Fake System Restore is a Virus

Fake computer repair/Restore software infects your computer with a bad virus that is hard to remove, hides your desktop icons and all of the items in the start menu and makes all of your folders hidden and read only. The Virus Also kills Task Manager.
On Windows XP windows 7 and windows vista.
The program has been called pc repair, system restore, pc restore, and probably a few more names I haven’t expected yet.


The pop up tells you that your hard drive can’t be read and your video card is overheating and that this semi-legit looking (except for the buy now button) can fix the issue.
This Virus is a bad one. Killed my computer at work. First Got a pop up that looks like System restore (kind of. never really looked at it) Except in the corner it says “buy Now” and across from it is the cancel button. Now me being a vet of these pop ups I assumed that by clicking the red X in the corner I have better odds than if I click either of the offered buttons.
Boom. all of my icons Vanished and my start menu became emptied, completely. Start menu was completely void of all options. Everything I had in my quick launch deleted off also.Not cool.
I tried the ol 1-2, and rebooted. Nope. Blue screen of Death. Safe mode, nope blue screen of death. Put another hard drive in and use it as the primary hard drive and scan the first hard drive with it’s virus scanner. Which was Windows Essentials. Found the ROOT KIT right away. After the delete and another reboot, blue screen of death.
But after about 6 hours of freaking out hoping the boss does not see. I get my computer restored
Here’s what I used.



RogueKiller.exe
ATF-Cleaner.exe helps clear up what’s on your computer in folders that you got locked out of in the attack.
Spybot
Believe it or not I used ESET Online Virus Scanner  to clear out the Viruses that this System restore thing gave me (worked great on Xp computer, did just okay on windows 7)
Microsoft Essentials Not a bad free Virus Scanner. Works pretty good. Makes the computer a bit slow though. I uninstalled it after I used it. This one finds the trojans left behind from the System Repair virus on Windows 7, and finds some for the system restore virus on xp. and windows 7
unhide.exe will get your icons back and your files back that disappeared when the virus hit you.

 

Then to get my icons back in order on my desktop, killed Explorer and restarted Explorer. To get the Explorer to run, I hit Windows button and the letter “D”, until I could right click on my desktop. You might have to do this three times or so. once you can right click, select “New” and select “Shortcut” Then it will ask you what you want to name it and where you want to point it. point to “C:\Windows\System32\taskmgr.exe” and save. Now double click that shortcut, and kill all instances of Explorer.exe. Then while still in taskmanager on the applications tab, look at the bottom, click the “new task” button. when it opens, type Explorer.exe.

Your folders are not gone, they are hidden and put into “read only” mode. You have to navigate to drive c: find and empty space (no icons in the way) Right click and select “properties” find the view tab. Scroll down and make it makes hidden folders visible folders. Click apply . Now you have to go to each folder one by one, or you can just use that program I posted up there called “unhide.exe” Does all of the unhiding of the folders again. Not sure which one but one brings back all of your uninstalls and fills your start menu again. It’s not a perfect science but it gets you closer with a mess ton of less work. One of those files looks like you have to register, don’t fill anything in just hit ok, it will work in trial mode.. you’re just going to use it once anyway. I did it backward and manually started doing all of this while my friend looked up what to get, by then I was about 30% into it, so some stuff the programs were to do, I already did it and some stuff I did, I bet the programs don’t do. but run all of those before you get to far into it that way you can see for yourself what they fix. Should make a lot of stuff much easier once you use the virus scanners and empty all of that stuff out.
Eset, I never liked them until this. They did quite a bit, and Microsoft essentials found the root kit.

That’s what did it for me.
Hope this works for you.

If this works for you, please share the link or comment below, let me know I am helping. If you need any ideas or tips or better understanding of anything, post below. I will do my best.

In the comments section of another post, someone made a connection between this virus and the software I noted . Netsession_win.exe

PS… If you are here because of Reddit. Hook me up with some Karma. !

New Version on CCleaner is out

Cdnet has tnew CCleaner

CCleaner 3.04.1389 version
CCleaner is the number-one tool for cleaning your Windows PC
Cleans all areas of your Computer
Internet Explorer
Internet Explorer
Temporary files, history, cookies, Autocomplete form history, index.dat.
Firefox
Firefox
Temporary files, history, cookies, download history, form history.
Google Chrome
Google Chrome
Temporary files, history, cookies, download history, form history.
Opera
Opera
Temporary files, history, cookies.
Apple Safari
Safari
Temporary files, history, cookies, form history.
Windows
Windows
Recycle Bin, Recent Documents, Temporary files and Log files.
Registry
Registry Cleaner
Advanced features to remove unused and old registry entries.

To download the latest version of CCleaner From CdNet
Thanks for the update CdNet

To Check Reviews of CCleaner

Always check the reviews

Registry Cleaners and Memory Software

Ok I took a test drive of a few “computer Tweaker ” programs that have been well voted for on Cnet and ZDnet. They all were easy to locate, and I saw that thousands and millions have downloaded these.  I organized first by number of downloads, and by most votes. I then organized by highest vote score. all three times, these three programs came up in the top. So I decided they where the best options of this test.

The machine is Nforce 750A with AMD 5600+ two gigs of  pc 6400

dual 9500 gt 500mb Nvidia cards (sli)

Operating system is Vista Ultimate Service Pack 1

Installations were:
Registry Mechanic 9.00.0114 Of course this is a trial software.

Advanced Registry Optimizer 2010

CCleaner 2.29.1111

I really saw/felt no changes as I played a few games after each install. I am quite disappointed in the Pc gaming community. It seems there is a new wave of newbie techies advising people to use this stuff. Why do we go through this exact same wave every single time a new Operating system is released? It really seems like every time an OS is out, 8 months later there is a batch of people giving advise to use this stuff. Like memory boosters. After another 5 months, you start getting advice to overclock. You see posts like “Over clocking does not harm your computer” and masses of 20+ people backing this theory in threads of forums. Then three months later ” Help my video games have black streaks in them” Well you clearly over heated and fried your card.

End result.. Nothing fantastic. I guess what people see as being a new faster cleaner running machine, is a trick of the eye slight of hand. I swear every time I wash my car, it feels like it runs better.

Please if anyone has a new Registry software they want me to try out. and they are certain it works, Give me a thorough description of the software. Nothing larger than 15MB or I won’t touch it. This post i really wanted to go into detail, I really was ready for it. Right now i am nothing but so upset for installing this stuff I can’t write any detail other than… junk, junk, junk.

Personally I am sick of helping people after they stumble into this useless junk.
Your registry is written to for every program that is installed on your computer. These are lines of commands to tell your computer how to handle these programs. That’s it. Those lines of commands are never used if you do not use programs associated to what is has been written to your registry. Meaning: if you uninstall a program and never use that program again, then nothing on your computer will request that specific line, so that line does not have to be erased. that line will just never be necessary again. It does you no good to remove the registry entries from uninstalled programs. but you could possibly damage your computer by removing the wrong line of code. and no…. not all registry cleaners know every single program in the world and what they each use or write  in your registry.