• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

WIndows Recovery infection

One of our PCs is infected with Windows Recovery. I followed the removal instruction from BleepingComputer and was able to stop the pop-up. The problem now I'm getting Google redirection and all my programs do not show up on the Start menu.

I installed Avast AV and it found several things and deleted those, but it's still doing the Google redirection. Right now I'm running Combo Fix in Safe Mode with Networking. Any idea if this doesn't work? ComboFix can't run on a normal Windows boot
0
coronoahcoro
Asked:
coronoahcoro
2 Solutions
 
BlackSnowmanCommented:
One more scan using Malwarebytes might kill the infection once and for all.
0
 
XLITSCommented:
I agree, Malwarebytes is excellent as well as Hitmanpro.  Both of these are very effective, fast and easy to use.
0
 
phototropicCommented:
"...ComboFix can't run on a normal Windows boot..."

It needs to. You must stop the rogue processes so that scanners can run, using Rkill or RogueKiller.

Download Rkill:

http://www.bleepingcomputer.com/forums/topic308364.html

Download all seven names/extensions and keep trying them until one works. Or try RogueKiller. Great article here:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

Download a fresh copy of Combofix (use a clean computer if need be) and be sure to RENAME it before you download it. Put "xifobmoc.exe" or something in the file name box, and download to a flashdrive or to the infected pc.  Do thesame with Malwarebytes:

http://www.malwarebytes.org/mbam.php

Update and run it in normal mode.  Post the scan logs here for review.

 
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
rpggamergirlCommented:
Run this tool to remove the hidden flags on files and folders.
http://download.bleepingcomputer.com/grinler/unhide.exe

Or, RogueKiller, option 6 to remove hidden flags on files/folders.
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 


Then run TDSSKiller if you haven't yet adn attach the log.
TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
0
 
rpggamergirlCommented:
Also if you have already run ComboFix can you attach the log here for us to check.
0
 
phototropicCommented:
Glad your problem is resolved.

Don't forget to uninstall Combofix. Start - Run - (or Windows Key + R ) - type:

combofix /uninstall
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now