Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows 7 Recovery

  • Please log in to reply
No replies to this topic

#1 S_Bklyn


  • Members
  • 2 posts
  • Local time:07:51 PM

Posted 10 June 2011 - 08:08 PM


I'm running a Windows 7 computer that seems to be infected with Windows 7 Recovery Virus. It looks just like the screenshot here: http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery I have many of the symptoms described.

I've bouncing between a few different posts/self-help pages and could use some advice on which I should be following. Here's what I've done so far:

I ran rkill (which I had on my computer from a previous issue), which stopped a few processes that didn't seem normal.

Then I did a full scan using malwarebytes. It found one file, which is now deleted. I then ran TDSSKiller, which didn't find anything.

Based on instructions in this post, which seemed similar, I downloaded SuperAntiSpyware, restarted in Safe Mode, and am now running a complete scan. It has so far finished the main hard drive (found 90 threats) and is going through an external drive now.

So, the reason I'm not sure what to do next is that the instructions on http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery seem to end at the malwarebytes scan, but SAS is clearly finding some threats that mbam did not. Not sure where to go from here. I have not taken the DDS and GMER steps yet and not sure if those are necessary. I have not run the unhide.exe yet either.

I'm afraid I've done this all out of order. Please let me know what logs I should post/attach to make this easier to get help.

Also, I'm tempted to skip the scan of the rest of the external hard drive, which is going to take forever, and maybe do another scan later. Any thoughts on that? Thanks, in advance, for guidance.

Update: SAS completed and quarantined or deleted the threats. I rebooted normally, per SAS's instructions, and then ran unhide.exe. I fixed my desktop, etc.

It all seems to be working okay, except the shortcuts in the start menu are still missing. unhide.exe gave me a message when it was done to the effect of 'if start menu items are still missing, temporarily disable your Antivirus or security program and try running again" I did disable my McAfee antivirus and ran unhide again, but that didn't work. Maybe I have to shut down some other McAfee component--will investigate that more tomorrow.

Is there anything else I should be doing, here? I think one instruction for GMER said it doesn't work with 64 bit (that's me), so I'm not sure what's next, if anything.



Edited by hamluis, 11 June 2011 - 11:03 AM.
No logs, merged posts, moved from MRL to AII.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users