236 thoughts on “Remove Data Recovery,S.M.A.R.T HDD,Repair and Check virus”

1. Hello Jan,
   You most likely have a ZeroAccess rootkit,please follow the steps from this guide: http://malwaretips.com/blogs/remove-zeroaccess-rootkit/

2. Hello lullu,
   Please follow the instructions from this article,it should remove the infection and restore your files!

3. Hola cool that you’re a Barce fan :) I was infected by the file restore virus I then got a programme on line that said it would kill it pctools spyware they told me to rename it then delete it and it has relaunched itself as hidden it stops me from using my various email accounts makes browsing very tricky and previously I tried to save my data on a usb stick and windows wouldn’t upload it’s a cyber nightmare real messy and it seems no way out of this cyber maze . I went to the registry but was uncertain of what to delete there any help at all would you be so much appreciated . I have downloaded malaware but not sure if that works either !

4. Thank you so much for the help in getting my computer files back again. I followed instructions however I cannot turn on the Firewall or access any Windows updates. I have McAfee Security on the system. I have read the comments about the fix for Windows 7 please could you let me know if there is a fix for Vista?

5. Lets see if we can fix this John.
   Please see: http://support.kaspersky.com/viruses/rescuedisk/all?page=1&qid=208286101

   Using Kaspersky Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   – userinit parameter is supposed to be C:\Windows\system32\userinit.exe,
   -shell parameter is supposed to be Explorer.exe

   Please make a note of the malware parameters and then post the malware parameters and then change the parameters to the correct.Reboot you machine.

   If still no go, using Kaspersky Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and
   HKEY_USERS\<name of the problem user>\Software\Microsoft\Windows\CurrentVersion\Run
   and post back with anythig that looks abnormal (entries with random letters or numbers…etc).

6. Thank you very much for your advice but I’m afraid it’s beaten me. I succeeded in burning kav_10 and used it to boot but when I try to prompt ‘windowsunlocker’ (via ‘Terminal’) I receive ‘Command not found’. The Scan/Update window is already there and the Update takes about 10 minutes but scan does not progress beyond 0%, takes only a few seconds, and finds nothing (it appears not to work – is the virus blocking it?). After 2 or 3 attempts the program will advance no further than the licence agreement as it will no longer allow me to accept it. My PC now will not even allow me to choose between SAFE or NORMAL mode as the very first screen stops halfway for about 3 minutes, then askes me to change the disk (it requires a CD ROM). Is this all the virus, or do I now have a hardware fault? I am a pensioner using the PC for my projects and am not at all computer literate, I was actually proud of myself for having got this far which is a testimony to your instructions.

7. Hello SMITA,
   1.Can you please follow the instructions from this guide: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=55462#pid55462
   2.Please perform the following scans:
   STEP 1: Run a scan with Emsisoft Emergency Kit.

   1. Please download the latest official version of Emsisoft Emergency Kit.
      EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
   2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
   3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
   4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.

   STEP 2: Run a scan with Eset Online Scanner.

   1. Download ESET Online Scanner utility.
      ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
   2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
   3. Check Yes, I accept the Terms of Use
   4. Click the Start button.
   5. Check Scan archives
   6. Push the Start button.
   7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
   8. When the scan completes, push Finish

8. Hello John,
   You have a ransomware virus on your computer.Please follow the instructions from this guide: http://malwaretips.com/blogs/remove-fbi-alert-moneypak-virus/

   Good luck!

9. Thank you for providing this information. I almost fell into the identity theft trap until I read your blog. And the repair instructions were perfect and easy to follow. Thanks!!!!!!

10. I have malware which has completely wiped my desktop leaving a window instructing me that my computer is locked and to pay to have it unlocked. I have tried to implement your instructions but within a couple of seconds starting in safe mode reverts to normal mode leaving me back in square one, so I cannot access the internet or anything else. How can I overcome this, can you help?

11. Thank Lord Jesus first of all a trillion times for your great brain, kind heart, mind and hardworking … Please give all glory to Him… you or me is nothing on earth… and finally thanks for your precious time for all of us here…with similar kind of issues. Before getting your site here, I had installed malwarebytes as soon as I saw all files n fldrs disappearing on my desktop. Hence had started scanning as well, before your detailed instructions. After that I removed all virus by checking all boxes in the result. next in a hurry I just tried to unhide files from folder settings, so in a sense I have recovered files on my desktop, but few issues still remain, like I cannot see system restore button in start menu, progs, accesories, sys tools. I thought of doing sys restore, since there are few changes after this virus attack. And few programme files still show that its empty, means all are not unhidden still that means. And I see a shortcut icon on desktop saying file restore, which I dont know how it came, had’nt seen it before I guess. And in your 8 steps, I have done only 1 that is installed malwarebytes and scanned my system. Is it imp for me to do other steps, if yes which I should. And as I use snaggit for official work, shortcut key to capture snagit is missing although snagit is there right now. so please hurry to answer my last question atleast since I’m in a hurry to do my official work as of now.

