We've been seeing an influx of Windows based PCs with the Windows Recovery Rogue Utility Apps. Windows XP systems get Windows XP Recovery, Windows Vista systems get Windows Vista Recovery, & Windows 7 systems get the Windows 7 Recovery malware.
After infection, it hides all the contents (files & folders) of the C drive, no idea on if it also checks for D, E, etc, etc, drives. A Kaspersky or NOD32 bootable AV CD will usually kill off the main infection.
The usual way to combat this is to boot into Windows Safe Mode Command Prompt. Get to the command line, and enter the command:
attrib -h c:\*.* /s /d
Then use your trusty copy of AutoRuns to disable any autostarting items. Boot back into Windows and use what ever AV or AntiMalware (AM)(Superantispyware and/or MalwareBytes) to remove the remainder.
Tuesday, May 31, 2011
Subscribe to:
Posts (Atom)