Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Windows XP/Vista/7 Recovery" Virus...Reversal App


  • Please log in to reply
1 reply to this topic

#1 Fenix Studios

Fenix Studios

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 04 June 2011 - 12:51 AM

Hi all,

Just wanted to submit my utility for mod approval:

Undo the changes that Rouge AntiVirus called "Windows XP/Vista/7 Recovery" makes after removal. This is the same malware that hides all your desktop icons, and empties out your start menu.

RAV Rescinder
pass for WinRar Archive: f3n!X5t(_)d10S


Boot computer in safe mode with networking using F8 before windows loading screen.
Download and install Malwarebytes to remove (it gets into [SYSTEM VOLUME INFORMATION])

Stage 1 of command line utility resets all "hidden" attributes using attrib.
Stage 2 restores all Start Menu, Quick Launch Shortcuts from Temp dir.
Stage 3 resets known registry modifications by this bugger.
Fin.

EDIT: After doing research, I have found that activating the malware with a key of 8475082234984902023718742058948 makes it go into a reversal mode. It unhides all files, restores desktop links, and allows you to right click on its icon and "Quit". There are a few minor registry changes it doesnt change back, nor does it remove itself...just a "developer" mode//uninfection mode.

Edited by Fenix Studios, 04 June 2011 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:58 PM

Posted 06 June 2011 - 12:09 PM

Our staff has reviewed this topic and the fix tool indicated above. RAV Rescinder does not do anything that unhide.exe does not do in some manner. If not familiar with unhide.exe, please see this example guide which includes instructions (Step 17).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users