Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Help!!! How do I remove Windows recovery virus from my computer

Options
  • 24-03-2011 1:40am
    #1
    EmilyD
    Registered Users Posts: 29


    Hi,
    My computer has just been rendered virtually unusable by a virus called Windows Recovery. At first I thought it was a genuine security program on my computer - it displays all these security warnings and had me pretty freaked. But I quickly realised it was the problem. I have no idea how to delete it and it seems to a have deleted alot of files and programs on me. I'm a writer and I stupidly haven't backed things up so I'm terrified I won't be able to recover files. It has also deleted my Internet explorer stopping me from accessing the net but I have the use of a second comp. Can anyone please advise me on how to get rid of it or if my computer is beyond saving....


Comments

  • Options
    #2
    u140acro3xs7dm
    Closed Accounts Posts: 1,512 ✭✭✭u140acro3xs7dm


    Try starting in safe mode, keep tapping f8 when the computer starts up choose safe mode with networking. If you have access to another computer download rkill and malwarebytes on to a usb stick. Run rkill first, then start malwaerbytes and update it and run a full scan.


  • Options
    #3
    tfitzgerald
    Registered Users Posts: 2,285 ✭✭✭tfitzgerald


    I think I had this during the week as well go into start ,search and for example click search for music and a lot of the files will still be there then cut and paste them to a new folder also right click on my computer and search from there it will take a while but you should get back most of your files


  • Options
    #4
    tfitzgerald
    Registered Users Posts: 2,285 ✭✭✭tfitzgerald


    Sorry about double post I am blaming the iphone , what I wanted to say is that I will be using E T suggestions as well. Thanks


  • Options
    #5
    cerbeus
    Registered Users Posts: 372 ✭✭cerbeus


    See if this helps: http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery


  • Options
    #6
    bhickey
    Registered Users Posts: 1,340 ✭✭✭bhickey


    EmilyD wrote: »
    I'm a writer and I stupidly haven't backed things up so I'm terrified I won't be able to recover files.

    The first thing to do might be to download a Linux Live CD (e.g. Ubuntu), burn it to a CD and then you can boot your computer from it and copy all your files to an external drive.

    Then try ET_phone_home's suggestion of : boot into Safe Mode (with Networking), run Rkill and then Malwarebytes.


  • Advertisement
  • Options
    #7
    EmilyD
    Registered Users Posts: 29 EmilyD


    After a near sleepless night I stumbled across the bleeping computer page and followed that advice with RKill and the malware program - it seems to have worked. My files didn't reappear but when I went into show hidden files/folders they're now all there but they're only feintly visible. It's not really a big deal but does anyone know how to highlight them properly? I feel like I've been through the wars :-O Tfitzgerald... have you had any problems with your comp since? Did you get any new virus protection to avoid it happening again? And any idea where this trojan motherf&*^*&^*r came from!?! I've never had any problems like this before and I'm a little worried the virus may be gone but not without leaving its mark. Thanks for all the advice by the way :)


  • Options
    #8
    bhickey
    Registered Users Posts: 1,340 ✭✭✭bhickey


    EmilyD wrote: »
    .... when I went into show hidden files/folders they're now all there but they're only feintly visible. It's not really a big deal but does anyone know how to highlight them properly?

    The folders/files are still marked as 'Hidden'. In Windows Explorer, right-click on them and disable the 'Hidden' attribute.

    What antivirus software are you running on the computer?


  • Options
    #9
    EmilyD
    Registered Users Posts: 29 EmilyD


    Thanks a mil...worked like a treat :) I was using AVG but I think it had recently expired which might explain the virus. Would you recommend AVG again or maybe upgrading to a paid virus protector...?


  • Options
    #10
    u140acro3xs7dm
    Closed Accounts Posts: 1,512 ✭✭✭u140acro3xs7dm


    EmilyD wrote: »
    Thanks a mil...worked like a treat :) I was using AVG but I think it had recently expired which might explain the virus. Would you recommend AVG again or maybe upgrading to a paid virus protector...?
    I use Avira which is free and i find it pretty good. I used to use AVG but found it wasnt great and hogged up a lot of resources although this could changed in the couple of years since i changed.


  • Options
    #11
    tfitzgerald
    Registered Users Posts: 2,285 ✭✭✭tfitzgerald


    Emilyd a lot of the programmes I had on the computer are gone this only happened to me over the weekend so I am still going thru the pc as for where it came from I have know idea and I am very careful about the sites I visit I use norton as security but this is the second bad virus I have had in a month the other one was the google search one where it looked like google but kept taking me to it's own sites


  • Advertisement
  • Options
    #12
    EmilyD
    Registered Users Posts: 29 EmilyD


    A lot of my programs weren't showing up either but if you try going into Folder Options, then into View and then select Show Hidden Files, Folders and Drives this may help. It seemed to work for me anyway. Does your computer seem to be running ok besides? Mine was really fast pre-virus but seems a lot slower now so I'm still a little worried.


