"Windows Vista Recovery" malware removal


  1. Victek
    Posts : 587
    Windows 7 x64
       New #1

    "Windows Vista Recovery" malware removal


    A customer picked up the Windows Vista Recovery virus and I could use some help with the removal procedure. I'm currently scanning with a newly created Norton Internet Security bootable CD. The scan takes a while and I don't know yet if it will fully detect and remove the problem. In case you're not familiar with it the virus blocks access to anti-malware apps, hides user data files and is active in SAFE mode. I can't find a way to get to the usual load points, such as "appdata" etc, to see find the virus EXE. I have booted with a rescue CD, but access to folders in the user profile is denied. Is there a removal FAQ for this one? TIA.
    Last edited by Victek; 17 May 2011 at 12:12.
      My Computer
    Quote Quote

  3. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #2

    See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal
      My Computer
    Quote Quote

  4. Victek
    Posts : 587
    Windows 7 x64
    Thread Starter
       New #3

    Jacee said:
    See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal
    Thanks for the reply. As it worked out the Norton Internet Security boot CD was able to find and remove the active malware (which included the TDSS rootkit). Afterward I had control of the desktop and was able to remove the remaining malware traces and undue the registry hacks in stages. In particular I found a tool called "Unhide.exe" which made the user data visible again. This was an interesting mess to unwind.
      My Computer
    Quote Quote

  6. James Colbert
    Posts : 1,127
    Win7U 64 RTM
       New #4

    Victek said:
    Jacee said:
    See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal
    Thanks for the reply. As it worked out the Norton Internet Security boot CD was able to find and remove the active malware (which included the TDSS rootkit). Afterward I had control of the desktop and was able to remove the remaining malware traces and undue the registry hacks in stages. In particular I found a tool called "Unhide.exe" which made the user data visible again. This was an interesting mess to unwind.
    Thanks for posting back, Vivtek. Those googling for solutions will find this solution. In fact, I ran across this thread in a google search for the Vista Recovery virus to clean up a neighbor's laptop. And thanks to Jacee for her usual efficiency .

    It's what makes it all work!

    James
      My Computer
    Quote Quote

 

  Related Discussions
Windows 10 Update "Removal"
in Windows Updates & Activation

Hi guys, I'm back again.. Awhile ago I got rid of all the Window 10 updates. All was well until the motherboard let go..Computer sat on the shelve for a couple of months.. Yesterday I installed a new motherboard, machine ran fine, today all I get is windows 10 updates and when I click install...
Windows 10 Update "Removal"
in Windows Updates & Activation

I for some reason just can't seem to get rid of this Windows 10.. I have removed the Icon from the Task bar, I have removed every update related to Windows 10. Yet when I ask for updates, and select the ones I want, even just one update, I then click to install, and guess what starts first this...
So... my Windows Defender gave me a warning earlier ago. It said I had an infected system file named "hosts". I already removed the file from my computer, but it can still be found on my history. Look: http://i.imgur.com/umsL5WX.png What is that malware about anyway? I know I already removed...
Title is supposed to say that it is NOT animated. I recently purchased a Dell Studio 1737 direct from Dell. Every time I turn on my laptop and log into my account, there would be a blue, animated circle cursor indicating that the laptop was just turned on and that it is working in the...
more: Microsoft: Malware can disable UAC in Windows 7 "by design"
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:27.
Find Us