Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help! Windows Recovery hit me I can't see anything just windows blue screen


  • This topic is locked This topic is locked
17 replies to this topic

#1 Lissi

Lissi

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 03 June 2011 - 10:37 PM

I'm beside myself and so upset , I went to check my isp mail box and did not click on anything then my Avast went off and up popped Windows XP Recovery blacking out my screen...popups warning me & hiding most of my start up menu, all icons gone. I realized it was a scam & tried to run my Avast but it wouldn't let me, then I tried to go to System Restore and I got there but it wouldn't let me restore, I somehow managed to get online by using run & typing firefox so I could search on what to do....I'm sorry I didn't find this site first because I found a few sites saying to use SpyWare Doctor, it was extremely hard to see through those popups & I didn't know it cost money until after I installed it & ran a scan. Right after that my PC only a few years old which is Windows XP SP2 laptop Compaq HP turned off & turned back on leaving just a blue screen...it's the windows screen not the blue screen of death. I can log in as Admin ( the only Account I have, now I found out I should of set up a second account) but that's it I can't see a thing, I went into safe mode & tried everything but safe mode just shows a black screen with safe mode at the top & bottom nothing else...safe mode with networking does nothing, the only place I can go is command prompt but I have no idea of how to use it. Ctrl+Alt+Delete only tells me Task Manager has been Disabled.

I do have another laptop old & slow which is Windows XP but everything that is important to me is on my PC that got hit with this horrible virus/malware Windows XP Recovery . I do not have all my programs & files backed up they are all graphic art related and I don't have the money to replace them, I could kick myself to the moon if I could for not backing them up....I wanted an external hard drive but never had the money for it. I know I should of saved them to disk..but should of's won't help me now, I have always been so careful where I go online.I thought I was well protected...I see now I wasn't.

I don't know if SpyWare Doctor caused the blue screen or it's Windows Recovery. Or both

Right now I'm on my old Mac to type this since my old laptop is running so slow & I'm afraid I might get this nasty virus on it. I can use it to download anti-malware programs & burn to disk if that will help.

I did search for a solution to my problem but nothing fit so I'm posting for help.
Please, Please help me fix this...I feel it can be fixed & all my programs and files saved and unhidden.. I just have no Idea of how to do it. :-(

Lissi

Edited by Lissi, 04 June 2011 - 12:52 AM.


BC AdBot (Login to Remove)

 


#2 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:07:20 AM

Posted 03 June 2011 - 11:45 PM

i am new here so admins if i can help out great.

does the rogue app look like this?

bleepingcomputer windows recovery removal guide

if it does this link will help correct and remove the rogue app out?

also if you can post the malwarebytes log here with malwarebytes version and operating system so we can see and help further if needed.

Edited by herg62123, 03 June 2011 - 11:50 PM.

Posted Image

#3 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 04 June 2011 - 12:33 AM

i am new here so admins if i can help out great.

does the rogue app look like this?

bleepingcomputer windows recovery removal guide

if it does this link will help correct and remove the rogue app out?

also if you can post the malwarebytes log here with malwarebytes version and operating system so we can see and help further if needed.


Hi, I'm new here too. Yes that's exactly what the rouge app looks like..or looked like now it shows nothing....except the blue screen.

I did look at that link area before I posted for help, the problem is I can't download anything let alone get on the net with the infected PC. I did see I could burn to disk but will I be able to install & run from disk onto my infected PC since I can't see a thing on screen?

Not even in safe mode can I see anything, the only place I see something is in safe mode command prompt which I have no idea of how to use.
I'm not sure what to do. Thank you very much for trying to help me, it's appreciated.

#4 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:07:20 AM

Posted 04 June 2011 - 02:23 AM

Hi, I'm new here too. Yes that's exactly what the rouge app looks like..or looked like now it shows nothing....except the blue screen.

I did look at that link area before I posted for help, the problem is I can't download anything let alone get on the net with the infected PC. I did see I could burn to disk but will I be able to install & run from disk onto my infected PC since I can't see a thing on screen?