  • Options
    #13
    tfitzgerald
    Registered Users Posts: 2,285 ✭✭✭tfitzgerald


    Yes I have tried the hidden folders route and I got a lot back my email contacts are all gone and a lot of files in my documents folder are missing and you are right my pc is running slower but when I install this rkill I hope it will come back to the way it was , and I would really like to know where this came from


  • Options
    #14
    EmilyD
    Registered Users Posts: 29 EmilyD


    Good luck with it... let me know how you get on. It's still early days but I don't think I've lost anything so hopefully you'll resurrect your files too.


  • Options
    #15
    bhickey
    Registered Users Posts: 1,340 ✭✭✭bhickey


    EmilyD wrote: »
    Thanks a mil...worked like a treat :) I was using AVG but I think it had recently expired which might explain the virus. Would you recommend AVG again or maybe upgrading to a paid virus protector...?

    In my humble opinion, definitely get rid of AVG and personally I'd recommend MSE (Microsoft Security Essentials) which is free. Have a look here.


  • Options
    #16
    Victor McDade
    Registered Users Posts: 710 ✭✭✭Victor McDade


    Hi all, I picked up this virus a few days ago, followed the bleepingcomputer guide and seem to have got ridden of the virus. But now all the start menu folders are showing "empty" as in the attached pic after running unhide.exe twice.

    Windows restore fails every time.
    I can't scan in Command Prompt as it says I need to be an administrator (even though I am :rolleyes:)
    I've tried "show hidden files and folders" to no avail.

    Any advice?
    Thanks


  • Options
    #17
    yoyo
    Moderators, Technology & Internet Moderators Posts: 11,011 Mod ✭✭✭✭yoyo


    Victor McDade wrote: »
    Hi all, I picked up this virus a few days ago, followed the bleepingcomputer guide and seem to have got ridden of the virus. But now all the start menu folders are showing "empty" as in the attached pic after running unhide.exe twice.

    Windows restore fails every time.
    I can't scan in Command Prompt as it says I need to be an administrator (even though I am :rolleyes:)
    I've tried "show hidden files and folders" to no avail.

    Any advice?
    Thanks

    To open command prompt as administrator type cmd into the start menu, when command prompt displays right click it and choose run as administrator. If it doesnt show look in the C:\Windows\System32 folder for cmd.exe and do the same as above

    Nick

    My Beer Glass collection site 🍺

    My Irish Callcards site



  • Options
    #18
    Victor McDade
    Registered Users Posts: 710 ✭✭✭Victor McDade


    Thanks. Still no luck. Backing up files before doing a full reinstall


  • Options
    #19
    tfitzgerald
    Registered Users Posts: 2,285 ✭✭✭tfitzgerald


    Go to start then search you have to search for all types of files eg mp3 , photo ,jpg when you find them cut and the copy them into new folders do not copy them cut them otherwise you will fill up the pc fast this will take a nice bot of time and is awkward enough but it does work


  • Options
    #20
    Victor McDade
    Registered Users Posts: 710 ✭✭✭Victor McDade


    tfitzgerald wrote: »
    Go to start then search you have to search for all types of files eg mp3 , photo ,jpg when you find them cut and the copy them into new folders do not copy them cut them otherwise you will fill up the pc fast this will take a nice bot of time and is awkward enough but it does work

    Did a search but none of the programmes showed themselves, in the end I did a complete format/reinstall as I really wasn't sure what else that virus got up to in the background
    LIGHTNING wrote: »
    Here is a nifty tool for unhiding the contents of your HDD. Note the download is a .exe file, I normally dont like sending them but at this stage its all you can try. Be patient with the program as it can take a while.

    File is clean and has been verified safe to use in Win XP,Vista and 7

    http://www.megaupload.com/?d=Z4PP5NEG

    Yeah, unhide.exe is linked to on the bleepingcomputer website but failed to get the shortcuts back after running twice. It seems the virus has been updated recently
    http://remove-malwares.blogspot.com/2011/05/updated-version-of-windows-recovery.html
    Needless to say trojan killer didn't help get them back either. I didn't mind reinstalling windows from scratch as the laptop is fairly new.
    Cheers for advice lads


  • Options
    #21
    ikeano29
    Registered Users Posts: 344 ✭✭ikeano29


    I've found over the years that actually having antivirus running in the background is a hog on your system and gives a false sence of security.
    If you are a windows user it's very important to keep everything on your system up to date, especially java and flash, and in windows have automatic updates turned on!

    Some programs you can run every few days are;
    Malwarebytes
    Superantispyware
    Ccleaner

    Also, while browsing the net use Mozilla firefox with add ons;
    No script(only allow sites that you trust to run scripts)
    Adblock plus
    Ghostery


  • Advertisement
  • Options
    #22
    gerryk
    Registered Users Posts: 1,726 ✭✭✭gerryk


    I would have to agree with ikeano. AV, imo, does nothing but give users a false sense of security. Staying ahead of signature based detection is easy from the POV of malware writers.

    Firefox + NoScript is probably the best defense against intrusion. Also, keep stuff like Adobe products updated.


Advertisement