Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows 7 Recovery

  • Please log in to reply
2 replies to this topic

#1 Reesie87


  • Members
  • 26 posts
  • Local time:11:18 AM

Posted 20 May 2011 - 06:37 PM

Your step-by-step help was awesome, and I had completely believed that the problem was fixed. I had no problems getting your RSKiller to run, it listed over 8 things it had removed (the biggest of which being adobe and java). I ran a FULL scan with Malwarebytes (which I am already completely familiar with because its my MAIN virus scanner ^^), and it finished a scan with 2 infected files. It said it successfully removed them, I accepted it wanted to restart...

And it was back.

I told myself "Okay, okay. They said it might not work. I'll run a DIFFERENT RSKiller file."

So I started all over again. And yet again, I thought it was all successful. I even downloaded the unhide.exe, and got the joy of seeing everything returned back to normal. Malwarebytes finished up with NO detected files. I, however, wanted to be COMPLETELY sure it was gone, because doing this takes over 2 hours. I downloaded the PSIsetup to check for vulnerable programs, and continued deleted and tweaking until my final scan was at a 100%. I ran RSKill ONE last time, and it came back with nothing :) I really thought I was in the clear...but as soon as I reset again, it was back.

I think I need help now =P I cannot stand doing another 2-3 hour long process just to have it not work. There has to be something i'm missing :( Somehow, this virus is hiding from your programs and Malwarebytes. What can I do to make sure it is COMPLETELY snuffed out?

There was definitely progress, at least. I am online right now, on the infected computer. It didn't hide my internet connection from me like it did before. It is hiding basically ALL of my documents again, but the internet (Firefox) and Malwarebytes are both here. Hopefully that means there was some progress??

Help me vanquish this virus from hell.

The typical information you may need:
- My system is Windows 7
- The malware is Windows 7 Recovery
- It is hiding documents, making false reports about a failing harddrive, and shutting down my computer. I always do my best to STOP the shutdown, but it succeeded once before I actually started the correctional process the SECOND time.
- It is currently unactive, as I ran RSkill. I have done nothing else, however, as I want to make sure to follow you guys completely step by step. I know it's still there, I just wanted to get it to stop the alerts.

BC AdBot (Login to Remove)


#2 Jacee


    Bleeping around

  • Malware Response Team
  • 3,716 posts
  • Gender:Female
  • Local time:09:18 AM

Posted 20 May 2011 - 08:02 PM

Please start a new topic in "Am I Infected"... post your problems and you will get instructions. Follow all of them :thumbup2:

MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop

#3 selfmade64856


  • Members
  • 40 posts
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:18 AM

Posted 26 May 2011 - 06:03 AM

It said it successfully removed them, I accepted it wanted to restart...

I had the same issue. I ended up downloading and running a2HiJackFree.exe which detected all of the running processes including the bogus dialogs. You may want to investigate the legitimacy of hijackfree before you use it. All I can say is that it worked for me. There is a post HERE that says it's good to go, so use at your own discretion. After running it I selected all the entries that pertained to the "Windows 7 Recovery" virus crap and selected them for deletion along with "Delete References". Be careful what you delete though and make sure it's from the virus and not one of your "system processes" otherwise you'll be in a totally new category of "Oh $hit" ;)

Edited by selfmade64856, 26 May 2011 - 06:24 AM.

Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users