Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Recovery virus - think it's gone but not sure


  • Please log in to reply
7 replies to this topic

#1 quisait

quisait

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 28 June 2011 - 03:15 PM

Hi Folks

I'm new here and I found the site because this morning I got infected by the Windows Vista Recovery virus :angry:

Firstly, I hope that this is the right place to be posting this!

As far as I can see, I seem to have got rid of that virus. However, I am still suspicious that something may still be lurking as when I go to Google the top bar where you find Web; Images; Video; Maps etc is black on my PC but white on my wife's.

Looking at each of the hyperlinks, I can see nothing untoward but I'm edgy after this morning.

I've tried the RKill software and according to that there were no malware issues running. I got my desktop back by running system restore.

Am I safe? Everything appears fine apart from when I tried to update my AVG it gave a "general error", so I went and downloaded the new definitions from their site and added them in manually.

Thanks for any help.

Jools

Edited by quisait, 28 June 2011 - 03:16 PM.


BC AdBot (Login to Remove)

 


#2 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:11:08 PM

Posted 28 June 2011 - 03:20 PM

first of all you need to download malwarebytes antimalware which is found here
however if you cannot get to the site on your computer you will need a cd or flash drive and you will need to put the installer on the cd or the flash drive after thats done install malwarebytes antimalware and update it then do a quick scan with it then post the log it gives you here
how ever if you can not run it in normal mode boot into safemode and run the scan
How to boot into safemode? one reboot the computer then keep pressing f8 softly untill it gives you the option to boot into safe mode and selete the one with safe mode with networking


Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#3 quisait

quisait
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 29 June 2011 - 02:06 AM

Thanks for this. I've got the software installed and updated it this morning. Here are the results:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6974

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18702

29/06/2011 09:05:05
mbam-log-2011-06-29 (09-04-52).txt

Scan type: Quick scan
Objects scanned: 160515
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Doudou\AppData\Local\Temp\tmp8371.tmp (Trojan.FakeAlert) -> No action taken.
c:\Windows\Temp\javA2AD.tmp (Trojan.FakeAlert) -> No action taken.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:08 PM

Posted 01 July 2011 - 05:58 AM

Hello,

please follow the steps in this guide: http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery

As you've already installed MBAM, you need not install it again. Just update and run a scan as directed in the guide.

~Blade

Edited by Blade Zephon, 01 July 2011 - 05:58 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 quisait

quisait
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 01 July 2011 - 10:20 AM

HI there

Can I ask why I need to install it again?

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:08 PM

Posted 01 July 2011 - 05:37 PM

Hello,

You misread; you do not need to install it again. :)

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 quisait

quisait
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:08 PM

Posted 02 July 2011 - 01:31 AM

Cool! Thanks for that :d

All i have to do now is work out why the fan on laptop runs like a 747!

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:08 PM

Posted 02 July 2011 - 07:58 PM

That would be a question to ask in our Internal hardware forum. . . not likely related to malware.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users