"Windows Recovery" Malware

Discussion in 'ESET NOD32 Antivirus' started by rocquoone, Apr 22, 2011.

Thread Status:
Not open for further replies.
  1. rocquoone

    rocquoone Registered Member

    Joined:
    Apr 22, 2011
    Posts:
    1
    My work computer was infected today by a new malware called Windows Recovery. The church where I work has ESET NOD32 Antivirus as their antivirus program. When the box first came up, I googled the name on my phone and saw that Windows Recovery was a legitimate part of the Windows OS, but after further research I learned it was dropped after XP and therfore not legitimate on this machine. I have been unable to remove it. I was able to launch ESET NOD32 but if it is truly running, it is scanning the recycle bin over and over. Trying to solve the problem with a tiny smart phone screen is impossible, and the functionality of the PC is severely hampered by this virus, so I am writing from my home computer to ask for help. I do not have the registration number for ESET here but am hopeful that I can return to work next week with a solution to this problem. Please help.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    On Arpril 13 an announcement was made
    Unfortunately, Rogue malware are in the wild, every day. It is impossible for any anti virus or anti malware scanner to detect everything at a 100% detection level all the time.

    This link contains instructions as to rid of this variant.
    The instructions should be used only with the assistance of a malware expert.


    Thank you.
     
    Last edited: Apr 23, 2011
  4. fcsr37

    fcsr37 Registered Member

    Joined:
    Apr 23, 2011
    Posts:
    1
    I had the same infection; it is very tricky! I am quite disappointed that my ESET NOD32 antivirus program did not protect me from acquiring this infection, nor was it able to clean my computer, once it had become infected. I went to the link suggested in the above message (at bleepingcomputer.com) and followed their solution using malwarebytes anti-malware (free!) software. This worked. Thank you, malwarebytes!
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    While it is appreciated that you have researched, I would dispute what Lavasoft are saying (all due to Lavasoft), the information I posted within this thread is more comrehensive.

    Your efforts are appreciated, thank you.

     
  8. hcorrea

    hcorrea Registered Member

    Joined:
    May 15, 2011
    Posts:
    1
    I got hit with the "Windows 7 Recovery" virus today and I have NOD32 running on my system (version 4.2.71.2 and virus database 6124) ! It marked most of the files on the computer as hidden and started displaying fake hardware and software errors.

    I was able to "remove" it with the lavasoft instructions that @TheKid7 posted but I am wondering (1) how come this virus was not caught by NOD32 and (2) what are the guys from ESET recommending to do for the clean up process?
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
Thread Status:
Not open for further replies.