"Windows Recovery" Malware

My work computer was infected today by a new malware called Windows Recovery. The church where I work has ESET NOD32 Antivirus as their antivirus program. When the box first came up, I googled the name on my phone and saw that Windows Recovery was a legitimate part of the Windows OS, but after further research I learned it was dropped after XP and therfore not legitimate on this machine. I have been unable to remove it. I was able to launch ESET NOD32 but if it is truly running, it is scanning the recycle bin over and over. Trying to solve the problem with a tiny smart phone screen is impossible, and the functionality of the PC is severely hampered by this virus, so I am writing from my home computer to ask for help. I do not have the registration number for ESET here but am hopeful that I can return to work next week with a solution to this problem. Please help.

 

use sysinspector log and submit to customer support
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219
and or ask from one of the dedicated volunteer sites
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

On Arpril 13 an announcement was made

Unfortunately, Rogue malware are in the wild, every day. It is impossible for any anti virus or anti malware scanner to detect everything at a 100% detection level all the time.

This link contains instructions as to rid of this variant.
The instructions should be used only with the assistance of a malware expert.


Thank you.

 

I had the same infection; it is very tricky! I am quite disappointed that my ESET NOD32 antivirus program did not protect me from acquiring this infection, nor was it able to clean my computer, once it had become infected. I went to the link suggested in the above message (at bleepingcomputer.com) and followed their solution using malwarebytes anti-malware (free!) software. This worked. Thank you, malwarebytes!

 

Layered security settings help prevent from infections such as these, such as using a Hosts File

 

Here is basic information on the Windows Recovery Rogue:

http://www.lavasoft.com/mylavasoft/rogues/windows-recovery

 

While it is appreciated that you have researched, I would dispute what Lavasoft are saying (all due to Lavasoft), the information I posted within this thread is more comrehensive.

Your efforts are appreciated, thank you.

 

I got hit with the "Windows 7 Recovery" virus today and I have NOD32 running on my system (version 4.2.71.2 and virus database 6124) ! It marked most of the files on the computer as hidden and started displaying fake hardware and software errors.

I was able to "remove" it with the lavasoft instructions that @TheKid7 posted but I am wondering (1) how come this virus was not caught by NOD32 and (2) what are the guys from ESET recommending to do for the clean up process?

 

if you were not able to remove it then using sysinspector log would help Eset help you.
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219