Stung by Windows Recovery by HDD..

Inactive
By fruitmouse
Mar 22, 2011
Topic Status:
Not open for further replies.
  1. Hell of a night!
    Just spent 4 hours getting my lap top back.
    Here's what I remember - an error message saying my SATA drive was damaged and the computer went blank (black screen) - restarted it with the off button becuase my task manager was disabled.
    Upon restart I got this big colourful interface (similar to the defrag one they do) - think the company is HDD. Anyway - went into safe mode and downloaded Malwarebytes - full scan and it caught two viruses 1. exe file and 2. Taskmanager desabler!!! Cheeky sods.
    Furthermore - all my icons and programs had disappeared! The damned prog put everything on hidden!
    Restarted laptop and it came back again - self replicating via system restore point I think and regisrty edits to screw up my screen (black screen).
    Nasty - real nasty!
    Worryingly - I could find nothing about this particular prog online so winged it - it also seemed to create an administrator account?
    So I have just about managed to get back - plan is to now get my data on an external hard drive and reformat my machine - becuase thanks to the prog everything was hidden - my only being to unhide everything. I took a picture of the screen - will upload it tomorrow if I get time.
    Very nasty thing and I am not a computer expert so it took all my knowledge (which is very basic) to kill it - but kill it I did. Not sure for how long - they usually come back don't they - well not on this machine - first thing in the morning reformat!!

    How is this even legal? Can they just screw with our machnes like this!!! Can't anyone track the company down and close them down.

    Just passing on the message - becuase like I said - I hae never seen this one before and it looked like the systemtools virus only it said "Windows Recovery" at the top and underneath "performance and stability analysis report" and recoomended defrag etc. What a bloody con! Just for a single second I nearly thought it was legit - well like I say - nothing on google about this specific threat (that I could find anyway) - and as for installing a taskbar disabler - well - I would like to locate their offices and firebomb them!

    Andy.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Andy, did you want us to check to see if there is any remaining malware? What you did may not be appropriate for someone else, so we don't advise member to follow cleaning advise from others.

    1. It isn't but also usually isn't enforceable.
    2. Yes. They go after any machine that isn't properly protected.
    3. Sometimes- but it can take years.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. fruitmouse

    fruitmouse Newcomer, in training Topic Starter

    Hi...

    Thanks Bobbye I will bear that in mind for future - for this time though I opted for a clean sweep (reformatted disk) - I assumed that a quick format would suffice hopefully it can't come back after that.
    It's taken a lot of work and time - but eventually I am back online with all my old prorammes running and all my updates taken care of.

    It's disgusting that they can use tactics like that - hiding all my programmes, folders and disabling my task manager. I have learnt a lot about laptops this past 4 years - otherwise I would have probably just given up.

    The safemode with networking is my savious for things like that.

    Thanks again.
    A.
  4. fruitmouse

    fruitmouse Newcomer, in training Topic Starter

    Image

    Well just for the record - here it is - apologies for the poor picture I was panicking at that stage.
    You can see to the left all my programme list disappeared!

    http://img854.imageshack.us/i/image048.jpg

    A.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    FYI: Error Fix is a rogue program. It act on fake errors like a rogue spyware program would work with fake spyware. I'm sorry you went to all that trouble! We most likely could have cleaned it up.

    What you saw-the image-the missing programs- wasn't real!
  6. fruitmouse

    fruitmouse Newcomer, in training Topic Starter

    Yes I should have come to you but panicked.
    Of course - I never thought of that - my programmes was probably just part of the scam - a fake image or maybe becuase it hid all of them somehow.
    If they ever find a way of mking it run in safe mode - well then we are all doomed:(

    Anyway all seems well now - I didn't realise that prog was known becuase I googled "Windows recovery" and it didn't come up - so I came here to warn people but I guess it's called error fix.
    It got me by pretending to load a flash screen (saying loading please wait) while all along the devious thing was installing itself. I have inested in Nod32 now and looking into backing it up with Malwarebytes - like to see it try and get past those! My microsoft security essentials failed me miserabley that night:(

    Thanks again for your info - I have to say - the people that write these things are obiously very clever - shame they can't put that talent to good use rather than trying to break people's machines.

    Fm
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Have a look at this thread I posted today: http://www.techspot.com/vb/topic162959.html

    That person got a fake error that the computer was locked. If you are a Facebook member, try the suggestion I left for removing the fake Error Fix.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.