Windows Recovery virus – how to get rid of fake WindowsRecovery manually

Windows Recovery is another virus (a fake rogue software) which claims to be a powerful windows and system security tool. Windows Recovery tool is a clone of Windows Safemode virus and System Diagnostic virus. All these softwares (including Windows Recovery) are bogus and useless. Windows Recovery is a scamware thats wants you to pay for its full version to protect your system from damages caused by viruses and spywares, Remember, Windows Recovery virus has no ability to detect and remove viruses or fix windows problems but it is a virus itself and it is a dangerous threat for your pc.
fake windows recobery virus Windows Recovery virus   how to get rid of fake WindowsRecovery manually

Just like other rogue spywares, WindowsRecovery virus uses the fake alerts and warning messages to scare user. It displays bunch of fake critical errors telling you about hard disk error, problem with RAM, System restore problem and many other errors. Mostly Windows Recovery virus attacks with fake hard disk drive errors. It may warn you of no disk found, or low disk space, or damage hard drive or something else. for example:

Fix Disk
Windows Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can’t find hard disk space. Hard drive error

Remember! All these warning messages and alerts displayed by Windows Recovery virus are fake. This program is specially designed to extort your money by offering you to buy its fake system security and optimization products. You should ignore these warnings, avoid buying this program, avoid its installation and immediately remove it from your computer upon detection.

How to remove Windows Recovery virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Windows Recovery processes:
[random name].exe

Disable Windows Recovery DLL files:
[random name].dll

Delete Windows Recovery Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

Delete Windows Recovery files:
%AllUsersProfile%\~[random]
%AllUsersProfile%\~[random]r
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random]
%AllUsersProfile%\[random].exe
%UserProfile%\Desktop\Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\
%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk

Auto Removal

To remove this virus Automatically, We suggest following tools:

Super Anti Spyware (Download)

OR

Malware Bytes Anti-Malware (Download)


Comments

  1. Joel says:

    Hi, I seem to have this exact same virus/malware on my computer.
    It showed up last night, and within minutes completely disabled my hard drive, preventing me from using any antivirus/spyware programs to scan my computer. It brought my computer to a grinding halt, and gave me an error message when I tried to open task manager.

    This was last night, and today when I had another go at getting around it, after 20 minutes of web browsing my computer simply shut down, and now will not start back up again. It gets to the boot screen and says No boot disc, or no Hard disk.
    At this point, I cannot get past this screen, nor can I get as far as starting in safe mode.

    I am wondering if there is anything I can do to fix my computer, or to so much as get it to boot up into windows so I can install an anti-malware program immediately?

  2. Matt says:

    I am having a similar problem. I had the same virus/malware on my computer and I thought I got rid of it by following a removal guide and everything was going great until I restarted my computer and now I get the No boot disc, or no Hard disk error and cant get past this screen.

  3. friend says:

    You shouldn’t do it manualy if you are not sure what you are doing

  4. rob says:

    FYI, i downloaded malwarebytes anti-malware and then followed Steve’s advice, using the attrib *.* commnand in dos to unhide my files. thanks bud.

  5. Jeremy says:

    Just got this virus myself. My computer is denying me to open malwarebytes. I even named it something different when I saved it and when I try run the program it gets denied. I’m trying to get into dos to run the attrib command, but it doesn’t give me a run option when I enter the start menu to get into dos. anyhelp will be appreciated. this thing is a pain.

  6. Jeremy says:

    Ok, i figured out malwarebytes needed to be uninstalled and then downloaded again. I ran the quick scan and now all the pop-ups and false alarms are no longer on my system, but my desktop is still black and all I have on my desktop is malwarebytes, none of my other programs.

  7. Don says:

    I have removed this thing from many computers…
    download a program called unhide and run it in safemode first..
    this will recover all the hidden files and folders so that Malwarebytes can do it’s thing.

  8. John says:

    Don,

    Thanks for your knowledgable comments.

    I got the Windows Recovery virus late Wednesday night, don’t know how. Was at all the websites I usually go to.

    I’m using spynomore.com software right now, it’s scanning. Do you know about this software? What do you think.

    In case it doesn’t work, trying to find the – Unhide – program, but can’t locate it. Would you have a link?

    Thanks

  9. Jose says:

    Jeremy you have to unhide your programs.

    Do Following:

    1. Go to My Computer
    2. Click on C, then Document and Settings and go to your user profile.
    3. Right click on it and go to properties (Make sure hidden is unchecked)
    4. Then go to tools at the top and then folder options
    5. Click on View tab, make sure “show hidden files and folders” is checked.
    6. Hit Apply and then OK
    7. Back in the folder hightlight all of them and right click for properties and uncheck Hidden.

    You should be good once that is done.

  10. Marcella says:

    How do I unhide them for Windows XP? It currently has them with a little green box and read only.

  11. Craig says:

    I ran malwarebytes and it got rid of windows recovery but, all the files on my hardrive are gone. Any idea how to get them back? Are they deleted or hidden? Thanks ahead!

  12. Allan says:

    I ran malwarebytes and it got rid of windows recovery but, all the files on my hardrive are gone. Any idea how to get them back? Are they deleted or hidden??

  13. John says:

    If you are missing your programs try the following. The program files are probably hidden. go to C:\Documents and Settings\All Users\Start Menu and right click and select propeties. Uncheck the box by hidden under Attributes. You may also need to do this for each user login under Documents and Settings. Hope this helps

  14. Samuel says:

    My Malware Bytes Anti-Malware deleted 3 items but the Windos Recovey still exist. I tried to scan it again, but the software did not detect any thing. Samething as AVG. What can I do?

  15. Chris says:

    At the moment I can’t access the Documents and Settings folder, access denied!
    While I think I have got rid of most of the virus, these lingering after effects are just as frustrating.

  16. baz says:

    Just got the windows recovery virus. I am running on xp, using windows security essentials which has located the threat and deletes however everytime I reboot it returns. What should I do? Has anyone used super anti spyware as recommended on this page.

  17. rtg says:

    Please can anyone advise on getting rid of the fakew windows recovery window, it appears in middle of screen ‘on top of’ everything else and I can’t minimise or move it. Because of this I am unsure how to use and windows that appear ‘behind’ it…? Thank you, and ta for all the other advice on getting rid of this.

