THIS IS e-mail sent to my kids on my recovery from "Windows Recovery" virus/malware (This may have another name but that's how it appears when it attacks):
Ok, in the last two days I've spent at least 10 hours recovering from a computer virus/malware called the "Windows Recovery" virus . I'm merrily going along online when the screen goes black and a large box appears saying it is a "Windows Recovery"program. with its logo being a big red "X" on screen and in the taskbar below telling me that my computer is drastically infected, disappearing RAM, has at least 11 problems that it wants to fix etc etc. Then warning pop-up windows start to appear telling you various messages about what is wrong with your computer etc.
Being no dummy I know this is some sort of spam or virus so I attempt to exit out of it AND IT WILL NOT LET YOU EXIT, NO MATTER WHAT YOU TRY. YOU HAVE NO ACCESS TO "anything" ELSE ON YOUR COMPUTER.
I THOUGHT A reboot would help but on reboot the virus was still there and had complete control of the computer.
Hmm, thought I I may be in deep doo doo on this one. One of my many thoughts was to log off from MY account and logon as MOM's account. Well, surprise, her login account had open access with no visible evidence of anything wrong.
To shorten the story, I went on Internet Explorer, to Google , typed in "Windows Recovery" virus malware etc and a host of pages popped up with people with a similar problem. I read quite few of the suggestions, some involved working with the Registry, which I am normally loathe to do, but finally one referred me to this NORTON site:
This is sort of like a real deep clean of your computer specifically looking for malware etc. One the program ran (it took about 8-10 minutes to sweep the computer) it came up with at least 4 problems, two of which were the red "X" "Windows Recovery" virus. I deleted those and rebooted the machine/\.
GREAT, the virus was gone and I had control of the computer again, BUT the aftermath of this attack has taken the most time to fix. On of the effects was that the desk top was wiped clean of any and all icons, screen shot. Moreover, nothing could be added to the desktop - just a blue screen. Luckily I play a lot with Windows Explorer and went in to the "Desktop"
folder, opened it and there were all the icons/programs that normally appeared on screen. I tried dragging them onto the main screen but no such thing was allowed. Moreover the task manager on bottom lines wasn't working either.
What I had to do was to run a deep search using the "SPYBOT - SEARCH AND DESTROY" program which then found about 6-7 bad infections left behind by the initial virus as well. I eliminated those, rebooted and the full functionality of my screen, and rest of the computer is now operational, though I still run across a few things like some programs or files listed as "read only" which I have to fix. I did have to go into the Registry to fix the non-working taskbar problem.
I just updated my NORTON antivirus programs which I do at least once a day in addition to its automatic updating and they just issued a large 60MB which I'm assuming had something to do with many customers reporting my similar problem. Norton is good at blocking intrusions, but it didn't block this one.
I guess my point to emphasize to all is to keep your antivirus definitions updated at least once a day, get an anti-malware program (try
www.download.com for free ones) and have back-ups for all you important info on CDs, flashdrives, external harddrives etc.) I just checked my Norton program and it's already blocked at least 15 intrusion attempts today.So far as I know this attack didn't actually wipe any files , but it could have, and the problems it caused were just a real pain.
You can get a free copy of Norton's "Power Eraser:
You can have Norton make you a bootable recovery disk in case you have a complete meltdown: