06-07-2011 12:40 AM
About a week ago, I got an e-mail from my daughter and in a Bambi moment, clicked on the link even though there wasn't a message from her to me personally, only to discover a website advertising Viagra. I immediately ran Housecall, which detected and cleaned a virus. So far, so good.
Yesterday, I was surfing the web and trying to find a photo using Google. I didn't find what I was looking for, or anything close enough to click on to enlarge it. I gave up, then clicked the start button of my toolbar to do something offline, when suddenly my computer was nuked. I got a fake AV screen reporting 32 viruses and a bunch of error messages. It blocked Internet access, denied task manager access, and made it appear that all of my files and programs were gone. When I rebooted, I went to run the recovery program. At first it allowed me only to go into DOS, but the only command that worked was C:\dir, which showed that everything, including my root directories, had been subverted. I rebooted again, and tried getting into the recovery, which seemed to run as normal, until it came time to actually boot up again. I got an error message saying it hadn't been completed and to rerun it (which kept looping, even after I did rerun it), and only a black screen and cursor after a brief glimpse at the orginal wallpaper that came on the computer.
So the files are still there, but access to them is not. Can someone tell me if there's a way to recover the computer's HDD?
Solved! Go to Solution.
06-07-2011 02:30 AM - edited 06-07-2011 02:32 AM
It looks as if that is a common fake AV program that goes under many guises. I'm not sure why Trend AV doesn't detect/kill it, but ....
Try rebooting in safe mode, and running the free MalwareBytes AntiMalware.
Also see other suggestions on the thread http://community.trendmicro.com/t5/Malware-Discuss
06-07-2011 09:32 AM
I attempted to reset my computer's setting using the F10 command when rebooting, since nothing else was accessible. The first time I tried it, it asked which drive I wanted to log onto. I entered the number for the C: drive, and simply looked it over to see what was there ... since it had shown my computer as having NO files when I had looked while in Windows mode - Start > Programs > (Empty). I rebooted again, tried the F10 command again, and this time it worked as I'd expected it to, showing me an option to destructive reformat or to restore to an earlier time. I chose restore to an earlier time, and this was the point where it looped and re-running did not solve.
06-07-2011 01:22 PM
I just cleaned up something very similar for someone. In my case I was able to identify the rogue processes running in task manager and end them. Then system restore to a previous restore point worked fine and got rid of all the nasty processes. Then I had to manually unhide her files because they had been marked hidden. During my research I did find a tool to use to unhide the files but decided to do them manually myself. Now all is well.
06-07-2011 04:33 PM
please see if you can still run the fakeav removal tool found here
06-07-2011 06:45 PM - edited 06-07-2011 06:46 PM
I can't do anything at all. It won't boot up at all. Black screen, arrow, and an error message is all that there is. (The error message is the one saying "Recovery did not complete. Re-run recovery."
That's why I was wondering if I can remove the HDD and put it into an external drive, then use a new computer to scan the drive perhaps? (And need to know if it can infect and destroy new computer when I do that...)
06-07-2011 07:21 PM
Can you try running the computer in safemode with command prompt and try restoring the computer to an earlier state. You may refer to this Microsoft Support Link on how to do a System Restore in Command Prompt.