  18. Ritu Sharma says:

    AWESOME !!!! THANKS A LOT !!!
    As suggested here, I was able to remove this virus by downloading XOFTSPYSE from Paretologic (paid $39) and then following Steve’s advice I was able to get back my hidden files. ONCE AGAIN THANKS GUYS.

  19. dave says:

    I located the virus, however I am not allowed to delete it! This is my personal computer so no permission should be required. If anyone had an idea to remove that file it would be great! Thanks

  20. bav says:

    Okay I think I’ve finally got rid of it.. I completed windows essential security scan.. which found 3 threats, I then downloaded malwarebytes which located 3 more.. I’ve reported and all signs look good, program icons have reappeared in start up menu… doin another windows essential scan now after rooting again and so far so good…

  21. Melissa Folse says:

    I did all this stuff and I am really appreciative BUT my desktop is still kind of wonky and my computer is still really sluggish. I am also getting a driver error. Has anyone come across that and how did you guys fix it?

  22. Carina Cisneros says:

    Neither one of the auto fixes listed above in the original article (“To remove this virus Automatically … Super Anti Spyware (Download) OR Malware Bytes Anti-Malware (Download)”) will by itself remove Windows Recovery. The redirecting of websites and search results, and random audio playing from select websites, returns within an hour or reboot – as well as the Windows Delayed Write errors for websites not visited and IE errors which display even though IE is not running.

  23. aa_gangchen says:

    Dave,
    You can rename the virus file from (your-random-number.exe) to (your-random-number.bak), turn off and then turn on your computer by hand, and you should be able to delte it. That is what I did and it overcame the permission problem.

  24. Jim says:

    just got rid of the virus using the pc tools. rebooted and still cant find the files. When i go to my computer/C drive, it comes up blank so I cant unhide. Any ideas?

  25. Logan says:

    I’ve tried to follow the instructions, but when I try to run it in safe mode, it freezes with some files written on the screen. Do I run it in safe mode with command prompt or with networking?

  26. Jim says:

    it still shows task manager disabled by your administrator. i am the admin. any ideas?

  27. aa_gangchen says:

    The following chat between me and my Yahoo tech support may help you soft the problem of slow computer also.
    Gang Chen: I had an windowsrecovery virus yesterday, and I deleted the virus exe file manually myself, but after the infection, my Yahoo account will log out automatically every 5 minutes even though I chose to log in for 2 weeks, how can I fix this so that my yahoo mail will stay log in for 2 weeks like I used to do before?
    Lourd: 1. Choose “Internet Options…” from IE’s Tools menu.
    Lourd: 2. Click on “Delete” under “Browsing History”.
    Lourd: 3. Click on “Delete All” at the bottom, and choose “OK” if prompted.
    Lourd: Just let me know if you are able to follow.
    Gang Chen: It is clearing them now.
    Gang Chen: Done clearing.

  28. Logan says:

    I have the same windows recovery virus on my computer. I cannot use windows task manager, I am always getting redireted to other sites when trying to find a solution. And the program pops up when i start my computer and i cannot close the program. My computer will not run in safemode it freezes upon start-up when I select safe mode. But it will run on regularly. I have no clue how to get rid of it. Can someone please help me??

  29. Brian says:

    I found that when i started in safe more i was able to search for my programs that were hidden. I first had to exit my help dog or whatever you want to call it then click search in the toolbar. But malwarebytes seemed to do almost nothing for this virus. I managed to end a lot of the problems by using these steps but there are still lingering issues. Random audio is play whenever it likes, and internet explorer error messages still keep popping up. Also once i unhid my files, they appear slightly opaque. ALSO when i search certain things to try to find other help it redirect me to pages that seem to be part of the virus. Anyone else having these problems?

  30. sandy says:

    Was able to unhide files but can only run malwarebytes in safe mode and it does not find the virus. How can you identify the (random) name and location of the virus and processes?

  31. Tom says:

    Guys: I did a windows system restore and got rid of it. If you can get to that it’s far easier than these other approaches

  32. MikeC says:

    the last step on this process should include running combofix. most likely you all have a root kit. i am a network support specialist and had a client with this virus. it was a nightmare. if you get to a point where you have your files viewable and the spawned program (.exe) that runs when you start has been deleted or renamed run combofix. i bet you have a root kit. get combofix from bleepingcomputer.com. i ran it in safe mode. the first time i ran combofix the virus would cloak the root kit and the pc was still wacked. when i was able to get the .exe removed combofix immediately deteced a root kit and rebooted and removed it. good luck.

  33. Terri says:

    I was able to drag the pop up window all the way to the bottom of my screen to access my other applications. I was able to recover my missing desktop icons and utilize my computer.

  34. aa_gangchen says:

    Do a Google search on how to unhide ALL you files on C: Similar to the following:
    Show hidden files

    Follow these steps to display hidden files and folders.

    Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

    Click the View tab.

    Under Advanced settings, click Show hidden files and folders, and then click OK.

    and
    then follow Steve’s instruction below to rename the virus file first and then turn off and turn on your computer to delete it after you turn on the computer:
    Not sure about doing the stuff above, but I got this virus today and got rid of it on my own. What it does is it HIDES all your files, so you have to unhide them (and delete the program). That’s why your computer can’t run your normal virus scanner etc., it can’t find them. I got rid of it (on Windows 7 Home Premium) by starting in safe mode, then doing what it says on this page to unhide all files on the C drive www. infodotnet.blogspot.com/2007/12/windows-attrib-showing-hidden-files-by.html , then deleting the virus itself, which, on my computer, had been put in C:\programdata – specifically, C:\ProgramData\45408008.exe. I have a feeling that numbered .exe file is different on different user’s computers, so you’d just look for any new executables that have been added recently to C:\Programdata and remove them.

  35. aa_gangchen says:

    You can start in normal mode and rename and delete the virus file, no need to start in safe mode.
    It may be a good idea to download and install the MS Window patch after you delete the virus. This seems to help me stabilize my computer after deleting the virus.