Not even in safe mode can I see anything, the only place I see something is in safe mode command prompt which I have no idea of how to use.
I'm not sure what to do. Thank you very much for trying to help me, it's appreciated.



let's start from the beginning.

what steps have you done?

did you use rkill to stop the virus already?

have you scanned the computer with malwarebytes yet?

if the answer to the above questions is yes then all you need to do is the following to get your icons back:

make sure your anti-virus program is turned off completely then,

To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

once that is done click start, in the blank area where your last programs you opened - right click and select properties. a new box will open and towards the bottom you will see 2 boxes that is unchecked - click on those boxes to put a check mark in them and then click apply, then click ok and close start window. now reopen start window and the icons will appear again.

Edited by herg62123, 04 June 2011 - 03:10 AM.

Posted Image

#5 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 05 June 2011 - 05:32 PM



Hi, I'm new here too. Yes that's exactly what the rouge app looks like..or looked like now it shows nothing....except the blue screen.

I did look at that link area before I posted for help, the problem is I can't download anything let alone get on the net with the infected PC. I did see I could burn to disk but will I be able to install & run from disk onto my infected PC since I can't see a thing on screen?

Not even in safe mode can I see anything, the only place I see something is in safe mode command prompt which I have no idea of how to use.
I'm not sure what to do. Thank you very much for trying to help me, it's appreciated.



let's start from the beginning.

what steps have you done?

did you use rkill to stop the virus already?

have you scanned the computer with malwarebytes yet?

if the answer to the above questions is yes then all you need to do is the following to get your icons back:

make sure your anti-virus program is turned off completely then,

To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

once that is done click start, in the blank area where your last programs you opened - right click and select properties. a new box will open and towards the bottom you will see 2 boxes that is unchecked - click on those boxes to put a check mark in them and then click apply, then click ok and close start window. now reopen start window and the icons will appear again.


The only step I did when I first was hit with Windows XP Recovery was download & scan with Spyware Doctor...Big mistake! I could get online then but after DL of Spyware Doctor my PC shut off & turned back on leaving me with this windows blue screen & nothing more. Now it's just a blue screen the windows screen or in safe mode black screen I see nothing at all no desktop icons or start menu.

My major question is, Can I download rkill on my clean but slow PC & malwarebyes and burn to disk then install it to my infected PC and see what I'm doing??? Will the programs show so I can install them from disk?? I have never done this before so I don't know, I have never been in this situation. :huh:

At this point I can't disable my anti-virus Avast since I can't see a thing....it's like walking in the dark without a flashlight. I feel if I could get rid of the blue screen I could see something, but I can't see to get rid of it.

Is the blue screen coming from Windows XP Recovery or is it from Spyware Doctor?? I spoke to a few PC repair places & they all were bothered by this blue screen and said they didn't feel they could fix my PC, after the prices they quoted & saying they didn't think they could fix this I decided to join here and see if I could get help so I could do it myself. I really need to get my PC fixed...I'm lost without it, this is really depressing me. :(

Thanks for trying to help me.

Lissi

#6 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 05 June 2011 - 09:01 PM

Could someone on Staff here help me please?

I'm going to try & explain this clearly. My PC is Windows XP SP2 Compaq HP, It was attacked by Windows Recovery Malware.

I managed at that time to get to run & type in firefox to get online, I downloaded Spyware Doctor..it scanned, turned out it was not free so nothing was removed. Windows Recovery filled screen with more popups saying critical this & that, my PC then turned off & back on....I was left with a blue screen, the windows screen...safe mode shows nothing. I can't see any icons, start menu....Not a thing!

What I need to know is can I download what programs I need to get rid of this on a clean PC & burn to disc then install & run from disc to my other PC that's infected?? And which programs exactly should I use?? I can't save anything to desktop or anyplace else since I can't see anything, it's all hidden and so I can't get to where it's saved.

My other question is why do I have the Windows blue screen? Is it from Windows Recovery Malware or caused by Spyware Doctor?

I would greatly appreciate help from Staff here. Thank you in advance.

#7 herg62123

herg62123

  • Members
  • 553 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:07:20 AM

Posted 05 June 2011 - 11:08 PM

sorry for my delay on responding....

