Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File recovery virus help


  • Please log in to reply
1 reply to this topic

#1 skypilotpete

skypilotpete

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, South Australia
  • Local time:01:41 AM

Posted 25 August 2012 - 08:05 PM

I am attempting to help a friend who has been hit with the "File recovery" virus. We are working through the instructions on the Bleeping Computer website, but in the meantime I have an ancillary question. A couple of weeks ago, my friend's computer was infected with the 0access rootkit, and I advised her to get her hard drive reformatted and reinstall windows from scratch. She did this, and the first thing she did when she got her computer back was to install Microsoft Security Essentials, Malwarebytes Pro and Online Armor Free. The only files that have been reinstalled on the computer from its previous state are her Outlook data files and her backed up Microsoft Word documents. Since getting the computer back she has been extremely careful in her computer use - no random browsing, and only using it for work related matters.

Now that this "File Recovery" virus has manifested, the question is how it got on her computer. My suspicion is that the computer person she took her PC to did not actually do a complete reformat, but instead did a "repair" and charged her for a complete reformat. The only other option seems to be that the virus was lurking within her Outlook data files, or her Microsoft Word documents.

Can anyone offer an opinion on which of these options is more likely?

The computer person she took her computer to is one of those classic backroom shops, staffed by young guys with very poor English, who are probably overseas students making some money while studying. These places can be great, but they can also be the opposite. I was suspicious when my friend got her computer back from the alleged reformat. When she started it for the first time it went to a screen saying something along the lines of "Do you want to repair or restore?" I'm no expert, but that's not a message I would expect to get after a correctly executed reformat and reinstall.

I would appreciate any advice. It is a difficult process trying to help my friend, because I live in Adelaide, South Australia, and she lives in Sydney - over 1,000 miles away. So it is all done over the phone.

My immediate concern is to get rid of this "File Recovery" problem, so that she can access her latest documents, which have not been backed up. Then my suggestion will be to take her computer to a more reputable business and get the complete reformat and reinstall of Windows done again.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:11 AM

Posted 25 August 2012 - 08:43 PM

It's hard to say for sure what really happened there but this:

When she started it for the first time it went to a screen saying something along the lines of "Do you want to repair or restore?"

...would indicated that they didn't perform clean Windows installation.

We can run some checks but the best way to do it is to get your friend on this board and deal with him/her directly.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users