  36. beth says:

    Hi all- My daughter got this Windows recovery Virus on her toshiba laptop. I ran Adaware which seemed to get rid of her problem but all her stuff was still gone. I started in safe mode but did not understand the link posted for onfodotnet and so just unhid all files (even the ones that should be hidden!) I ran adaware again but it found nothing new. Her icons on the desktop work but are all grayed out – is this an unfortunate by product that she just has to live with?
    I also found the exe file by following the path from the shrtcut on the desktop (after unhiding all the files it popped up) I just deleted it, is that enough?
    Is there anything else I should be doing?
    Thanks so much for all this wealth if info!!

  37. devind says:

    I just had gotten this virus and am very thankful to the above entries on how to un-hide my documents. I had bought Stopzilla but this Windows recovery has somehow blocked access to the internet so I cannot enter my registeration key, diagnosing the connection problem showed no networking errors and my networking shows that I am connected to the internet but I keep getting the Internet Explorer cannot display message when I bring up the browser, any help will be greatly APPRECIATED!!! Thanks

  38. zro203 says:

    The advice was awesome…I removed the virus…thanks!!!

  39. Harlen says:

    I run Windows XP and have Norton Anti-virus software. I went to Control Panel and clicked on along the top of the page I clicked on “Tools”. Under “Tools” I clicked on “Folder Options” and then clicked on the tab “View”. Under “View” I found a folder called “Hidden files and folders.” Under that folder I clicked on “Show hidden files and folders”. Immediately all the icons on my desktop reappeared, although in a alphabetical order. At the same time my Norton Anti-virus software kicked in and removed the Trojan.Gen.2 virus. The virus was located at C:\documents and settings\all users\application data\18472756.exe

  40. Alan R. says:

    Harlen – after reading MANY pages about this virus, and UNHIDING my hidden files, but finding many different fixes – none of which worked, the location you mentioned above is where I found mine – complete with that bogus XP logo and everything. Mine is named 17096500.exe and I just appended .bad to it. Now it’s time to reboot and see if this works.

    I responded to a Adobe Flash upgrade message when I booted up this morning and that’s how it seems to have gotten into my system. I was suspicious of the menu because the author neglected to include the MS trademark “tm” next to the logo – which is something I don’t think that Microsoft would ever do… ;)

    Thanks for posting your report. Hopefully I’ll be back in a few minutes to update this post with the results.

  41. Julius says:

    Thanks the Malewarebytes came to my rescue, plus this site’s list of questionable registry files. I still can’t get my desktop icons back though. I tried unhiding them, and my desktop picture is gone too. Thanks for the help!

  42. xx39 says:

    So, I managed to locate the virus, thanks to Harlen. What do I do now? I have absolutely no computer knowledge whatsoever (ok, maybe a tiny bit), and I’m afraid that I’d make it even worse. So, if I got it right, now that I found it, I should just rename it from .exe to .bak, then right-click it and delete it? Sounds too easy. Any suugestion? I’d rather not go into the safe mode by myself.

  43. Elissa says:

    I got the virus off my comp, but still have bot been able to unhide my folders. I have windows vista… I was able to “view hidden files” but I can’t figure out how to actually unhide them. Any help would be appreciated!!!

  44. Ramesh says:

    Help,

    I am on Windows XP. I am trying to follow the steps. I managed to unhide my task manager. BUT which RAM process on the process tab do I delete? As mention on this websitem “[random name].exe” Do i del a random name or look for random.exe? Help…not too savvy on this part of the computer..Thanks

  45. Dennis says:

    The virus is located at C:\documents and settings\all users\application data\……..exe. They all seem to have different numbers. There were 3 culprits to be deleted, all with the same number. Norton got rid of the virus and I was able to restore all my hidden files using Jose’s advice above. I had to remove the Hidden check box in my user profile and then highlight the folder contents as Jose described before I could access the contents of the C drive and get to Documents and Settings. Thanks to all.

  46. Devin says:

    HELP!

    Got the same virus. I got rid of the virus, but it appears that all of the contents of

    c:\programdata\microsoft\microsoft\windows\start menu

    and below is just a bunch of empty file folder – no files. This doesn’t appear to be a case of hidden files since attrib didn’t fix it. Is there a way to restore this or do I have to rebuild from scratch??

  47. Steffanie says:

    Ok, so same problem as everyone else above. I installed the program listed above and it got rid of the virus. My problem is that I cannot “unhide” all my Progams and Files, I am running Windows Vista and the directions listed above don’t seem to get me to the right place to find them. Anyone with solutions for Vista Platform? Thanks!

  48. Josh says:

    Same problem, running windows Vista…installed Malware bytes Anti Malware and virus appears to be gone, but I can’t find any of my files or programs. I ran the unhide.exe program on bleeping computer and it brought back some but not all files, however those it did bring back are in name only, actual contents is empty. When I try and click on computer and go in user profile or documents and settings it tells me access denied! I don’t know what to do, please help, cant figure out how to get all my stuff back.

  49. mounir says:

    this is the way to stop that windows recovery virus and after that download malwarebytes -anti malware that can remove that virus :
    1 – go to RUN and write MSCONFIG and click enter
    2 – when you see window system configuration click on STARTUP
    3 – now click on disable all
    4 – restart your pc so you will see that virus stoped working in your pc that mean is disable . so you must install malwarebytes anti malware that can remove virus from your pc

  50. Jim says:

    Hey all. I got this stupid virus yesterday and managed to do a system restore to earlier that day (it would not let me chose any day beyond tat), my desktop is back, as well as some of my icons. I did everything listed above (showed hidden files, deleted the virus from programdata) and nothing changed. When I run Norton, it comes up, but is completely blank and certain pages won’t load, and if I go on youtube or anything like it it says I need flash player, I download it but it doesn’t move an inch. I have no idea what is going on. Some programs won’t run, my virus scanner won’t run and when I try to download a new one I can’t get past the accept screen because no words appear in the box. I need help!

  51. ploom says:

    Same problem here Devin… It seems that I’ve lost no files except those shortcut ones…

    “HELP!

    Got the same virus. I got rid of the virus, but it appears that all of the contents of

    c:\programdata\microsoft\microsoft\windows\start menu

    and below is just a bunch of empty file folder – no files. This doesn’t appear to be a case of hidden files since attrib didn’t fix it. Is there a way to restore this or do I have to rebuild from scratch??

