 0 Posts
Re: HELP!! Windows Recovery Virus

Thats ok.. I really didn't have anything on the computer anyway. It definitly cleared up my problem. I tried everything last night to remove this virus and just gave up.

Probably improved the performance of the computer as well.

Thanks all...
Old 04-26-11, 09:37 AM
  #25  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
Re: HELP!! Windows Recovery Virus

Originally Posted by smithkf51 View Post
I guess anyone who gets their advice from on computers from dvdtalk.com is probably not going to get the best advice in the world anyway. Sorry I interupter your "nuke and pave" camapaign but it looks like you scared poor Mike into doing it anyway.
True, only complete morans post here


Originally Posted by smithkf51 View Post

This virus was a bit of a PITA and it took a few hours but
You spent a few hours and you still aren't certain your machine is malware free. ANDREMIKE spent the same few hours and now he is sure.

If he follows the rest of my advice and sets up a USB drive imaging system, he will be able to recover in minutes the next time this happens.

I am not going to bore you with my life story, let's just say I have a little experience in this arena and so do a handful of other regular posters here.

*IF* you do anything that involves money or identity on your computer *AND* you have to rely on automated tools to remove your malware, you are FAR safer (statistically speaking) with the nuke and pave method of removal for several families of malware.

*IF* you have mad skillz and can manually remove these things and have the ability to test they have truly been removed, then you wouldn't be posting here asking for help IMO.


If your computer is a game/porn machine and nothing else, then clean away, you have nothing to worry about. There is no info on the machine worth stealing.

Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.