Help
Hi there,
I've just been infected with Windows System Recovery. I realise something was up as I've been infected with Windows Vista Security not that long ago and didn't buy the program. I used this site previously and my computer was completely recovered, so I ran the same steps again ie RKill and then Malwarebytes and then paniced when after running Malwarebytes for 2 hours, I restated my computer to find all my files missing.
However, I came back to this site and found the specific info on this version of the virus and ran the various programs to unhide my programs, which wer succesfull. However, I still can't get my Start menu and Desktop back to normal.
I've been reading the thread on Windows 7 Recovery and the really helpful posts by Broni, which did help me get my Quickstart Taskbar back, but I just can't seem to get the Desktop or Start menu back to normal. I've tried using the take ownership program, which has not worked. I have also tried the Command promt stuff recommend in post #21, and some files appeared to be copied for the Desktop, but when I've restarted the computer, they are still not there.
I'm running Windows Vista Home premium. I was also running McAfee VirusPlus at the time of both infections, which obviously was completely useless. I've since removed it and at the moment am running Windows Security Essentials as a temp solution. As well as help with the Start menu and Desktop, I would really appreciate any other advice on protecting my computer.
Thanks in advance
Page 1 of 1
Windows System Recovery
Back to top
#2
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 05 July 2011 - 02:38 PM
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#3
- Member
-
- Group: Members
- Posts: 15
- Joined: 04-July 11
Posted 05 July 2011 - 05:52 PM
Hi there
Thanks for the reply, I had already run this and it brought back my files such as pictures and word files etc. I have run it again just to be sure and this time I get the following error dialogue box...
Windows Script Host
Can't find script engine "VBScript" for script "C:\Users\Lucy\AppData\Local\Temp\info.vbs".
Nb. I tried to do print screen to do a shot and it didn't seem to work.
Cheers
Thanks for the reply, I had already run this and it brought back my files such as pictures and word files etc. I have run it again just to be sure and this time I get the following error dialogue box...
Windows Script Host
Can't find script engine "VBScript" for script "C:\Users\Lucy\AppData\Local\Temp\info.vbs".
Nb. I tried to do print screen to do a shot and it didn't seem to work.
Cheers
#4
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 05 July 2011 - 07:50 PM
Download Win32kDiag.exe from any of the following links to your desktop:
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe
This post has been edited by boopme: 05 July 2011 - 07:52 PM
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#5
- Member
-
- Group: Members
- Posts: 15
- Joined: 04-July 11
Posted 06 July 2011 - 04:31 AM
I've run the program, its finished, nothing much seems to have happened???
#6
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 06 July 2011 - 09:07 AM
I'm sorry I erased the log section.
A file called log.txt should be created on your Desktop and open in Notepad.
Copy and paste the contents of that file in your next reply.
A file called log.txt should be created on your Desktop and open in Notepad.
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
#7
- Member
-
- Group: Members
- Posts: 15
- Joined: 04-July 11
Posted 06 July 2011 - 11:34 AM
Ah, no worries, here is the log...
Running from: C:\Users\Lucy\Desktop\Win32kDiag.exe
Log file at : C:\Users\Lucy\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2011-07-06 08:54:20 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
[1] 2011-07-06 08:55:08 3368 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl ()
Finished!
Running from: C:\Users\Lucy\Desktop\Win32kDiag.exe
Log file at : C:\Users\Lucy\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2011-07-06 08:54:20 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
[1] 2011-07-06 08:54:12 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl
[1] 2011-07-06 08:55:08 3368 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTkerberos.etl ()
Finished!
#8
- Member
-
- Group: Members
- Posts: 15
- Joined: 04-July 11
Posted 17 July 2011 - 04:19 AM
Hello
Its been over a week now, and I've had no response after posting this log, please can someone get back to me?
Cheers
lucy
Its been over a week now, and I've had no response after posting this log, please can someone get back to me?
Cheers
lucy
#9
- To Insanity and Beyond
-
- Group: Global Moderator
- Posts: 48,761
- Joined: 10-September 04
- Gender:Male
- Location:NJ USA
Posted 17 July 2011 - 03:46 PM
Hi lucy ,sorry I did not get the notification. It appears you may have an MBR rootkit. This requires either areformat and reinstall or you need to move to the Malware Removal section.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.
Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Share this topic:
Page 1 of 1