Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Data Recovery Smart HDD Virus - Suggested Fix NOT working


  • This topic is locked This topic is locked
3 replies to this topic

#1 notapcgenius

notapcgenius

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 25 June 2012 - 06:28 PM

Hello - I had the data recovery virus once before and was able to remove it without any trouble. Unfortunately, I haven't been so lucky this time around with the 'smart hdd data recovery' version - 2 different security programs/operating systems have let this attack my computer and I'm getting so frustrated!

At any rate - here is the basic 'background' info I can give you - I'm on a hp laptop running vista. My start menu is blank, files were hidden (I unhid the desktop/folders for now, but didn't bother fixing the start menu till the virus is gone), internet capability is disabled due to this virus. I have a wireless connection and it won't let me connect at all - not even unsecured. I do have a different, working pc - so I can copy files to/from USB drives.

I tried the suggested fix for removing this virus and have not had any success. I had to run a 78 day 'outdated' version of malwarebytes b/c of the fact I can't connect to the internet - it came back clean. Kaspersky tdss comes back clean... I still have the 'data recovery' shortcut on the desktop, it made an icon in my task tray, the program only runs and displays errors if I am online (not possible now) or if I actually 'opened' the program. I still see the bogus files in the program data folder. Each time this 'fake' program runs, it creates another version in the folder...so I renamed them to keep tabs on them since the names are not easily remembered. Other than that, I haven't messed with anything else.

At this point I'm wondering if I can just 'delete' the program files, remove the registry files pertaining to this virus (as listed on various virus removal threads) & restore my hidden files? Another suggestion which I read about, but did not attempt - someone claims you can actually 'register' the fake program and then 'supposedly' get your computer working enough to be able to clean it up. The thought of this is a bit scary, so I'm waiting for advice first!

I have no idea where to go from here and hope someone can help me...pretty, pretty please - it would be the best birthday present I could ask for!! B)

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:27 PM

Posted 25 June 2012 - 07:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:27 PM

Posted 28 June 2012 - 02:27 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 notapcgenius

notapcgenius
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 29 June 2012 - 11:10 AM

My link

Hello - yes I am still here and needing help - I did as directed and created a new post with the log I could generate. That post hasn't been responded to. I'm including the link again (above).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users