WIndows Recovery infection

One of our PCs is infected with Windows Recovery. I followed the removal instruction from BleepingComputer and was able to stop the pop-up. The problem now I'm getting Google redirection and all my programs do not show up on the Start menu.

I installed Avast AV and it found several things and deleted those, but it's still doing the Google redirection. Right now I'm running Combo Fix in Safe Mode with Networking. Any idea if this doesn't work? ComboFix can't run on a normal Windows boot
LVL 2
coronoahcoroAsked:
Who is Participating?
 
phototropicCommented:
"...ComboFix can't run on a normal Windows boot..."

It needs to. You must stop the rogue processes so that scanners can run, using Rkill or RogueKiller.

Download Rkill:

http://www.bleepingcomputer.com/forums/topic308364.html

Download all seven names/extensions and keep trying them until one works. Or try RogueKiller. Great article here:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

Download a fresh copy of Combofix (use a clean computer if need be) and be sure to RENAME it before you download it. Put "xifobmoc.exe" or something in the file name box, and download to a flashdrive or to the infected pc.  Do thesame with Malwarebytes:

http://www.malwarebytes.org/mbam.php

Update and run it in normal mode.  Post the scan logs here for review.

 
0
 
BlackSnowmanCommented:
One more scan using Malwarebytes might kill the infection once and for all.
0
 
XLITSCommented:
I agree, Malwarebytes is excellent as well as Hitmanpro.  Both of these are very effective, fast and easy to use.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
rpggamergirlCommented:
Run this tool to remove the hidden flags on files and folders.
http://download.bleepingcomputer.com/grinler/unhide.exe

Or, RogueKiller, option 6 to remove hidden flags on files/folders.
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 


Then run TDSSKiller if you haven't yet adn attach the log.
TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
0
 
rpggamergirlCommented:
Also if you have already run ComboFix can you attach the log here for us to check.
0
 
phototropicCommented:
Glad your problem is resolved.

Don't forget to uninstall Combofix. Start - Run - (or Windows Key + R ) - type:

combofix /uninstall
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.