Fake System Restore is a Virus

Fake computer repair/Restore software infects your computer with a bad virus that is hard to remove, hides your desktop icons and all of the items in the start menu and makes all of your folders hidden and read only. The Virus Also kills Task Manager.
On Windows XP windows 7 and windows vista.
The program has been called pc repair, system restore, pc restore, and probably a few more names I haven’t expected yet.


The pop up tells you that your hard drive can’t be read and your video card is overheating and that this semi-legit looking (except for the buy now button) can fix the issue.
This Virus is a bad one. Killed my computer at work. First Got a pop up that looks like System restore (kind of. never really looked at it) Except in the corner it says “buy Now” and across from it is the cancel button. Now me being a vet of these pop ups I assumed that by clicking the red X in the corner I have better odds than if I click either of the offered buttons.
Boom. all of my icons Vanished and my start menu became emptied, completely. Start menu was completely void of all options. Everything I had in my quick launch deleted off also.Not cool.
I tried the ol 1-2, and rebooted. Nope. Blue screen of Death. Safe mode, nope blue screen of death. Put another hard drive in and use it as the primary hard drive and scan the first hard drive with it’s virus scanner. Which was Windows Essentials. Found the ROOT KIT right away. After the delete and another reboot, blue screen of death.
But after about 6 hours of freaking out hoping the boss does not see. I get my computer restored
Here’s what I used.



RogueKiller.exe
ATF-Cleaner.exe helps clear up what’s on your computer in folders that you got locked out of in the attack.
Spybot
Believe it or not I used ESET Online Virus Scanner  to clear out the Viruses that this System restore thing gave me (worked great on Xp computer, did just okay on windows 7)
Microsoft Essentials Not a bad free Virus Scanner. Works pretty good. Makes the computer a bit slow though. I uninstalled it after I used it. This one finds the trojans left behind from the System Repair virus on Windows 7, and finds some for the system restore virus on xp. and windows 7
unhide.exe will get your icons back and your files back that disappeared when the virus hit you.

 

Then to get my icons back in order on my desktop, killed Explorer and restarted Explorer. To get the Explorer to run, I hit Windows button and the letter “D”, until I could right click on my desktop. You might have to do this three times or so. once you can right click, select “New” and select “Shortcut” Then it will ask you what you want to name it and where you want to point it. point to “C:\Windows\System32\taskmgr.exe” and save. Now double click that shortcut, and kill all instances of Explorer.exe. Then while still in taskmanager on the applications tab, look at the bottom, click the “new task” button. when it opens, type Explorer.exe.

Your folders are not gone, they are hidden and put into “read only” mode. You have to navigate to drive c: find and empty space (no icons in the way) Right click and select “properties” find the view tab. Scroll down and make it makes hidden folders visible folders. Click apply . Now you have to go to each folder one by one, or you can just use that program I posted up there called “unhide.exe” Does all of the unhiding of the folders again. Not sure which one but one brings back all of your uninstalls and fills your start menu again. It’s not a perfect science but it gets you closer with a mess ton of less work. One of those files looks like you have to register, don’t fill anything in just hit ok, it will work in trial mode.. you’re just going to use it once anyway. I did it backward and manually started doing all of this while my friend looked up what to get, by then I was about 30% into it, so some stuff the programs were to do, I already did it and some stuff I did, I bet the programs don’t do. but run all of those before you get to far into it that way you can see for yourself what they fix. Should make a lot of stuff much easier once you use the virus scanners and empty all of that stuff out.
Eset, I never liked them until this. They did quite a bit, and Microsoft essentials found the root kit.

That’s what did it for me.
Hope this works for you.

If this works for you, please share the link or comment below, let me know I am helping. If you need any ideas or tips or better understanding of anything, post below. I will do my best.

In the comments section of another post, someone made a connection between this virus and the software I noted . Netsession_win.exe

PS… If you are here because of Reddit. Hook me up with some Karma. !

Recover Deleted Items

Recover Deleted Items

Recover Deleted Files
We have all done this, we have deleted something, and was freaking out the next day because we needed the item we deleted. Well if you are currently one of those people who are in shock because you made a mistake that, well you would be ashamed to tell people. Freak out no more. because Power Undelete has created the software to get that stuff back.
Power Undelete Wizard(Lifetime License)
As stated by Power Undelete makers

Power Undelete Wizard is an easy-to-use, windows based application designed for recovering deleted files from NTFS or FAT32 volumes. It even can recover files from formatted or reformatted disk. It can scan disk and find lost files and data blocks, these lost files may be deleted by mistakes, viruses, trojans, spywares, or other applications running on your PC.
Like no other recovery tool Power Undelete Wizard is easy to use, featuring a step-by-step interface that will guide you through several stages of data recovery. You will get your deleted or lost files back in minutes.

You know you have done it. You know your employees have done it. Delete items that need to be used again. Presentations, diagrams pictures,videos movies, songs. all sorts of stuff that you shouldn’t have deleted, well you can undelete these items.
They even have a version for unlimited licensing. Power Undelete Wizard(Unlimited License)

undelete files

file recover software

Power Undelete scanning computer for deleted files

Power Undelete

I have this one installed on the server at work, and every computer on the network. That way when someone deletes something from their computer, or a folder on the network that they use, I can bring it back with in minutes.
A great way to restore deleted files.

 

 

As all of the sponsors to my to my site, I recommend Power Undelete. If I didn’t believe in them, I wouldn’t use them. and sure wouldn’t recommend them.