What I need to know is can I download what programs I need to get rid of this on a clean PC & burn to disc then install & run from disc to my other PC that's infected??



answer: to answer your question on installing it on to a cd or flash drive and then installing it on your pc will work. i have removed this app several times now from other computers.

you will need a windows computer not infected to burn to a disk or copy to a flash drive (your choice).

I can't save anything to desktop or anyplace else since I can't see anything, it's all hidden and so I can't get to where it's saved.

And which programs exactly should I use??


answer: even though your normal icons are gone you will be able to see the icon from cd. this rogue app only hides the files that was currently on the system when it infected your pc. you will need to download rkill, malwarebytes, and unhide.exe then burn these 3 programs to your cd/dvd disk so we can move to infected pc to begin the removal.

once done insert cd that was created on non infected pc into infected pc and click start>my computer>cd or dvd drive you put in pc and run from disk.

if you cant see your cd/dvd drive then do this: click start>run>type "D:/" without the quotation marks and press enter. you should now see the contents of the cd/dvd you placed in your cd/dvd drive.

click this link: guide then scroll down till you see "Automated Removal Instructions for Windows Recovery using Malwarebytes' Anti-Malware:" and follow step by step to remove the infection. (you may want to use your older pc to open the guide up to follow or print the guide out to follow step by step removal.)

My other question is why do I have the Windows blue screen? Is it from Windows Recovery Malware or caused by Spyware Doctor?


answer: it is from the windows recovery virus program. it does this so you cant find it and remove it from your pc.



Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs

i promise it can be removed by following the instructions on that guide removal i posted above.

Edited by herg62123, 06 June 2011 - 02:18 AM.

Posted Image

#8 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 07 June 2011 - 10:45 PM

sorry for my delay on responding....

What I need to know is can I download what programs I need to get rid of this on a clean PC & burn to disc then install & run from disc to my other PC that's infected??



answer: to answer your question on installing it on to a cd or flash drive and then installing it on your pc will work. i have removed this app several times now from other computers.

you will need a windows computer not infected to burn to a disk or copy to a flash drive (your choice).

I can't save anything to desktop or anyplace else since I can't see anything, it's all hidden and so I can't get to where it's saved.

And which programs exactly should I use??


answer: even though your normal icons are gone you will be able to see the icon from cd. this rogue app only hides the files that was currently on the system when it infected your pc. you will need to download rkill, malwarebytes, and unhide.exe then burn these 3 programs to your cd/dvd disk so we can move to infected pc to begin the removal.

once done insert cd that was created on non infected pc into infected pc and click start>my computer>cd or dvd drive you put in pc and run from disk.

if you cant see your cd/dvd drive then do this: click start>run>type "D:/" without the quotation marks and press enter. you should now see the contents of the cd/dvd you placed in your cd/dvd drive.

click this link: guide then scroll down till you see "Automated Removal Instructions for Windows Recovery using Malwarebytes' Anti-Malware:" and follow step by step to remove the infection. (you may want to use your older pc to open the guide up to follow or print the guide out to follow step by step removal.)

My other question is why do I have the Windows blue screen? Is it from Windows Recovery Malware or caused by Spyware Doctor?


answer: it is from the windows recovery virus program. it does this so you cant find it and remove it from your pc.



Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs

i promise it can be removed by following the instructions on that guide removal i posted above.


answer: even though your normal icons are gone you will be able to see the icon from cd. this rogue app only hides the files that was currently on the system when it infected your pc.

once done insert cd that was created on non infected pc into infected pc and click start>my computer>cd or dvd drive you put in pc and run from disk.

if you cant see your cd/dvd drive then do this: click start>run>type "D:/" without the quotation marks and press enter. you should now see the contents of the cd/dvd you placed in your cd/dvd drive.



Question? Can I run the programs directly from disk? My start is hidden, I can't see it. Is there a way around this?

Also if there is a way, do I burn all three programs to the same disk? or should they be on separate disks?