12. Thank you so much Stelian! I had tried to delete this leftover file a number of times and it just kept coming back but following these last instructions it has gone completely. It’s a great to know there is somewhere to come if this happens as I was ready to just buy a new computer. I have told all my friends about this site and you. Thank you again.

13. Thank you so much for this instructions!

14. Hello Anna,
    That should be just an left over file from this infection.Right click on it and select delete to get rid of it.
    NEXT,for your peace of mind, please perform the following scans:
    STEP 1: Run a scan with Emsisoft Emergency Kit.

    1. Please download the latest official version of Emsisoft Emergency Kit.
       EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
    2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip and then double click on EmergencyKitScanner.bat
    3. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC“.
    4. Select “Smart scan” and click-on the below “SCAN” button.When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects‘ button.

    STEP 2: Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

15. Hi Stelian,

    Thank you so much for this it worked wonderfully the only thing is I still have a file on my computer called data recovery which when clicked on is the S.M.A.R.T checker that came up originally with all the pop up boxes. I’ve run malware bytes and my anti virus mcafee and it says there is no risk, is this the case? I’ve also tried to uninstall it but it does not show up there. Please help, I’m scared to use my computer still.

    Thank you

16. Thank you so much. So helpful your article ! Worked for me like a charm.
    God bless you !

17. Okay – Thank you very much for your help! The Machine is 4 years old and the hard drive was replaced in May of this year. Oh well.

    Thanks again.

    Melody

18. Hello Melody,
    How old is this machine?
    Your computer is malware free,and it really seems that your computer is experiencing a hardware problem.At this point,you’ll need to bring the machine to a local shop and get the hard drive fixed.

19. Hello Jason,
    Can you please run a scan with Combofix and Complete Internet Repairso that I can get an idea on what’s going on :
    STEP 1 : Run a scan with Combofix
    Download ComboFix from one of the following locations:
    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important!: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    STEP 2: Run a scan with Complete Internet Repair utility

    1. Download Complete Internet Repair utilityto your desktop
    2. Unzip all the files to their own folder on the desktop
    3. Within the folder double click CIntRep
    4. Select the following items,then press the GO button.
    • Reset Interent Protocol (TCP/IP)
    • Repair Winsock (Reset Catalog)
    • Renew Internet Connection
    • Flush DNS Resolver Cache
    • Reset Windows Firewall Configuration
    • Reset the default hosts fie

    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

20. I followed your instructions and removed the SMART virus from my computer about 2 months ago. However, I seem to have the virus again on my computer (actually on two of my computers… grrrrrrrrrrr.) The virus seems to have changed. It is not called the SMART virus but it most of the windows look the same.

    I am unable to get connection to the internet. I did use a thumb drive to run malwarebytes. However, I cannot run hitman pro, because it asks for an internet connection. Malwarebytes is unable to remove the virus by itself. Any suggestions? Thanks! Jason

21. Sorry Stelian – my stupid computer is still starting with a black screen that says 1720 SMART hard drive detects imminent failure and the popup microsoft window that gives the option to backup or ask again later. I just keep hitting the X at the top right.

    The Malware scan took 7 hours and did not detect anything. Below are the results from the unhide process and the rogue killer did not find anything.

22. Hello Melody,
    It looks like Combofix and ESET got the hardcore part of this infection.How is your computer running?
    We still have a malicious file that we need to remove.Can you please go to c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP and delete this file?
    NEXT,while your computer is in Normal Mode,please run a scan with Malwarebytes,HitmanPro,RogueKiller and Unhide as see on the guide.

23. ComboFix 12-10-04.01 – Owner 10/04/2012 9:16.1.2 – x86 NETWORK
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2999.2470 [GMT -4:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\DFR1997.tmp
    c:\programdata\Roaming
    c:\users\Owner\Documents\~WRD3824.tmp
    c:\users\Owner\Documents\~WRL0462.tmp
    c:\users\Owner\Documents\~WRL3768.tmp
    c:\users\Owner\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
    .

24. Hello Melody,
    Please delete any copy of Combofix that you have and then download an updated version and try to run a scan while in Safe Mode with Networking.
    Next,please run the ESET Scan.

25. Sorry if this is a repeat reply – I had to change computers as the one in question is not acting right ( : The combo fix stayed on a blue screen and basically said it should only take 10 minutes but maybe longer if it is badly infected. Then it said ‘HANDLE’ is not recognized as an internal or external operable program or batch file.
    It stayed on that screen for hours until I finally shut it down.

