Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Recovery removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 GFilkins

GFilkins

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 30 May 2011 - 05:05 PM

Hello,

My daughter asked me to take a look at her Gateway laptop yesterday and when I saw the "Windows Vista Recovery" window after booting, I suspected it was malware but have been a little surprised at its resiliency. I've been to the Windows Vista Recovery self-help page located at http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery and that page ultimately led me here. I cannot launch any programs (or even see them) by clicking on an icon or file in Windows on her system in either standard or safe modes. The system comes up with a blank desktop except for Internet Explorer and I've not bothered testing that. I *can* get to a command prompt and was able to run rkill as well as tdsskiller. Tdsskiller acted initially as if it had done something useful but all indications from a usage standpoint tell me it wasn't enough. I was also able to run rkill and each time it runs, the report is blank in terms of naming what it says was stopped (if anything). It's worth noting that while rkill doesn't effectively report names of programs or processes halted, it DOES manage to make the otherwise unstoppable "Windows Vista Recovery" window go away.

I can get Windows Explorer to launch but it's not permitted by the beasties to show me any folders or files -- which was what sent me to the command line. I've been using a Knoppix Live-CD to do actual file transfers with a USB stick so I could load and run defogger.exe, dds.scr and gmer.exe. I'm posting this from my own PC while the laptop rests between bouts.

It's also worth noting that I was able yesterday to install MalwareBytes but have NOT been able to get it updated as all such attempts are promptly shut down by the malware. It will run and scan but reports not having found a problem.

Per the instructions on this page -> http://www.bleepingcomputer.com/forums/topic34773.html, I'm attaching the logs from dds.scr and gmer.exe.

Any guidance will be most appreciated ...

Attached Files



BC AdBot (Login to Remove)

 


#2 GFilkins

GFilkins
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 02 June 2011 - 04:55 PM

Hey Gang ... I realize how buried you are right now so I sucked it up and did some intense studying of the guidelines for similar infections here and so far as I can determine, the laptop is now clean and sober again. I wanted to add this post so you can safely close this request and move to the next person who's likely needing the help more than I currently do.

I also want to say a huge thanks just for having this forum ... I have to give credit where it's due and without the diagnostic tools and inferred information on what to look for scattered through each trouble shooting thread, I'd still be biting my nails. Thanks again !!

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:51 PM

Posted 02 June 2011 - 05:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users