The reason this pc is so slow I think is it's loaded with 1,000's of music files. It's acting strangely the last two days, I think I need to DL & run malwarebytes on it..I'm also thinking SpybotSearch&Destroy too, I have Spywareblaster but it won't let me update it, I need my clean pc to be in the best working order before doing anything...but I want to be sure I'm choosing the right programs first. Would I need to uninstall Spywareblaster before installing SpybotSearch&Destroy?

Thank you for clearing up about where the blue screen is from. I was afraid it was due to Spyware Doctor.

I really hope I can fix this with your help, I very much appreciate you helping me.

Edited by Lissi, 08 June 2011 - 10:21 PM.


#9 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 08 June 2011 - 11:01 PM

I tried to edit a mistake but it won't let me. I meant SUPERantispyware not the other, I'm not sure which to DL at this point. I've run my Avast 5 times and it's clean....but something's off with my old pc, it took me 15 minutes to boot up & get online...much longer than usual.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:20 PM

Posted 10 June 2011 - 04:57 AM

Have you created a log in the Malware Removal Section if so then post the link here, and if not:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#11 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 10 June 2011 - 04:29 PM

Have you created a log in the Malware Removal Section if so then post the link here, and if not:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.


Hi, Thank you for responding. I am unable to create logs since I have not run any of the programs to remove Windows Recovery Virus, I can't see anything on my infected pc to do anything.


What I badly need to know is can Rkill & Malwarebytes Anti-Malware be run directly from disk without going to Start? Start is hidden. I have a clean pc I can burn them on.

Can I run the programs from disk to my infected pc without having to save them somewhere? I cannot go to start, it's not visable. My entire screen is hidden with a blue screen the windows screen, Nothing can be seen, everything is hidden, start menu, icons, task bar etc. Nothing can be seen in safe mode either.

My other question is if I can run the Rkill & Malwarebytes Directly from disk, should each program be burned onto seperate disks?

This is all I need to know first before I can proceed. If I can proceed.

#12 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 10 June 2011 - 07:43 PM

I burned rkill & malwarebytes separately to disks. I did not open or run them on clean pc, I put in rkill disk in infected pc and Nothing shows...I thought a window would open asking if I want to run it or the disc drive icon would show, but No! the disk drive has been running almost an hour now and still the blue screen only shows.

Do I continue to have the rkill on disk run? Is it working even though I didn't click on anything? My Start does Not show. :(

Help!!

Edited to add: Now running about an hour & a half and Still just blue screen.

Edited by Lissi, 10 June 2011 - 08:11 PM.


#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:20 PM

Posted 11 June 2011 - 01:06 PM

Do the instructions and say what you can and cannot do someone will help you.

#14 Lissi

Lissi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:20 AM

Posted 11 June 2011 - 02:33 PM

Do the instructions and say what you can and cannot do someone will help you.


Hi,
I can't do anything on infected pc, Windows Recovery Virus has hidden everything behind a blue screen so I cannot see start, task bar, icons, it has also taken over my safe mode so I can't see anything, when I press ctrl+alt+delete in safe mode it says Task Manager has been disabled. The only place I can go in safe mode is command prompt and see white text on black screen, but I don't know how to use it.

Is there something I can do through command prompt in safe mode?

I downloaded Rkill & Malwarebytes onto seperate disks on my clean pc & put Rkill disk into infected pc, no window popped up in front of the horrible blue screen to let me run it though the disk drive was running...I ran it almost two hours but since no window ever popped up I ejected the disk. I also tried to run Rkill on disk through safe mode, that didn't work either.

Would a flash drive work? I don't know if the window on a flash drive will show in front of the blue screen so I can run Rkill & then Malwarebytes. That blue screen is giving me nightmares!

Please help & advise me what I can do...I really need my infected pc working again, it has all my graphics software on it that I work with. Thanks.

Edited to add: I forgot to mention my screen saver is working, it kicked in while trying to run Rkill from disk without success.

Edited by Lissi, 11 June 2011 - 03:00 PM.


#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:20 PM

Posted 11 June 2011 - 09:29 PM

Can you perform a ctrl+alt+del to bring up taskmanager to start a new task?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users