Posted 25 August 2012 - 08:05 PM
I am attempting to help a friend who has been hit with the "File recovery" virus. We are working through the instructions on the Bleeping Computer website, but in the meantime I have an ancillary question. A couple of weeks ago, my friend's computer was infected with the 0access rootkit, and I advised her to get her hard drive reformatted and reinstall windows from scratch. She did this, and the first thing she did when she got her computer back was to install Microsoft Security Essentials, Malwarebytes Pro and Online Armor Free. The only files that have been reinstalled on the computer from its previous state are her Outlook data files and her backed up Microsoft Word documents. Since getting the computer back she has been extremely careful in her computer use - no random browsing, and only using it for work related matters.
Now that this "File Recovery" virus has manifested, the question is how it got on her computer. My suspicion is that the computer person she took her PC to did not actually do a complete reformat, but instead did a "repair" and charged her for a complete reformat. The only other option seems to be that the virus was lurking within her Outlook data files, or her Microsoft Word documents.
Can anyone offer an opinion on which of these options is more likely?
The computer person she took her computer to is one of those classic backroom shops, staffed by young guys with very poor English, who are probably overseas students making some money while studying. These places can be great, but they can also be the opposite. I was suspicious when my friend got her computer back from the alleged reformat. When she started it for the first time it went to a screen saying something along the lines of "Do you want to repair or restore?" I'm no expert, but that's not a message I would expect to get after a correctly executed reformat and reinstall.
I would appreciate any advice. It is a difficult process trying to help my friend, because I live in Adelaide, South Australia, and she lives in Sydney - over 1,000 miles away. So it is all done over the phone.
My immediate concern is to get rid of this "File Recovery" problem, so that she can access her latest documents, which have not been backed up. Then my suggestion will be to take her computer to a more reputable business and get the complete reformat and reinstall of Windows done again.