Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Repair malware?


  • Please log in to reply
5 replies to this topic

#1 Lorreign

Lorreign

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 28 March 2011 - 08:38 PM

I'm putting this here cause...well idk if I need to go to the virus section or if something is actually damaged. So my mom picks up malware like it's on sale or something. I don't understand it either because she's always had some kind of virus software on her computers where I have none and have never picked up anything. She gets them from facebook too and I don't use facebook.

So she suddenly gets this program pop up called 'windows repair' (I had a screenshot but the file has been eaten, apparently). I'm certain it's a type of malware cause it wants you to 'buy now to fix problems' and has a fake IE window pop up.

However, programs have disappeared and whole folders have. The libraries folder up here is now empty (funny since I had JUST saved a screen shot into 'pictures' within that folder). Taskbar windows are popping up like RAM memory usage is critically high and damaged hard drive clusters detected. private data is at risk. Then there are system pop ups like hard drive failed and this one right here

Windows - Delayed Write Filed
Windows was unable to save all the data for the file \\System32\\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

I'm using it right now (the computer)...would it boot up at all with a hard drive failure?

I started running malwarebytes on it and already it has found 3 infections.

But things are just disappearing! Under Libraries, there's nothing. No documents, no pictures, no videos or any of those standard folders. I don't think she has a backup either. Is this all malware or is there a system error? The computer/hard drive is brand new too.

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery it looks like this but it's called windows repair. but I'm concerned about the things that have poofed.

Edited by hamluis, 29 March 2011 - 09:17 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 pleasehelpmeasap

pleasehelpmeasap

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 28 March 2011 - 10:44 PM

By coincidence im looking for the same solution. However, i was succesful in removing the start-up scan but i was unsuccesful in repairing the desktop background. The method i used was as follows: go to control panel--> appearances and personalization--> under folder options --> show hidden files and folders--> fill in the show hidden files, folders and drives bubble. Next go to run and type in %appdata% search for windows repair and delete everything you find. NExt search %progamdata% and search windows repair and delete everything you find. The main culprit is a file called windowsrepair.exe i believe. Everything else is a shortcut. However, thats the farthest i have gotton. Its guaranteed to work but there are some registry issues prohibiting my computer from changing desktop themes. Everytime i click on change theme, the taskbar color changes but the wallpaper never changes. I have scanned my computer using more than 10 scanners and still non were able to detect and fix the problem. Please someone from bleeping computers help me fix this gigantic mess. I beleive its a registry problem but a slight change in registry keys will damage my laptop. Can you give me step by step instructions on how to fix it, please. Thank you.

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:02:59 PM

Posted 29 March 2011 - 06:58 AM

But things are just disappearing! Under Libraries, there's nothing. No documents, no pictures, no videos or any of those standard folders. I don't think she has a backup either. Is this all malware or is there a system error? The computer/hard drive is brand new too.

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery it looks like this but it's called windows repair. but I'm concerned about the things that have poofed.

According to the removal guide @ the link, this is a symptom of the malware:

This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


#4 isrjs

isrjs

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 09 May 2011 - 05:14 PM

A friend got hit with the "Windows Recovery" virus last week.

I used the removal instructions I found on this site.

I followed all the steps, and it worked for the most part.
1. rkill
2. MalWareBytes
3. Unhide.exe
4. PSI.exe

The Desktop Icons were missing.
They were actually there when I started the recovery, but they disappeared at some point.

I found this entry in the registry:
NoDesktop = 1

I changed it to:
NoDesktop = 0

That fixed it.
He now has the Desktop Icons back.

However, he is still missing virtually ALL the Start Menu, & Program Menu icons.

Any one have a solution to that issue?

I noticed a strange behavior regarding the Program Menu icons.
When I recreated a shortcut/link to a program, and placed it in its original Program Menu folder, the new link is not visible.
I did this twice and neither of the links are visible.

That leads me to believe the program links are still there, but are just hidden.
PC Inspector File Recovery did not find any deleted links on the drive, so I was unable to restore them that way.

Does anyone have an idea of how to unhide the Start Menu & Program Menu icons?
I ran the unhide.exe program twice, without any affect.
All system files & extensions are unhidden.
I was able to do a System Restore to a date prior to the infection, but the icons are still missing.

It's will be tedious to have to recreate all those links manually.

Thanks in advance.
isrjs

#5 XeviousR

XeviousR

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 13 May 2011 - 10:24 AM

I experienced the same problem as isrjs just last night.

Steps I have taken so far...
1. Computer would not reboot so I used Ultimate Boot CD 2008 to run Windows Recovery Console and run fixboot and fixmbr.
2. Rebooted to Windows and ran rkill and iexplore from a flash drive. Reference: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
3. MalWareBytes install and scan.

Current condition
> Desktop is missing most icons
> Start/Programs menu is blank except for MalWareBytes
> Second partition of my hard drive shows no files, but I suspect they are hidden because the drive shows that it is 50% full.

Next steps
> I'll try unhide and PSI but I suspect that I will be in the same place as isrjs... with a blank start/programs menu.

Bump to the top for a solution. Need to recover the Start/Programs menu. Thanks!

Edited by XeviousR, 13 May 2011 - 10:25 AM.


#6 XeviousR

XeviousR

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 14 May 2011 - 02:02 PM

I am back to 100%

Here were my steps...
1. Computer would not reboot so I used Ultimate Boot CD 2008 to run Windows Recovery Console and run fixboot and fixmbr.
2. Rebooted to Windows and ran rkill and iexplore from a flash drive. Reference: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
3. MalWareBytes install and scan.
4. Unhide.exe
5. Reboot
>> At this point the computer was working fine but many of my Start menu program links were missing, desktop image missing, and desktop links missing.
6. Ran Windows System Restore and reverted back one week

Good to go! Now it is just a matter of repeating windows antivirus scan and malwarebytes scan. I am suspect of Adobe Reader 10.0.1 for making my computer vulnerable. Information about the vulnerabilities here... http://www.adobe.com/support/security/bulletins/apsb11-08.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users