cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jnphilips
Level 7
Report Inappropriate Content
Message 1 of 13

Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Please can someone help me. I have a "windows recovery" virus. I have Mcaffee anti virus software but it seems to have got past that. I am just a simple users so have no idea how to get rid of it. I didn't know what to do, the computer just kept running the program and I couldn't stop it, so I turned off my computer, I am currently using my spare one - which isn't infected.

Can someone direct me to a set of instructions as to what I should do to get get of the virus.

Thank you.

1 Solution

Accepted Solutions

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Moved to Malware Discussion > Home User Assistance.

This is a fake Windows optimization application and as such is hard for any antivirus to detect as it relies on people clicking something and then it activates.

There is an excellent removal guide here:  http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

Scroll down that page as the first links you'll see are advertising.


Message was edited by: Ex_Brit on 13/05/11 8:12:20 EDT AM

View solution in original post

12 Replies

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Moved to Malware Discussion > Home User Assistance.

This is a fake Windows optimization application and as such is hard for any antivirus to detect as it relies on people clicking something and then it activates.

There is an excellent removal guide here:  http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

Scroll down that page as the first links you'll see are advertising.


Message was edited by: Ex_Brit on 13/05/11 8:12:20 EDT AM

View solution in original post

jnphilips
Level 7
Report Inappropriate Content
Message 3 of 13

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Thank you

I will try this now

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Good luck.

jnphilips
Level 7
Report Inappropriate Content
Message 5 of 13

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

I've downloaded all the removal software on to a memory stick.

Should I disconnect the infected computer from the network and internet before I start?

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Boot into 'Safe Mode with Networking' by tapping F8 repeatedly while booting up and install, update (important) and run the Malwarebytes (Free) programme.

That's one of the few applications that can fully function in that mode, which hopefully will give you internet access whilst not letting the malware run.

jnphilips
Level 7
Report Inappropriate Content
Message 7 of 13

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

ta

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Hope it works.  😉

jnphilips
Level 7
Report Inappropriate Content
Message 9 of 13

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Hi again.

I followed the instructions and ran malwarebytes on all the discs in safe networking mode - it found several infected files which I removed.

I then ran unhide.exe - and the files in the directories reappeared - which was good.

 

However, the programs in the start menu programs bit are mostly "empty" although I have checked and the programs are on the disc and seem to be ok.

  

How do I get them back in the start menu programs bit (I am running Vista).

The bulk of the shortcuts I had on the desktop are also missing but I can put them back manually.

  

Also the little symbol beside files that tell you what program the file is associated with are mainly missing but when I click on a file the symbol changes to the correct one (for all the files that open with that program not just the one I clicked on).

By the way when I restarted the system - in normal mode - windows intervened during the boot up process to say that the discs were out of sync (there are two discs and it runs a a RAID configuration) and it ran something to resync them and then booed up normally.

Thanks

jnphilips
Level 7
Report Inappropriate Content
Message 10 of 13

Re: Help. Have "Windows Recover" virus don't know what to do...

Jump to solution

Hi again

I fixed it!

It occurred to me that if it was a scam to get you to buy software - it would potentially work - so all the "lost" data must be on the disc somewhere - probably in renamed files.


So I did a full windows search of the c drive - including non-indexed, hidden and systems files for all the files created on the day that it happened and found the lost start menu files in:-

c:\users\username\appdata\local\temp\smtmp  the latter being a folder containing all the files and shortcuts  - I then just copied these back to their proper locations ie the start menu items belong in c:\programdata\microsoft\windows\startmenu\progams and then copied/dragged the other shortcuts back to the desktop or taskbar....

Maybe this will help other people though obviously the name smtmp might be a randomly produced one the methodology should still work.

Thanks for all your help.
janet

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community