Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"File Recovery" malware: multiple symptoms


  • Please log in to reply
3 replies to this topic

#1 gatorback

gatorback

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 12 August 2012 - 10:00 AM

A WinXP box is a victim of "File Recovery" malware. I have attempted to keep it brief and concise: actionable guidance is appreciated. Thank you.

Observations \ Current Symptoms:
* Bootup sequences continually loops back BIOS boot sequence
* Safemode bootup is the only viable bootmode
* "File Recovery" pop-up no longer active
* Most,if not all, files are unhidden
* ipconfig is not available: unable troubleshoot network (ethernet) connection

Actions Taken
* attrib -h /s /d
* rkill
* unhide.exe
* failed: attempt to install \ run MBAM
* failed: attempt run TDSS killer

Edited by hamluis, 12 August 2012 - 11:11 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:56 PM

Posted 12 August 2012 - 11:39 AM

Is it rather "Data Recovery"?
If so see here: http://www.bleepingcomputer.com/virus-removal/remove-data-recovery

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 gatorback

gatorback
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 13 August 2012 - 12:01 PM

I am pretty sure it was File Recovery as shown here.

I suppose I could try the data recovery procedure.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:56 PM

Posted 13 August 2012 - 12:15 PM

Oh, OK here you go: http://www.bleepingcomputer.com/virus-removal/remove-file-recovery

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users