April 22nd, 2011, 04:57 AM
Windows Recovery Virus
I just got hit with this Windows Recovery virus. It appeared as a fake Windows Recovery Program, telling my my hard drive had failed and could not be fixed. It removed all the icons from my desk top and other things as well.
Windows Recovery got in (BTW) because I had turned my Kaspersky antivirus off and forgot to turn it on when I went online (dumb i know)
I completed a System Restore (to the previous day) and that seemed to fix everything. I completed a full scan with Kaspersky Anti Virus (2011 Version 220.127.116.110) and everything seems to be OK.
I am now wondering; is the Windows Recovery Virus still in my system somewhere or has the System Restore wiped it out. If it is still lurking or inactive, how do I get rid of it..
I am running Windows XP, media center edition, on an HP PC
Thanks in advance
Last edited by Halder; April 22nd, 2011 at 04:59 AM.
April 22nd, 2011, 21:14 PM
It should be ok if Kapersky hasn't found anything.
Install and run the Free version of Malwarebytes just to be sure.
April 23rd, 2011, 14:36 PM
Update on Windows Recovery Virus
Thanks Rev. for your reply. I did download the program you mentioned and it found nothing as did kaspersky. I guess the system restore got rid of it.
For the benefit of others who might run across this virus; the virus hides all your desk top icons, your drives and your programs on the start menu. They are all still there but the impression one gets is that they are gone.
When you finally get them back after system restore, you may note that
pdf, MS Word and media files stay translucent (grayed out) as if they are not accessible (though they are). I had to go into each file and change the attributes (from hidden) to make it fully visible. There is also a program called unhide.exe which does this system wide
Another thing the virus does is it appears to delete all your favorites folders (and subfolders) from Internet Explorer, when you try to add them on again you get the message that they already exist. You need to use windows explorer to access the favorites folder and unhide them (or add them) again.
Thanks for your assistance and I hope that no one else gets this virus.
I need to tell you that I am not a newbie and was fairly convinced at the windows box that came up (the virus itself) telling me of the hard drive failure, it was only the “Pay here for full version of Windows Recovery” that alerted me to it being a virus. I have added an image of it to this post to alert others.
Last edited by Halder; April 23rd, 2011 at 14:40 PM.