Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Recovery


  • Please log in to reply
5 replies to this topic

#1 heeleenn

heeleenn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 11 May 2011 - 11:17 PM

My computer (windows 7) is infected with the windows recovery virus (or so I believe, I got the pop up on my computer.) I followed the advice of a moderator in a topic similar to this one and now it's running okay, all my files are inact, but all my programs are gone including MS word, mozilla, itunes and my recycle bin. Are those programs I just need to re-install or can they be recovered. Also all the pinned programs on my taskbar show up as a white paper with a folded corner icon. Any advice on what to do from here? Thank you for all your help!

edit
also I keep getting this message:

RunDLL
There was a problem starting
C:\users\owner\appdata\local\esutizoyiziyemam.dll

the specific module could not be found

AND THIS ONE

There was a problem starting
C:\users\owner\appdata\local\witaPRe.dll

I have no idea what these are...

Edited by heeleenn, 11 May 2011 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 11 May 2011 - 11:49 PM

Please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Edited by Budapest, 11 May 2011 - 11:49 PM.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 heeleenn

heeleenn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2011 - 12:12 AM

Hello Thank you. I already did this and used the other clean up tools provided in a similar post to mine. The system seems to be running okay now but I'm not sure if my programs are okay. Do I need to re-install everything? Thank you.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 13 May 2011 - 12:20 AM

Do a search for any folders on your hard drive called:

smtmp

In particular have a look under this folder: C:\Users\user_name\AppData\Local\Temp

Tell me what you find.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 heeleenn

heeleenn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2011 - 02:07 AM

Thank you again. I didn't find any search results for smtmp but when I checked the local\temp I found these:

there are 3 div6843.tmp folders, plugtmp folder, low folder, WPDNSE folder, 5 tmp.cvr files, 1 .tmp file, cvh launcher,FXSAPIDebugLogFile, prg29BE.tmp, etc. Is this bad??

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 13 May 2011 - 03:26 PM

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users