Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Evil Scareware called Windows Recovery


  • Please log in to reply
No replies to this topic

#1 shlargareth

shlargareth

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 07 May 2011 - 01:56 PM

Hello Everyone,
This is my first post here.
Last night, I was attacked by a terrible scareware program called Windows Recovery.
It opened windows that claimed I had a Hard Drive Error.
Once it opened a window to try to get me to buy their product, I knew I was dealing with malware.
I knew time would be short, since the windows would be opening now with increasing frequency.

I did a Google search and it brought me to this website.
The specific URL is http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery.
I am greatful taht you guys are here to help people.
I followed the 7 page guide, but I still have not been able to remove it.
Maybe I need the Professinoal version of MBAM - I already had the free version on my computer.
I am recounting these details in order to hopefully help others.

Getting back to my story, I quickly tried to print out your removal guide, but of ocurse, halfway through printing
the malware forced me to reboot, so I only got half of the pages. (I eventually got them all)
Then, after the computer restarted, instead of seeing my beatufiul cliff in the clouds picutre, I was presented with a black screen.
All of my icons were hidden.
I went to the start menu and all of my programs were gone as well - it was just a blank window.
I had managed to download the RKill program you recommend losing, but now I could not see it.
As suggested in your removal guide, I used %userprofile%\desktop\iexplore.exe to run the program without have to click on the icon.
The Malware blocked this a few times by opening windows with spurious claiming that the Hard Drive was melting.
Somehow I got RKill to run and it did stop the processes.
I ran MBAW - and it went for 90 minutes and found 1 item, which I removed.
(I was troubled that in your directions -it showed 3 items that were found)

Then, MBAW rebooted my computer (I think this was a bad idea)
Much to my dismay Windows Recovery was back again.
I ran Hijack this and found a nasty looking O4 item, which I delete.
This was the evil item: O4 - HKCU\..\Run: [JqXcXynVehsDcBr] C:\Documents and Settings\All Users\Application Data\JqXcXynVehsDcBr.exe
The JqX name seemed so ridiculous I knew it had to be bad.
I opened the Task Manager as well, and although I know this is dangerous - I terminated a process
with the same name.


My recollection is a bit fuzzy, this ordeal took five hours last night, and it far from over.
I am at work today (Saturday) so that I can have internet access.

In Safe Mode I was able to unhide most of the files on my desktop.
So now I can at least see Hijack this and a few other inconsequnetial icons.
unfortunately, in the start menu I still have no programs listed.
I am worried.

A strange pheonomeon that I forgot to mention - last night when I only had the black screen in front of me instead of my desktop,
I heard advertisements - like the kind you get before you watch some yahoo video.

Today, I turned on Safe Mode with Networking so I could access the Internet.
I did not hear these adds, but I kept getting error messages like this "Internet Explorer Script Error"
It was usually two URL sites such as http:\\www.parentask.com (with other stuff trailing this)
and http:\\www.momversation.com (with other stuff trailing this)
I figure I did not hear any of these ads because I was Networking in Safe Mode

I attempted to access Bleeping Computer but instead the Browswer said "Redirect" and I was taken to computer shopper. com

Clearly, I may have multiple problems - not just Windows Recovery - or perhaps Windows Recovery works with other Malware Programs, I have no idea

Why doesn't the Justice Department do something about these scams!!!!!!

Now I am thinking about using System Restore, yet I am afraid.
In 2006 I had a virus that backed itself up in system Restore, so I am not sure it is good to use it for my current problem.

What do you guys think?
Why was malwarebytes unsuccessful in helping me?
What do I do next?
I am willing to spend money - what kind of stuff do I need to buy to protect myself?

Thanks,

Shlar :)

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users