Defeating "Windows Recovery" virus/malware/trojan(?)

THIS IS e-mail sent to my kids on my recovery from "Windows Recovery" virus/malware (This may have another name but that's how it appears when it attacks):

 

 

 Ok, in the last two days I've spent at least 10 hours recovering from a computer virus/malware called the "Windows Recovery" virus . I'm merrily going along online when the screen goes black and a large box appears saying it is a "Windows Recovery"program. with its logo being a big red "X" on screen and in the taskbar below telling me that my computer is drastically infected, disappearing RAM, has at least  11 problems that it wants to fix etc etc. Then warning pop-up windows start to appear telling you various messages about what is wrong with your computer etc.
Being no dummy I know this is some sort of spam or virus so I attempt to exit out of it AND IT WILL NOT LET YOU EXIT, NO MATTER WHAT YOU TRY. YOU HAVE NO ACCESS TO "anything" ELSE ON YOUR COMPUTER.
I THOUGHT A reboot would help but on reboot the virus was still there and had complete control of the computer.

 

Hmm, thought I I may be in deep doo doo on this one. One of my many thoughts was to log off from MY account and logon as MOM's account. Well, surprise,  her login account had open access with no visible evidence of anything wrong.
To shorten the story, I went on Internet Explorer, to Google , typed in "Windows Recovery" virus malware etc and a host of pages popped up with people with a similar problem. I read quite few of the suggestions, some involved working with the Registry, which I am normally  loathe to do, but finally one referred me to this NORTON site:

 

http://www.symantec.com/business/support/index?page=content&id=TECH105414

 

This is sort of like a real deep clean of your computer specifically looking for malware etc. One the program ran (it took about 8-10 minutes to sweep the computer) it came up with at least 4 problems, two of which were the red "X" "Windows Recovery" virus. I deleted those and rebooted the machine/\.
GREAT, the virus was gone and I had control of the computer again, BUT the aftermath of this attack has taken the most time to fix. On of the effects was that the desk top was wiped clean of any and all icons, screen shot. Moreover, nothing could be added to the desktop - just a blue screen. Luckily I play a lot with Windows Explorer and went in to the "Desktop"
folder, opened it and there were all the icons/programs that normally appeared on screen. I tried dragging them onto the main screen but no such thing was allowed. Moreover the task manager on bottom lines wasn't working either.
What I had to do was to run a deep search using the "SPYBOT - SEARCH AND DESTROY" program which then found about 6-7 bad infections left behind by the initial virus as well. I eliminated those, rebooted and the full functionality of my screen, and rest of the computer is now operational, though I still run across a few things like some programs or files listed as "read only" which I have to fix. I did have to go into the Registry to fix the non-working taskbar problem.
        I just updated my NORTON antivirus programs which I do at least once a day in addition to its automatic updating and they just issued a large 60MB which I'm assuming had something to do with many customers reporting my similar problem. Norton is good at blocking intrusions, but it didn't  block this one.

 

I guess my point to emphasize to all is to keep your antivirus definitions updated at least once a day, get an anti-malware program (try www.download.com for free ones) and have back-ups for all you important info on CDs, flashdrives, external harddrives etc.) I just checked my Norton program and it's already blocked at least 15 intrusion attempts today.So far as I know this attack didn't actually wipe any files , but it could have, and the problems it caused were just a real pain.

 

You can get a free copy of Norton's "Power Eraser:
here: http://us.norton.com/support/DIY/index.jsp

 

You can have Norton make you a bootable recovery disk in case you have a complete meltdown:
See http://security.symantec.com/nbrt/overview.aspx?ssdcat=221&lcid=1033&origin=olhelp&env=prod&layout=esd&tooltype=nbrt&=OpenDocument&src=recoverytool

 

Hi

 

 

To remove threats like windows Recovery other Rogues 

 

 

you can use the Malwar Removal guide at Bleeping

 

 

http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery

 

 

 

 

Norton Power eraser is a aggressive tool.

 

 

Members suggestion is to use it as a last Resort and under guidance of an expert .

 

 

fixing the wrong file can make windows unbootable.

 

 

 

Spybot S&D Tea timer will conflict with Norton,

 

 

the tool mentioned in the removal guide does not have a real time component,Its free,effective

 

Does a good Job.

 

 

 

SuperAntispyware and Malware Bytes Antimalware are recommended in the forum

 

 

I may be  wrong but In my opinion spybot S &D is not as good a product it used to be a few years back

Never click anywhere on a fake AV or rogue to try to close it.  Use the back button to get off the website, or use alt F4 to close the browser.  It's a good rule of thumb not to reboot when you know that you have become infected.  Deal with the infection first.