Windows Vista Recovery malware - help please?

May 29, 2011 at 06:37:57
Specs: Windows Vista
This is a complicated one to explain, and I'm almost a total computer novice, so please be kind!

I'm usually very alert to any kind of virus but unfortunately one got through the net last night and boy, it did a LOT of damage. Listed below are the problems I can see:

-desktop background vanished
-ALL my files and programs vanished, absolutely everything
-pop-up instantly appeared upon logging into Windows, prompting me to buy some Windows Vista Recovery rubbish, would not close or minimise.
-continuous pop-ups warning me of critical memory shortage and hard drive errors, telling me that files had been lost or deleted, etc.
-computer would sporadically restart without instruction from me
-unable to find or open any programs, IE etc

System Restore did nothing, it said the restore points had been corrupted or something so it wasn't able to complete the task, and now all my restore points have vanished.
Fortunately, I managed to get an IE window open somehow and downloaded Malwarebytes. Ran a quick scan (it was all I had time to do before the virus shut down the computer again), deleted everything it found, which seemed to lessen the virulence of the malware somewhat, then I was able to run a full scan. I deleted everything that scan found too, but it has not fixed all the problems.

-the missing files and programs did not return
-my desktop was still blank
-I still have some kind of adware present in IE that redirects me to a spam/advert website every other time I click on a link or attempt to go to any website
-no audio in Youtube or other online videos, although audio works fine in iTunes and my own video files
-all the programs that used to be in the Start Menu or accessible from 'All Programs' in the Start Menu, are not showing up there anymore. I have pinned the programs I can find to the Start Menu, but isn't there some kind of reset or restore defaults setting that would get them all back? I can't remember them all to go hunting for them.
-computer generally running very slowly, freezes a lot etc.

I managed to superficially fix some of the issues myself (though I have no idea if I did it right or not!). I found that a lot of my files and programs had been set to hidden, so I undid that to the best of my ability, though I didn't actually know which files are usually/supposed to be hidden, and which are not, and it is not apparent to me from every filename what that file actually is, unless it's obvious ('calc.exe' etc.). I knew enough not to delete anything in system32.

I un-hid the entire Windows Folder (took about an hour!), Program Files, plus all my documents, pictures and music. I also located some of the missing programs (like Paint and Calculator, Yahoo Messenger etc.) in system32 and created shortcuts to them, so I can access them now, and as far as I can tell, they still work.

I downloaded AdAware and ran a full scan in an attempt to get rid of the adware, but it didn't pick up anything. I then downloaded Norton Security Scan but again nothing was picked up. I tried reinstalling Adobe Flash Player, Shockwave, Quicktime and Java in order to fix the no-audio problem, but none of them worked. I've checked all my volume settings and they all look fine. It could be a codec problem, I had all the correct ones before the virus but I don't know how to check if my codecs have been deleted or hidden.

I am also a little concerned that there may be other hidden files that need un-hiding to avoid further problems caused by the virus, or that I have unhidden some that need to remain hidden!! Obviously there are about a million files concerned here, so I don't expect anyone to give me a comprehensive list, but a list of the most pressing do's and don't's would be very much appreciated.

Also if there is any way besides System Restore to get my computer back to the way it was before the virus hit, or at least reverse all the file changes that it performed, that would be great! And finally, I'm not entirely sure that the virus has been destroyed, it doesn't seem to still be present (except for the annoying adware problem), and I've deleted the 'Windows Vista Recovery' folder just to be certain, even though it was already showing as empty (I suppose due to Malwarebytes deleting all of its content?).

A big thankyou to anyone who is still reading after all that!

See More: Windows Vista Recovery malware - help please?

Report •

May 29, 2011 at 07:54:53
You have hostage-ware. This one is tough, but you can do it. Try this
I know you have run a similar product. This one is free as well. They are all a little different. Be sure to update the definitions and then run the tool.

Here they recommend you buy their tool, but the page has what the virus does at the bottom.

Everyone is going to try and sell you software. That is the point of hostageware; forcing you to by a product. There are free solutions.

If you start editing the registry, make a backup and be absolutely sure to double check every keystroke. Holler back if you need / want more assistance.

Report •

May 29, 2011 at 09:13:58

Report •

Related Solutions

Ask Question