Budget Tech Review computer reviews, software reviews, Gadget reviews, phone reviews

Fake System Restore is a Virus

  1. Home
  2. /
  3. how to
  4. /
  5. howto
  6. /
  7. internet safety
  8. /
  9. Fake System Restore is a Virus

Fake System Restore is a Virus

Posted in : how to, howto, internet safety on by : Tips Of Tech

Fake computer repair/Restore software infects your computer with a bad virus that is hard to remove, hides your desktop icons and all of the items in the start menu and makes all of your folders hidden and read only. The Virus Also kills Task Manager.
On Windows XP windows 7 and windows vista.
The program has been called pc repair, system restore, pc restore, and probably a few more names I haven’t expected yet.


The pop up tells you that your hard drive can’t be read and your video card is overheating and that this semi-legit looking (except for the buy now button) can fix the issue.
This Virus is a bad one. Killed my computer at work. First Got a pop up that looks like System restore (kind of. never really looked at it) Except in the corner it says “buy Now” and across from it is the cancel button. Now me being a vet of these pop ups I assumed that by clicking the red X in the corner I have better odds than if I click either of the offered buttons.
Boom. all of my icons Vanished and my start menu became emptied, completely. Start menu was completely void of all options. Everything I had in my quick launch deleted off also.Not cool.
I tried the ol 1-2, and rebooted. Nope. Blue screen of Death. Safe mode, nope blue screen of death. Put another hard drive in and use it as the primary hard drive and scan the first hard drive with it’s virus scanner. Which was Windows Essentials. Found the ROOT KIT right away. After the delete and another reboot, blue screen of death.
But after about 6 hours of freaking out hoping the boss does not see. I get my computer restored
Here’s what I used.



RogueKiller.exe
ATF-Cleaner.exe helps clear up what’s on your computer in folders that you got locked out of in the attack.
Spybot
Believe it or not I used ESET Online Virus Scanner  to clear out the Viruses that this System restore thing gave me (worked great on Xp computer, did just okay on windows 7)
Microsoft Essentials Not a bad free Virus Scanner. Works pretty good. Makes the computer a bit slow though. I uninstalled it after I used it. This one finds the trojans left behind from the System Repair virus on Windows 7, and finds some for the system restore virus on xp. and windows 7
unhide.exe will get your icons back and your files back that disappeared when the virus hit you.

 

Then to get my icons back in order on my desktop, killed Explorer and restarted Explorer. To get the Explorer to run, I hit Windows button and the letter “D”, until I could right click on my desktop. You might have to do this three times or so. once you can right click, select “New” and select “Shortcut” Then it will ask you what you want to name it and where you want to point it. point to “C:\Windows\System32\taskmgr.exe” and save. Now double click that shortcut, and kill all instances of Explorer.exe. Then while still in taskmanager on the applications tab, look at the bottom, click the “new task” button. when it opens, type Explorer.exe.

Your folders are not gone, they are hidden and put into “read only” mode. You have to navigate to drive c: find and empty space (no icons in the way) Right click and select “properties” find the view tab. Scroll down and make it makes hidden folders visible folders. Click apply . Now you have to go to each folder one by one, or you can just use that program I posted up there called “unhide.exe” Does all of the unhiding of the folders again. Not sure which one but one brings back all of your uninstalls and fills your start menu again. It’s not a perfect science but it gets you closer with a mess ton of less work. One of those files looks like you have to register, don’t fill anything in just hit ok, it will work in trial mode.. you’re just going to use it once anyway. I did it backward and manually started doing all of this while my friend looked up what to get, by then I was about 30% into it, so some stuff the programs were to do, I already did it and some stuff I did, I bet the programs don’t do. but run all of those before you get to far into it that way you can see for yourself what they fix. Should make a lot of stuff much easier once you use the virus scanners and empty all of that stuff out.
Eset, I never liked them until this. They did quite a bit, and Microsoft essentials found the root kit.

That’s what did it for me.
Hope this works for you.

If this works for you, please share the link or comment below, let me know I am helping. If you need any ideas or tips or better understanding of anything, post below. I will do my best.

In the comments section of another post, someone made a connection between this virus and the software I noted . Netsession_win.exe

PS… If you are here because of Reddit. Hook me up with some Karma. !

9 thoughts on Fake System Restore is a Virus

  • TruXter 2011/10/27

    Please leave questions or tips here in the comment area. I am willing to help.

  • TruXter 2011/10/28

    There was a video I had embedded, but the dude in the video was FOS , he was saying the stuff was free, but it was like 30-45 bucks usd.
    People were busting him on his youtube account. Embedding his video got him 700 views in less than 8 hours. Considering the video was like 4 months old and he only had 1000 views, I did him some good, but not for the readers here. Sorry all.. I removed it. Not everyone tells the truth I guess.

  • darrell 2011/11/03

    I had one computer do it. At first I spent time boot scanning, etc. but I couldn’t waste anymore time, didn’t want to take a chance. Made backup of the mydocuments cleared out all the temp files. I did find random exe file name in temp. A red circle icon with an X. I did a full format in windows setup. The AD user still gets some error on login, but I don’t under my name. Then the next week I had two more. The second I used System Rescue CD to backup docs to usb, then I used dban and windows setup full format. Then all I had left was installing Office, another PC gets the same thing. All had hidden icons and System Restore. The second PC actually had all its icons hidden in the past but not the System Restore, to which I only did some scans and restored them. There is a 4th computer that has had only hidden icons. It has not been reloaded, only patched. I suppose its a matter of time unless I can dban it first to be safe. These computers are on a domain network with shared mapped folder. Is it spreading?

  • TruXter 2011/11/03

    Could just be habitual usage. Meaning when you got cooties on one, you ran to the other and surfed the same place you got it.. or something like that.
    The reason the first machine keeps getting it is the root kit. or there is a file you got from an un-trustworthy site. You need to scan the loose files you aquired around that time period, individually.
    Video, software, or audio file you obtained around that time.
    So you have to think back, to what you installed or watched or downloaded with in a week’s time of the first notice, and pray you solved it.
    Something you keep backing up in the mydocs or something, that you got about that time. and keep re-installing.

    Virscan.org can scan files one by one with about 30 different scanners.

  • Simon 2011/11/08

    Got this virus yesterday, managed to get rid of it but somehow it has changed all my security settings so that when I try to change user access from read to ‘full control’ I get a message saying error ‘access is denied’- ‘Unable to save permission changes on documents and settings’. Any idea how to get around this? This virus is the bane of my life.

    Cheers

  • TruXter 2011/11/09

    reboot to safe mode and go to user accounts and change the settings for your account, back to administrator. What steps did you take to get your virus off of your computer ?

  • Mary 2011/11/21

    I may got the same virus but even in safe mode, it redirect me to an advertising site, still plays some commercial radio in the background.
    Most of it is advertisement about election, 1800 flower and a lot more….
    I lost all my files…:(

  • TruXter 2011/11/21

    I promise you didn’t lose your files. They are just hidden from your view.

Comments are closed.