  52. mounir says:

    hello again there is a way to clean your pc from virus you got is that you go to RUN and write that

    C:\Windows\System32\sysprep\sysprep.exe

    click to ENTER you will see that system preparation tool
    click to GENERALIZE and ok
    wait for your pc will reboot after 10 munites you will see that your windows is clean like you use it for first time you bought your pc good luck :)

  53. veronica says:

    hi guys i just got this two days ago and cant get rid of it, i was wondering where do i go to find the files manually of the windows recovery so i can delete it, i already unhid my files so i should be able to find them now, can you please help?

  54. veronica says:

    i believe i found the windows recovery in the c drive but i prss delete to delete it and it dosnt let me, can anyone please help, thanks

  55. veronica says:

    i cant download the malaware softare on my computer it wont let me, for some reason it blocks it and i cant get to my internet options thats blocked too from my browser and my control panel, any suggestions?

  56. tebing01 says:

    Where are the windows recovery files such %AllUsersProfile%\~[random] located so I can delete them?

  57. jasmine says:

    My case is worse :I format all drives and installed a fresh copy of window ,when i start to browse the web ,it started to attack my computer. It disabled system restore function and when you try to open drive C: to fix yourself, all files are hidden .If I know this guy,I’ll blow his head off. This is the worst virus. ADAWARE,SPYBOT,
    MALWAREBYTE all are helpless.This is ROBBERY.

  58. veronica murillo says:

    yes i would also like to know where the alluserprofile are at? and also for the first registry entrie i was wondering if “exe” has a name before it or is it just “exe” thanks

  59. veronica murillo says:

    please anybody please help im still waitimg for a response, thanks

    • admin says:

      Normally, you may find All User profile in C: drive in Documents and Settings folder. means, C:\Documents and Settings
      About .exe, it has the name before .exe, your system might be hiding the .exe extension, you may enable to see the full name along with extentions by opening a folder, go to TOOLS, select FOLDER OPTIONS, navigate to VIEW and in the drop down list, uncheck the box before this option HIDE EXTENTIONS FOR KNOWN FILE TYPES, now click APPLY and OK. Good Luck

  60. A Bryant says:

    The rogue files will be within the “C:\Documents and Settings/[username]/Application Data” directory and named some random letter or number string, for example I had 19193636.exe and JqXcXynVehsDcBr.exe.

    Click start then run and type “cmd”. Then in command prompt type “cd C:\Documents and Settings/[username]/Application Data”.

    Then type “DIR” to see a list of the files within that folder. Any that look like random numbers or letters are the malware files. In my case I typed “DEL 19193636.exe” and “DEL JqXcXynVehsDcBr.exe”. Yours may be named differently.

    Next you have to unhide your entire C drive in order to see your files and folders. In command prompt type “cd C:\” again and then “ATTRIB -S -H /S /D *”, which will take a while but will eventually unhide your entire local disk allowing you to use windows explorer to see everything again.

    Finally I *highly recommend* downloading “rkill” and saving it to desktop. By renaming it to “Iexplore.exe” and then running it, it can stop the malware process staight off, allowing you to access anti-virus, task manager, system restore etc.

    Good luck to everyone getting rid of this nasty bastard of a malware.

  61. A Bryant says:

    Sorry, to clarify above, I typed “DEL 19193636.exe” etc in order to DELETE the malware files. You can type “DIR” after this to see the files in “Application Data” again and make sure there are no nasty .exes or dodgy looking files left.

  62. kayoss says:

    Hi Guys,
    A little help for you guys here. So my girlfriend was surfing the internet and suddenly she gets this critical message that appears. So she restarted her laptop and suddenly this windows recovery thing appear. After doing research on my desktop, i realized that it was a virus. I took her laptop and started it on safe mode. Downloaded a program call COMBOFIX onto a usb drive and transferred it to the laptop. I ran Combofix and everything was fixed and back to normal. After running it, Combofix will generate a log file of what it did. I was curious so i read through the logfile and it removed a lot of spyware, adware, trojan virus that i didnt know i had. You guys can give it a try because COMBOFIX is a free software and very powerful.

  63. kayoss says:

    You guys can google COMBOFIX if you dont believe me. Just make sure you download it from the correct site. Good luck to all who got infected. By the way, after running combofix, restart your computer or laptop and when windows starts will notice that all your icons are back on the desktop.

  64. Beazly says:

    Same problem here Devin… It seems that I’ve lost no files except those shortcut ones…

    “HELP!

    Got the same virus. I got rid of the virus, but it appears that all of the contents of

    c:\programdata\microsoft\microsoft\windows\start menu

    and below is just a bunch of empty file folder – no files. This doesn’t appear to be a case of hidden files since attrib didn’t fix it. Is there a way to restore this or do I have to rebuild from scratch??

    To Ploom:

    I had the same issue, start menu folders were all (empty)after FINALLY getting rid of the Windows Recovery Virus. I did this to get all my start menu folders back in Windows 7:
    Go to: c:\programdata\microsoft\windows\start menu
    There should be the Programs folder. Right click and go to Properties. Go to the Previous Versions tab. Wait for previous versions to load in window. Click on a version before the virus. Open the folder or I copied it first to my desktop to see if they were all there. Then I went back and clicked on Restore and all my programs are back in my Start Menu! So glad! Hope it works for you!!

  65. tma says:

    Greetings:

    I got the Windows Recovery virus today on my XP Pro SP3 system. I seem to have it all back now – only time will tell for sure. These are the steps I followed:

    1) Downloaded the SuperAntiSpyware.exe file from a trusted web site to a thumb drive.
    2) Booted Windows in safemode, installed and ran SuperAntiSpyware which found and disabled the virus files.
    3) Rebooted Windows and confirmed removal of virus but had a blank desktop.
    4) Downloaded unhide.exe program to unhide all folders and files.
    5) Rebooted and found many programs back but no desktop Icons and all file links missing in the “Start/All Programs” menu.
    6) I happen to have my system set up so that a new restore point is generated every AM. I restored to yesterday mornings setpoint, the icons and the file links are back.

    It looks like it is all back but now only time will tell if it is running properly.

