WindowsRecovery Scareware

BleepingComputer.com: WindowsRecovery Scareware

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

WindowsRecovery Scareware new Rouge-antivirus?

#1 fecklessgadfly

New Member

Group: Members
Posts: 1
Joined: 22-April 11

Posted 22 April 2011 - 11:51 PM

Ok, I was wondering if anyone else has run into this one. I work at a school, so I'm pretty used to using the "rkill/mbam" combo to fix scareware. But I've been hit by a whopper.

It's called "WindowsRecovery" and it uses four puzzle pieces as it's logo.

My wife picked it up, and after running rkill it left me with a black background and empty "all programs" (I'm using XP/SP3).

When I clicked on C: the only thing there was the rkill log.

After changing folder options to "show hidden files" I can see the desktop icons again, and the C: drive files.

However, "All programs" is still empty.

I cannot get MBAM to run, and my regular Anti-virus sees nothing.

I attempted to run "rkill" again and was told "access denied" but by the "red x" you can tell it's the rouge anti-virus doing it.

Has anyone else run across this variant, or have any Ideas on how to beat it?

***addition*** it also tells me that my hard drive is corrupted.

This post has been edited by fecklessgadfly: 22 April 2011 - 11:59 PM