I have WindowsRestore virus in my machine

April 30, 2011 at 02:40:10
Specs: Windows Vista
WindowsRestore virus has blanked out all my files, such that they have disappeared. What can I do?

See More: I have WindowsRestore virus in my machine

Report •


#1
April 30, 2011 at 18:51:46
If downloading files to the infected computer is not possible, access a clean computer and transfer files to the infected computer using a USB flash drive, or other removable media (CD/DVD, external drive).

Now, download one of these files: iExplore.exe or eXplorer.exe. They are renamed copies of RKill:
http://www.bleepingcomputer.com/dow...

Save the file to the Desktop, and double-click on it. (For Vista/Windows 7, select: Run as Administrator)

(If you cannot find the iExplore.exe icon that you downloaded, you can also execute the program by doing the following steps based on your version of Windows:

For Windows 7 and Windows Vista, click on the Start button and then in the search field enter %userprofile%\desktop\iexplore.exe and then press the Enter key on your keyboard. If you Windows prompts you to allow it to run, please allow it to do so.

For Windows XP, click on the Start button and then click on the Run menu option. In the Open: field enter %userprofile%\desktop\iexplore.exe and press the OK button. If you Windows prompts you to allow it to run, please allow it to do so.)

If you get a message that RKill is an infection, just ignore it. If you run into infections warnings to close RKill, leave the warning on the screen and run RKill again.

If you encounter problems running RKill, download another renamed version of RKill from its download page.

Do not reboot your computer after running Rkill!

Next, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program. (For Vista/Windows 7, select: Run as Administrator)

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click <Remove Selected

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.


Please post the Malwarebytes log in your reply, and we will determine if any further action is necessary.

This infection may hide all the files on your computer. To make files visible again, download the following program to the Desktop:

Unhide.exe:
http://download.bleepingcomputer.co...

Double-click on the Unhide.exe icon on the Desktop and allow the program to run.

Unhide.exe removes the Hidden attribute from the files on your hard drive. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.



Report •
Related Solutions


Ask Question