    Many thanks for reporting your experiences. It was a great help!

  66. ss says:

    I got this virus and I followed the instructions that was available on internet. for someone who had asked to see the files clearly in all folders, I went to all users and went to my user profile and clicked on properties and unchecked hide files and folders. and it worked.

  67. angel says:

    omg someone help me as well….i got the same problem which started on monday, all of my icons are gone i cant access nothing i cant even go into safe mode on my computer which is a dell xp. Is there is anything i can do for now until i take it to the computer shop to get it remove? I need to go to my emails asap and i cant even find internet expl or firefox…can i least put in a activation code for now so i can least through the internet? Pleaseee help

  68. Zac says:

    I did what Mounir sugested and now my computer will not even go to the main screen. It keeps telling me to install Windows? “The Computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, Slick “OK” to restart the computer, and then restart the installation.” Is the message I am getting. Help!

  69. Harley says:

    This web page, under Delete Windows Files: contains 10 items that should be checked such as:
    %AllUsersProfile%\~[random]r
    %AllUsersProfile%\[random].dll
    %AllUsersProfile%\[random].exe
    %UserProfile%\Desktop\Windows Recovery.lnk
    %UserProfile%\Start Menu\Programs\Windows Recovery\
    etc

    Can someone please explain how to use these path statements to search for the files containing the virus?
    Thanks
    Harley

  70. Lisa Sauro says:

    Does anyone know how we can prosecute? The software asks for payment so the money has to be going somewhere. Lets start a class action suite. My computer was completely unusable and I lost thousands for a week without it.

  71. Bikoy says:

    I think I was able to remove the virus…any idea on how to check if I was able to remove it completely? And how can I restore the icons on my desktop? whenever I right click nothing happens.

  72. Teri says:

    Just got this virus on my laptop last night. I have Win7 vista. How can I remove the virus, remove the virus and unhide my desktop icons. Needless to say I’m not computer smart
    Thanks in Advance

  73. Garth says:

    x2 on that!!! I got this last night, and nothing is working. I can access through a different user account, but my wifes desktop and all pictures and doc’s are gone/hidden. I ran Microsoft Security Essentials, but it found nothing (ran in another account). Ran Malwarebytes, it fouind some things, but did not get the virus gone.

  74. Larry says:

    Can someone carefully type the exact cmd prompt for attrib to show hidden files…i’ve tried typing exactly as shown above however i keep getting error messages indicating invalid parameters. i am at c: in the DOS screen but thats as far as i get. Thanks!

  75. death says:

    Prosecute? I’m all for some death to the programmer who created this evil.

  76. Bev says:

    This was on another site-this worked PERFECT for me after doing the Malwarebytes thing. (Running Windows XP)

    You can get to System Restore with this $%^#$ thing.

    Do your start menu. In Run, type msconfig

    But unlike previous suggestions, dont go to the startup program list.
    Select the General Tab. There is a system restore button on there,
    and it is ACTIVE . I’m restoring mine by a few days presently.
    For reference, I am running a Windows XP system.

  77. anne casey says:

    i hate this virus i have tried everything to get rid of it and it keeps getting worse and more viruses i have windoes vista some one please help thanks

  78. taylor b says:

    Had the same issue task manager was disabled by the virus started safe mode with F5 key on start up and restored to prev save point then ran windows updates and virus scan seems to have taken care of everything. Free and uncomplicated.

  79. Clarence says:

    I got that on my desktop yesterday. It seem to be there different ways to fix it. Also some people got different thing that are not working when trying to get rid of it. Last of all also some people got different problems that make it they can’t do anything with Windows Recovery not closed or minmize(for some can’t close or minaize it at all). What to do when some stuff don’t work as suggested on this site and other sites on geting rid of it or something else happen that some don’t get when doing the same thing as suggested. It like not everything happens to everyone with the same malware problem in getting rid of it or the malware has done.

    So what are the best way to get rid of it and get back all files and desktop icon. I’m still looking for all the ways to fix and get rid of it, like one said do a system restore. I might try that using my Windows Vista disk from my Gateway laptop.

  80. Mike N says:

    Have you tried to go into safe-mode on your PC and go to a previous restore point? That’s helped several times for me on different problems.

  81. StuartB says:

    Finally got rid of this nasty virus. I tried for 2 days, using all the tips and suggestions on various web sites to no avail. My task mgr was disabled. I had zero files on my C drive visible and couldn’t get any properties to show in order to “unhide” and attempts with various malware and antivirus programs in safe mode didn’t get rid of it.

    It’s only when I did the following was I able to delete it:

    1. Safe Mode

    2. Run “Unhide.exe” next. You can find this free program on the net, just google it. If you can’t use your computer to download the file, use another to load it on a flash drive then copy in safe mode to the infected computer.

    3. Run the free version of Malwarebytes. That’s the program that correctly identified it and removed it. Others were unsuccessful.

    It’s important to run unhide.exe before you use the malware removal program. I think it exposed the files to malwarebytes. I think it also let me run the program because the first time I used MWB I had no luck, it shut it down.

  82. Mike N says:

    When you go to safe-mode. Right click on my computer and choose system protection and choose restore point from there.

    Instead, you may have to go to Start-(right click) Computer and go to properties there. then choose system protection and choose a restore point.

  83. Mike N says:

    Larry:

    At the command line type: attrib -h *.* to unhide your files.

  84. sun says:

    Based on previous posting, figured out the virus is in C:\Doucment and Settings\[username]\Application Data. My Document and Settings folder is missing. I could see the virus from Task Manager. In my case the virus was 43966200.exe. I realize that this number keeps on changing each time i restart the computer but it is always 8 digit number. My computer automatically restarts at every 20 mins which is very very annoying.

    Installed and ran trojankiller2094 which solved the problem of automatic restarting. BUT this program DOES NOT get rid of the window recovery virus. It asks to purchase the license to get rid of it.

    Installed and Ran COMBOFIX as suggested by kayoss (May 7th, 2011 posting). It took an hr for completion. COMBOFIX WORKED in my case. Everything is restored but just realized my Document and Settings folder is still missing. Any idea how do i get Document and Settings folder back.

