Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Windows XP Recovery


  • Please log in to reply
4 replies to this topic

#1 lily1

lily1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 June 2011 - 12:41 PM

My computer was attacked by this virus. I have tried to run the RKill several times from several links as provided by Grinier in your website. But nothing is working. The black screen is still there and the fake warning signs are coming up. Please help.

Edited by hamluis, 06 June 2011 - 01:40 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,545 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:12:10 AM

Posted 06 June 2011 - 12:47 PM

Hello and welcome to the forum!

RKill is not the only tool you need to remove this beast.
Remove Windows XP Recovery

Please follor the instructions in the link to remove it.
In the beginning there was the command line.

#3 The Bobster

The Bobster

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 June 2011 - 01:19 PM

I acquired the XP recovery virus. I killed the nasty antivirus popups but got stuck with the icityfind redirects when search engines are used. It seems to load other nasty viruses on the redirects. I killed an additional two antivirus XP variations, one of which popped up while I was running in the safe mode.

As per your instructions, I ran rkill, which only seemed to shut down Yahoo Messenger. I renamed TDSSKiller to 1234.com but it will not run. Malwarebytes can't find anything. Should I retry this from the safe mode?

At least I got my hidden files unhidden using your instructions, but my printer spooler file is now missing.

#4 lily1

lily1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 June 2011 - 01:20 PM

I tried to follow the instructions on that guide but it seems that since RKill is not running, I can not go to the next step.

#5 The Bobster

The Bobster

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 06 June 2011 - 03:47 PM

I tried running TDSSKiller from the safe mode after running RKill, which found nothing. The screen flickered and then nothing. Could this damn virus be affecting the download, rendering TDSSKiller inoperable?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users