TechSpot

[Info] Windows XP System Recovery - a variant

By AlbertLionheart
Jun 2, 2011
  1. And here we go again - same nasty threatware but under a slightly different guise. This one masquerades as a Windows warning that there are, among other faults, serious errors on your hard drive and offers to provide a downloadable fix for a fee.
    Whatever you do, do not download the fix as it is a scam.
    It also interferes with the links to programs and makes changes to your desktop, hides the desktop and also clears all entries in the Start/Programs menu.
    It will not allow Task Manager to run but will allow msconfig to run so the {randon character}.exe file is easy to identify and stop from running. You can also use the {randon character}.exe filename to find the references in the registry and remove them.
    It also stops system recovery from working.
    It also stops some programs from running in Safe Mode.
    It does not appear to damage any data files so you can attach the hard drive to a second computer to recover any files that you have not backed up.
    It arrives via a drive-by infection on an insecure website, and the last system I had to repair was running Kaspersky IS 2011 which filed to protect the system.
    Malwerebytes, Rkill, fix.exe and unhide.exe were tools I used to clear it. I am told that StopZilla is also effective but so far nothing has repaired or undone the damage to the registry - don't even think of RegCure as that turns out to be another scam download!
    In this case I have formatted the drive and reinstall the OS.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    Windows XP System Recovery is fully curable.
    One very important action, which should be avoided, when infected with the above malware - do NOT run any temporary file cleaners, as the infection moves some important files to Windows temporary folder.
     
  3. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Topic Starter Posts: 2,714

    Thanks for that - so what do you use to repair this and ensure that any changes made to the system files are restored?
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +258

    I can't be really very specific, because every computer is an unique machine and there may be some other infections involved.

    You can see Windows XP Recovery manual here: http://www.bleepingcomputer.com/virus-removal/remove-windows-xp-recovery

    If the above doesn't cure everything, then....some more scans have to be done and then we'll know more about what's going on.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.