  85. Andrew S says:

    Using the previous restore point worked for me, all has been okay for the last week.

  86. IT Juggler says:

    I found a Registry setting not mentioned above:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop”=”1″

    And I found that ll the missing Start Menu and Quick Launch shortcuts had been moved to:
    %UserProfile%\Local Settings\Temp\smtmp\1 – these were the missing %AllUsersProfile%\Start Menu items.

    %UserProfile%\Local Settings\Temp\smtmp\2 – these were the missing %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch items.

    %UserProfile%\Local Settings\Temp\smtmp\4 – these were the missing %UserProfile%\Start Menu items.

    I found the missing icons by searching the C:\ drive for “*.lnk”.

    Hope this helps someone

  87. Midwest says:

    Do you need to be in the same user profile you were in when the virus appeared? For whatever reason, my user profile (in use for about 8 years now) won’t recognize my password…

  88. Westcoastliberal says:

    Well, gang, this is a nasty one and the perps should be drawn and quartered.
    The unhide program works to bring back the software. If your system recovery works you can go back to an earlier state and that might be the simplest way for some, but it won’t take the bug off the computer.
    I think I found it by doing a search for C:\documents and settings\all users\application data\ THEN look for a file named something similar to 17096500.exe The one on my computer was 360KB if that helps. Anyway, once you find it, rename it to something like 17096500.bad That’s what I did and I’m hoping that took care of it. Wish me luck. By the way, this is after running all the major programs, and although it found the bugger it couldn’t kill it. I’ve noticed it screwed up some of my computer screen settings (size & screen background file) but nothing that can’t be adjusted.
    If you’re a blogger, we all need to make people aware of how to deal with this; I’ll bet a lot of people will wipe their hard drive not knowing that it’s all a show to get into your pocket.

  89. Westcoastliberal says:

    Just rebooted and a damn Internet Explorer A/V file just fired off. I don’t have I.E. open of course, but it showed up in Task Manager. So it’s somewhere else or it’s a zombie. Anybody else having similar probs?

  90. Trichard says:

    The missing shortcuts and icons are explained above by IT Juggler for Windows XP.
    The following are the equivalent for Vista and Windows 7:

    %UserProfile%\AppData\Local\Temp\smtmp\1 – these were the missing %%Program Data%\Microsoft\Windows\Start Menu items.

    %UserProfile%\AppData\Local\Temp\smtmp\4 – these were the missing
    %UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

  91. Trichard says:

    IT Juggler,
    Thank you very much for your time in searching (late night) for the missing shortcut links. You saves us a crap-ton of time in rebuilding and/or informing people of a required format. (Last resort)

    PC’s have been rolling in for a couple days now with this. The infection removal is easy, it’s the recovery that is a pain in the foot.

    Thanks again.

    Search Engine Tags… Windows recovery virus start menu shortcuts missing infection

  92. Dennis KiKa says:

    Hi Folks if you get this virus infection its very easy to remove it from your computer.
    *Boot the computer in safe mode with networking.
    *Login to administrator user profile.
    *Open the run window and type %AllUsersProfile%
    *you will find random alphabets.exe and numericals.exe.
    *Do shift delete.
    *Restart the computer, you will not find your desktop icons.
    *To get back the icons open RUN window and type regedit clik OK.
    *Regeistrty will be opened in that
    Hkey local user\software\microsoft\windows\current version\Policies\explorer\there you have to delete the desktop .
    *open task manager and kill explorer.exe.
    * in task manager select file open new task and type explorer clik OK.
    * youn will get all icons

  93. Lynn says:

    Can’t get to the internet on my computer to access new virus software – is there software I can buy to get rid of this virus? I live in the boonies – not much of a way to get help with this. A couple of experts want hundreds of dollars to fix it – not sure I want to spend hundreds of dollars on a laptop.

  94. mike says:

    It won’t let me get into Safe Mode. Tried F8 and F5. Nothing. How can I?

  95. John says:

    Malware program did not remove the virus. Even with a full scan and quick scan.

  96. Kevin says:

    I followed the instructions as stated. Safe Mode was not needed in my case. This was on Windows Vista.

    1.) iExplore.exe (run and do NOT reboot)
    2.) Install Malwarebytes and do a full scan. Delete (“remove selected” per original instructions) the identified bad-guys. Do NOT reboot.
    3.) Ran Uhide.exe
    4.) Reboot

    All better.

    Thanks!

  97. Susie says:

    I think i have deleted the virus, BUT I have no program files?. Can ANYONE help – please!!!

  98. joseph says:

    i managed to use windows security tools to get rid of the virus, and i have unhid all my files but i can’t manually acces my C:\documents and settings\all users\application data\ etc because it gives me an ‘access denied’ message. any ideas?

  99. Surge says:

    got the virus, is bad virus, cant find documents or pictures, uh

  100. Jay says:

    I think the people who created this virus should be executed publically. Just kidding. I sure would like to get my hands on them though and beat the s**t out of them.

  101. JAI says:

    1. Safe Mode with networking.

    2. Run “Unhide.exe” next. You can find this free program on the net, just google it. If you can’t use your computer to download the file, use another to load it on a flash drive then copy in safe mode to the infected computer.

    3. Run the free version of Malwarebytes.

    4. Run combofix.

  102. S says:

    I can’t get my computer to load in any mode just keeps rebooting – any suggestions

  103. Drew says:

    Malwarebytes will get rid of this virus. It is easiest to restart your system in safe mode, then run the program. When you (malwarebytes) have deleted all the virus files your system will still appear to be blank, but the files are just hidden. The easiest way to unhide is simply to open “My Computer” and in the “tools” menu open “folder options”, under “view” click the box for show hidden files and folders. Once this is done your files will reappear, but they will be “greyed” out. Just right click on the file you want to use, click the “properties” button and uncheck the box for “hidden”.
    Unhide.exe will aso do this, but will make all of your system files accessible, and some of them are hidden for a good reason.
    This has now worked on two computers at my office with no ill effects.

  104. Bryan says:

    I have thewindows recovery virus as well , but when I try to download any website that was provided to get rid of it, and I try to run or save it to my desktop it says this program contained a virus and was deleted and just goes away. Any help?

  105. Kirsten says:

    I got that nasty bug right out of no where too last friday and thoroughly pissed me off… it hides your files and leaves your computer virtually unusable with it’s annoying pop ups and everything that comes with it. And until today… as far as i know i got ride of it even tho my entire computer isn’t yet back to normal… i atleast have a hold on it.

    i didn’t even need to use safemode to use it…I downloaded Rkill to disable it. Then Malwarebytes to find and kill it and unhide.exe to finally unhide my files. The people who created this virus are seriously ridiculous…. but thanks for the advice on here people…because that’s what helped me get through it. And I hope these programs also help people get rid of this horrendous virus too. Because it defiantly isn’t fun to go through. good luck!

  106. Cindy says:

    I don’t have a safe mode, it disappeared. Is there another way to start in safe mode? Also malwarebytes deletes the virus but when I restart my computer it comes right back. Ant suggestions? If you have any make it simple please, i’m new to computers : (

  107. John Do says:

    Easy way to fix if you are lucky!

    1) Control Panel
    2) System (and security for windows 7)
    3) Under Action Center – Click “Restore your computer to an earlier time”
    – Hopefully there is a date that is before the time you go the virus.
    – If there are multiple times and dates, choose the earliest date and do a system restore
    – You will not lose files or programs, windows restores windows files, registries, all settings back to that point.

    4) Once you get this done if there are still problems, install and good anti-virus since you should have more control under windows and do a full scan and hopefully it will fix the remaining bugs.

  108. MarkPrimo says:

    The missing shortcuts are the biggest problem. Here is a batch file I setup using the info above. Just copy and paste into a file. I named it xp_recovery-fix-shortcuts.bat and then run it to restore the shortcuts. Hit “N” for no on replacing any existing shortcuts. The pause is for you to see any error messages. This is the second one I have fixed so it will streamline my repair of future infections.

    =====START BATCH FILE======

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\1\*.*” “%AllUsersProfile%\Start Menu\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\2\*.*” “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\4\*.*” “%UserProfile%\Start Menu\*.*” /s/e
    pause

    =====END BATCH FILE=========

  109. marily says:

    This sounds exactly like what my moms computer has, even getting into Safe Mode takes a miracle. I am worried I won’t be able to run anything at all.

  110. Kirsten says:

    Cindy I didn’t have to use safe mode to get rid of the virus. Just boot up your computer as you usually do. Some people are able to use safe mode… I wasn’t.

    In suggestion I would google Rkill and download it from bleepingcomputer… that will temp stop the virus then try and kill it with the malwarebytes. That’s what I did and so far after booting my comp back up it has not come back…thankgoodness. I hope this advice helps you… you don’t need advance computer skills to do this :)

  111. Roller says:

    Worked for me! You guys all rock that help us here. Got a computer problem, “GOOGLE” it and very cool people out there help you figure this stuff out! : )
    Thanks People!

  112. Melissa says:

    After you run malware, this works!!!!! THANK YOU SOOOOOO MUCH!!!!!!!!:
    1. Go to My Computer
    2. Click on C, then Document and Settings and go to your user profile.
    3. Right click on it and go to properties (Make sure hidden is unchecked)
    4. Then go to tools at the top and then folder options
    5. Click on View tab, make sure “show hidden files and folders” is checked.
    6. Hit Apply and then OK
    7. Back in the folder hightlight all of them and right click for properties and uncheck Hidden.

    It worked for me after that evil windows recovery attacked. THANK YOU AGAIN!!!!

  113. James says:

    I used Malwarebytes first in safe mode, then in norm mode which found and removed virus. I noticed that there were no programs in program files and most of my documents were hidden. I had to change attributes on all of them by hihlighting everything in My Documents right clicking and selecting properties. I then unchecked hidden, applied and afterward selected ok and all returned.

  114. James says:

    I forgot to mention I ran Rkill first in each mode before running Malwarebytes.

  115. Rick says:

    I got this virus on two computers in the same week. Someone mentioned the Adobe Flash Player update popup window as the source of the virus. That was the one constant in my situation. I opened it on both computers and believe that must be the source. Next time I get an Adobe popup, I will not be downloading the update as I have in the past.

  116. Tyler says:

    The Windows XP recovery thing pop up on my computer today and I don’t know what to do. All my documents and programs are gone and it won’t let me on the internet. My emails are very important to me and I need them badly. Will someone please help me?

  117. Kate says:

    Suddenly got the Windows XP Recovery trojan this morning.

    My computer has Windows XP on it, as it seems that knowing that is helpful for other people with similar issues.

    In order to do anything, I had to go into Safemode (hold F8 at startup)
    Clicked RUN and typed MSCONFIG, then enter
    Windows system configuration: click on STARTUP
    Disable all
    Reboot machine

    Somehow that stopped the virus from being able to keep cycling through. It is ridiculously annoying!

    I was able to see some files when I went to My Computer and then Tools, clicked on Folder Options, View tab, and Checked Show Hidden Files and Folders and Unchecked Hide extensions for known file types.

    At this point I went and found the files:
    C, Documents and Settings, All Users, Application Data
    as noted in previous comments.
    I found five files, three had just numbers, then there were two with icons. People with more experience probably would say what I did at this point is wrong- After I found the files, I went into Safemode again and deleted them while in Safemode and emptied the recycling bin. Upon further reading, I found that people rename the files and then run Malwarebytes, which is supposed to eliminate Windows Recovery. So… do that instead of what I did!

    So, I uninstalled my current version of Malwarebytes upon rebooting, and then had to open Mozilla through C, Program Files, Mozilla, and then clicked on firefox.exe Unfortunately, the internet was being redirected every time I tried a different site. To re-download Malwarebytes, I went to a cached version of CNET’s download page, and finally downloaded the program, updated it, and ran the scan. The scan took about forty-five minutes and found a few Trojan files and a few registry issues. It was able to fix all of them.

    I was not satisfied with this, and decided to use Hijack This to find any outstanding issues. I have read in the past that Hijack This is not for inexperienced users, so beware. I did a log of the scan and then googled the suspicious entries I noticed. I deleted a couple that were internet redirects. Then there were a few more there that may have been there prior to this issue. I also reviewed the entries listed at the top of this thread. None of those were there.

