PC Cleaner fake malware ransomware has gotten more sophisticated

I have cleaned this mess from several computers in the past but this time it has been kickin' my booty. I have always been able to get to the desktop to run the necessary programs to eradicate this thing but this time the desktop, C:\ drive, DSL, and start menu were all disabled. They simply come up blank. The "All Programs" selection at the Start menu came up as (Empty) so I was unable to get to the Restore function to take the computer back to a prior time. I have been able to see that there are restore points through CCleaner.

It also installed a fake, blank desktop.

The usual fake popups come up with the dire warnings about memory, disc drives, and virus alerts. Fortunately, the task bar was not blanked and I was able to get to Spybot S&D which I had installed before when this person got a virus. Through that I was able to get to the Control panel and then to My Documents. I turned on the folders and was able to get to the F:\ drive which is the memory stick I use to load/run the cleaning programs.

I ran the following in this order:

• RegScrubXP
• CCleaner
• Spybot S&D
• MalwareBytes
• SuperAntiSpyware
• Avira Antivirus

That got rid of the popups and the basic virus/trojan program but that is all.


I still cannot get the original desktop to appear. I have now found the reason that the C:\ drive will not show up. This insidious SOB changed all of the archive settings to "Hidden" for every folder and file on the entire drive.


I am able to so a search on *.* for drive C:\ and see all 30,000+ files that are there.



So, here are my questions:


How do I get to the restore function which is usually in the Start>All Programs>Accessories>System Tools> folder?


Barring this, how do I change the archive setting for the entire drive? I have tried using "Properties" but there is no function for this that I have been able to find.


The easiest way to restore the computer would be to simply use a restore point from before this thing bored into this computer. What I need is the ability to do so.


God, I wish I could just reach through the monitor and strangle one of these b------s who take such glee in programming these things!

 

TimW,

Thanks for the link. That is what I needed. I was already able to remove the virus but had no idea on how to make the hidden files visible.

Thanks again.

 

Thanks, but the unit is gone. If I get any squawks I'll re-run the files.

She is a close friend and if the unit isn't back to par she will let me know.

Thanks again.