Gentlee_nh
asked on
Malware disguised as Windows Restore
A client's computer has what I believe is a fake "Windows Restore" on it. It cranks up at the end of the boot and claims there are errors on the disk. Then a box comes up claimiing the hard drive is failing or there is no space. In addition it has wiped out all his icons on the desktop and start menu.
He is using only 1/3 or his disk and the error boxes remind me of Sheriff Spyware.
Anyone familiar with this and know how to fix it?
He is using only 1/3 or his disk and the error boxes remind me of Sheriff Spyware.
Anyone familiar with this and know how to fix it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@rfportilla,
Take a look at the removal instructions I posted. Grinler's instructions will get rid of this infection without any problems. There should be no need to muck about with system restore, chkdsk (?), or safe mode booting.
Take a look at the removal instructions I posted. Grinler's instructions will get rid of this infection without any problems. There should be no need to muck about with system restore, chkdsk (?), or safe mode booting.
[Not for points]
Just concurring completely with the recommendation from 'phototropic'.
I have personally used the instructions from "Grinler" to remove dozens of these types of infections.
Follow the instructions "step-by-step" and you will soon be clear of this.
Just concurring completely with the recommendation from 'phototropic'.
I have personally used the instructions from "Grinler" to remove dozens of these types of infections.
Follow the instructions "step-by-step" and you will soon be clear of this.
Gentlee_nh,
What is your status?
Is your problem resolved, or do you need further assistance?
What is your status?
Is your problem resolved, or do you need further assistance?
Thanks, @phototropic. I hope that works. I have spent a lot of time doing antivirus/antimalware work. The directions you provided do seem to match up with what the poster is saying. I don't think I have seen this specific infection before, though. I misunderstood from the poster that the installation was already trashed. Sometimes the OS is just too far gone to fix.
The suggestion at http:#a35748071 is a known fix for this problem.
It has been an "Accepted Solution" many times here on EE and hundreds/thousands of users at the original site.
It has been an "Accepted Solution" many times here on EE and hundreds/thousands of users at the original site.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
If you REALLY want to consider "fixing" it, what have you done so far? Have you tried safe mode? Have you tried system restore to an earlier date? Have you tried turning off system restore (don't do until you have exhausted sysrestore options)? Have you tried doing chkdsk? Searching for bad .dll's? etc.? etc.? etc.?
This is very time consuming. Usu., if I haven't solved this in 1 hour, I try to convince the user to reinstall.
Whatever you do, just make sure you back up everything first. The data may be getting more corrupted with each reboot.