Vista Recovery Virus

Been fighting this Recovery virus that just popped up. Able to stop it and un hide my program files, but can't get my Office shortcuts back under the program folder. Any ideas??:cry

 

Thanks for the help. I ended up having to just perform a system restore, more things were missing when I started using computer. Now going back to what this laptop was back when I first received it. Running Vista 64 office 2007. Did not think of what you mentioned, thanks again for the help.

TT

 

This appears to be a new rogue antivirus scam malware. I'm currently removing it from a friend's machine. Needless to say, he got it from browsing pr0n.

 

http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery for future reference

 

SAS removed the virus. However, it was more trouble than it was worth to completely rebuild the Start menu's Program .lnk files, as all of them were deleted (not hidden, like all personal files were). So, I saved the personal files (after removing the virus) and did a simple reinstall of the OS.

 

i've heard about that, surprised Grinler doesn't mention it in this specific tutorial, but he normally recommends people to disable their antivirus before running unhide.exe iirc. Something to do with the anti virus software... But i think even then there's a chance that it won't restore the start menu.

 

What I did wrong is run SpyBot Search and Destroy first, which deletes out temp folder and that is what did me in, This virus hides folders and moves all the stuff to temp folders. So first you kill it in Task Manager mine was (4560034.exe) Then you run MBAM, then you goto folders tools and show hidden files and folders so you can see everything, and try to undo the mess it creates. BTW I wasn't surfing porn I was reading Drudge Report and this just started running somehow. I've beefed up my security settings and updated Avast, and made new backups. I don't like leaving system restore on because seems viruses like to go there, so I make one image when running good then turn it off. Just try to think of it as a learning experience, now I have a few more tools that I didn't have before. Always have up to date backups.

TT

 

A virus from Drudge? That would be big news. Like huge.

 

Probably cross site scripting (XSS), an advert or image loaded from an outside server that's been infiltrated. Most of those can be prevented by running something like NoScript in the browser.