    AND THEN… still no files and shortcuts on desktop. So I tried this:My Computer, C, Document and Settings, Right click on whatever your User Profile name is and go to Properties. Make sure hidden and read only boxes are Unchecked. (I also did this for ALL USERS just in case, not sure it made a difference)

    I noticed at this point that the invasive program created its own user profile. Not sure if this is a remnant of the trojan, but I am currently not connected to the internet on that computer in case I missed something.

    I do not trust that my computer is safe to use for internet purposes like banking, email, and other sites that require passwords. I am probably just being paranoid, but whoever took the time to create such an invasive program probably wouldn’t mind stealing my private data.

    The entire process of researching and making changes in the computer with a few breaks took about seven hours.

    Everyone’s computer is different so try to make sure you do what’s best for your OS.

  118. Debi says:

    I have Windows Vista and I have this dang virus. If I hit ctrl-alt-del I have no option for the Task manager so I cannot disable the .exe file. I have no “run” command on the start menu either. Does anyone know what I should do next? (I’m using a different PC right now.)

    Thanks for any light that can be shed.
    Debi

  119. Pam says:

    download rkill in safemode it will disable the virus long enough for you to download and run malware and get rid of the virus. Your files are hidden. Then after the virus is gone, you can unhide your files by following the instructions above by Melissa or James…

  120. Tom Davis says:

    In XP the program shortcuts to the exe’s are missing. I just boot Mini XP from Hirens and unhide the hidden folders but the shortcut are missing. This does not apply to Vista or 7. PS the virus is usually in the Doc and Settings/AllUsers/app data folder. Also go to Internet options in control panel under connections go to proxy advanced uncheck all boxes clear anything like local or addresses out of all boxes click ok it will say something about this will not work click yes then make sure all boxes are unchecked under proxy. Then uncheck all boxes under connections. Iwish there was a way to get back the shortcuts without doing it manually.<–In XP

  121. Debi says:

    Pam,
    Thank you. rKill was a success. I had to temporarily disable McAfee on the PC I used to download rkill. Otherwise, McAfee would not allow me to download rkill because it reported it as an infected file. After downloading rkill I burned it to a cd and booted the infected PC into safe mode w/networking, ran rkill and then malwarebytes. Everything seems to be back in order. Alls well that ends well. Thanks for your very helpful suggestion – I’m back in business!
    Regards,
    Debi

  122. Rouslan says:

    Spybot Search & Destroy detects and removes it on startup scan without any problem.

  123. jmam says:

    I got infected this virus recently,I remove it following this topic. thanks.

  124. Jack says:

    Mark Primo, the batch file below can get to work…Help

    =====START BATCH FILE======

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\1\*.*” “%AllUsersProfile%\Start Menu\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\2\*.*” “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\4\*.*” “%UserProfile%\Start Menu\*.*” /s/e
    pause

    =====END BATCH FILE=========

  125. Jack says:

    June 27th, 2011 at 8:55 pm
    Mark Primo, the batch file below cannot get to work…Help

    =====START BATCH FILE======

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\1\*.*” “%AllUsersProfile%\Start Menu\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\2\*.*” “%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\*.*” /s/e

    xcopy “%UserProfile%\Local Settings\Temp\smtmp\4\*.*” “%UserProfile%\Start Menu\*.*” /s/e
    pause

    =====END BATCH FILE=========

  126. kl483 says:

    I thank all of you for your help in getting rid of the virus, but I still can not get my programs to show on my desktop. I have a black screen, even though I did what was recommended to unhide them. What else can I try to get them to show?

  127. Dallas says:

    I couldn’t access safe mode to try some of the strategies above, but realized my recycling bin was still acessable, so I could access my folders etc through there and opened internet explorer to download malware bytes,
    I still couldn’t run it until I opened task manager and stopped a process with a random name eg. k489fd8ds.exe, then the System Recovery screen disappeared and I could run malwarebytes.

    Very nasty

    then I had to reveal hidden files as suggested above: they still look greyed out though.
    Maybe a system restore is the best solution at this point.

  128. drew says:

    not a perfect solution but it works:

    open drives from my computer

    select all, properties

    uncheck hidden

    select apply changes to this folder, subfolders and files

    enjoy

  129. Mara Fedd says:

    I have the anti virus system pro and it will not allow mw to get on the internet to download removal tool. Any suggestions

  130. Versie Bartoli says:

    Avoid Norton, The product is way too big, slows things down too much and is wrought with problems. that is assuming you can get it to install, authorize and run at all.

  131. fkay says:

    I have a fake dialog box that comes onto my desktop every time I start up my computer and then it goes away. Says, “Launchanywhere properties file is missing.”
    How did it get there? How do I get rid of it?

  132. Sampoerna says:

    Trojan.FakeFrag comes as an X. DON’T DOUBLE CLICK to prevent severe misleading app. I’m not sure, I’m watching norton security response.

  133. w32 blaster worm vista virus says:

    All removal comments assume you can gain access to the windows command prompt. My sons computer immediately boots to the html page to renew or update the false blocker. I cannot gain access to the operating system. Cannot start Task Manager, cannot get to desktop at all…. What is the best course of action? I was thinking of removing the drive, slaving it to another and proceede with removal instructions then, however I am cautious as I do not wish to propogate the zlob on my drive. Thank you in advance, any help would be greatly appreciated. Scott

  134. teefer2.sys error says:

    This thing is fantastic.-It keeps me from opening the task manager or any other .exe or .bat.-I can’t run regedit or any other tools (see above)-I can’t enter safe mode! I get a BSoD when I try.

  135. xp home security says:

    Boot up in safe mode and go to the system restore for the day before and restart, ALL WILL BE GOOD!!!!

  136. Michelle says:

    hi i am in need of some help. so i was using my computer about 30 minutes ago and all of a sudden data recovery pops up. and all these system messages also pop up. My entire background of my screen is black no icons nothing all black. i clicked on the flag looking button at the bottom left of my screen and no control panel, no document, no pictures all those tabs are gone. the only things left are google chrome and windows word. Is there any free system i can run to retrieve everything back?? I have very important family photos on this laptop and we diddnt have a back up so i really need help please!! thank you!