This is my first post here.
Last night, I was attacked by a terrible scareware program called Windows Recovery.
It opened windows that claimed I had a Hard Drive Error.
Once it opened a window to try to get me to buy their product, I knew I was dealing with malware.
I knew time would be short, since the windows would be opening now with increasing frequency.
I did a Google search and it brought me to this website.
The specific URL is http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery.
I am greatful taht you guys are here to help people.
I followed the 7 page guide, but I still have not been able to remove it.
Maybe I need the Professinoal version of MBAM - I already had the free version on my computer.
I am recounting these details in order to hopefully help others.
Getting back to my story, I quickly tried to print out your removal guide, but of ocurse, halfway through printing
the malware forced me to reboot, so I only got half of the pages. (I eventually got them all)
Then, after the computer restarted, instead of seeing my beatufiul cliff in the clouds picutre, I was presented with a black screen.
All of my icons were hidden.
I went to the start menu and all of my programs were gone as well - it was just a blank window.
I had managed to download the RKill program you recommend losing, but now I could not see it.
As suggested in your removal guide, I used %userprofile%\desktop\iexplore.exe to run the program without have to click on the icon.
The Malware blocked this a few times by opening windows with spurious claiming that the Hard Drive was melting.
Somehow I got RKill to run and it did stop the processes.
I ran MBAW - and it went for 90 minutes and found 1 item, which I removed.
(I was troubled that in your directions -it showed 3 items that were found)
Then, MBAW rebooted my computer (I think this was a bad idea)
Much to my dismay Windows Recovery was back again.
I ran Hijack this and found a nasty looking O4 item, which I delete.
This was the evil item: O4 - HKCU\..\Run: [JqXcXynVehsDcBr] C:\Documents and Settings\All Users\Application Data\JqXcXynVehsDcBr.exe
The JqX name seemed so ridiculous I knew it had to be bad.
I opened the Task Manager as well, and although I know this is dangerous - I terminated a process
with the same name.
My recollection is a bit fuzzy, this ordeal took five hours last night, and it far from over.
I am at work today (Saturday) so that I can have internet access.
In Safe Mode I was able to unhide most of the files on my desktop.
So now I can at least see Hijack this and a few other inconsequnetial icons.
unfortunately, in the start menu I still have no programs listed.
I am worried.
A strange pheonomeon that I forgot to mention - last night when I only had the black screen in front of me instead of my desktop,
I heard advertisements - like the kind you get before you watch some yahoo video.
Today, I turned on Safe Mode with Networking so I could access the Internet.
I did not hear these adds, but I kept getting error messages like this "Internet Explorer Script Error"
It was usually two URL sites such as http:\\www.parentask.com (with other stuff trailing this)
and http:\\www.momversation.com (with other stuff trailing this)
I figure I did not hear any of these ads because I was Networking in Safe Mode
I attempted to access Bleeping Computer but instead the Browswer said "Redirect" and I was taken to computer shopper. com
Clearly, I may have multiple problems - not just Windows Recovery - or perhaps Windows Recovery works with other Malware Programs, I have no idea
Why doesn't the Justice Department do something about these scams!!!!!!
Now I am thinking about using System Restore, yet I am afraid.
In 2006 I had a virus that backed itself up in system Restore, so I am not sure it is good to use it for my current problem.
What do you guys think?
Why was malwarebytes unsuccessful in helping me?
What do I do next?
I am willing to spend money - what kind of stuff do I need to buy to protect myself?