    I did not run ESET scanner because I am unsure if it is safe.

    Is it safe to run the ESET scanner?

    Thank you.

    Melody

26. Yes,you can do this scans while your computer is in Normal mode.And yes,you can re-name it and then copy this file on your desktop.
    Good luck!

27. Thank you!!!

    Two questions before I start should I do these scans in normal modes and when I download something it goes directly to download folder and does not let me rename until it is downloaded – can I rename there and then put on desktop?

    Thank U Thank u Thank u!!!!

28. Lets fix your computer.Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
    STEP 1 : Run a scan with Combofix
    Download ComboFix from one of the following locations:
    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)
    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
    Waiting for your reply to tell me if your machine is ok and the logs.

29. Stelian

    Thank you so much for your quick response! I followed all of the steps mentioned in the first part before the replies start and I am still getting the black screen at startup and the window is still popping up. Is there something else I should try? The popup does look different than your examples at the top of the page. I didn’t try anything else mentioned throughout the replies as I am unsure what exactly I should try.

    Thank you so very much

30. Hello Scott,
    No need for money,just stay safe from now on!!
    Have an awesome life!:D

31. Hello Melody,
    It’s not a hardware issue, this is how this virus behaves.You need to follow the guide from this page.
    If you’ll have any problems ,you can just reply here and I’ll help you!
    Good luck!

32. Stelian

    My hp laptop seams to have this or a similar virus. When I turn it on it goes to a black screen and says: 1720 SMART hard drive detects imminent failure failing attribute 5 – I hit f1 to continue and then I get popup windows title bar Microsoft windows and it states windows detected a hard disk problem – back up your files immediately and contact the computer manufacturer. Then it has two boxes to click start the backup process or ask me again later.

    Is this a virus or a hard drive issue? The hard drive was replaced in May of this year.

    Thanks in advance for any advice and/or help.

    Melody

33. Hello Stelian, You saved My Bacon. I have executed all steps. I have a dual boot system. Both drives were compromised. (A.) Drive Start Menu shows folders with prog. names. When clicked on programs do not run. When right clicked folders show as empty. (B.) Drive Start Menu show programs as icons with name of prog. left sigle click opens prog. right click will not expose sub folders. What is to be done next ? Once again you Rock. I wil be donating as well as liking you and singing your praises .

34. Wow : I`ve been working at a distance w/my Tech. He suggested a search which turned up _U_ YOU ROCK ! Detailed accurate easy to follow advice. I am on IT at this moment. It is looking less bleak thanks to you.

35. Hello,
    Did you go into Safe Mode with Networking as seen in Step 1 of this guide?

36. I had all these same things pop up as you have stated thru the article but when I start my computer I get nothing but a black screen with a blinking cursor!!! I can press F2 for system setup but that is all if i try & do anything else it says keyboard failure!! Please HELP!!!!

37. Excellent instructions. You are fantastic. Thank you!

38. Hello Jerry,
    Did you follow the instructions from the article?

39. Hello Kath,
    If everything is working,then you can delete those two files.
    Stay safe!

40. I can’t thank you enough! I followed step-by-step and was able to get things back to normal. I still have a folder for smtmp and File_Recovery_License that were part of the recovery process- the file for my hidden folders and the file the creepy fake SMART program gave me when I used your code to get the process started- I put them in my recycle bin, but do I need them? Can I just permanently delete them now that my files and folders are restored? Thanks again!

41. Hi, got this STRANGE problem, according to SMART my disk has run for over 47 YEARS! I think this may be an indication that my SMART data is bad, it also has triggered the disk failure feature on the SMART HD so every time I boot, I get the DISK FAILURE SOON please backup. This hard drive came in an Ebay purchased laptop and the seller said it was a NEW drive when he installed it, however he had NEVER been able to get an OS on the laptop because it has a SATA drive and he couldn’t figure out how to boot it, I simply hooked up a USB floppy and installed the driver, however the HD immediately gave me that error. I have been using it for an external in one of those cheap carriers, however I decided to replace my regular HD with this one to try out Windows 8. Still every boot I get your hard drive is failing. I tried to turn off SMART in BIOS but it seems DELL doesn’t allow such things. I have used another program to turn it off after boot but I still get the error on booting. I am almost sure the disk is OK, it boots very quickly and I have never had any trouble except the smart warning, and I am well aware that this drive never existed 47 years ago.

42. Hello Melanie,
    Lets work in Normal Mode then:
    STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

    1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
    2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
    3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
    4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
    5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
    6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
    7. Upon completion of the scan, if anything has been detected, click on Show Result
    8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
    9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3 Please perform a scan with HitmanPro as seen on the guide.
    If you are having problems starting this program please use the ForceBreach mode as described in the guide.

    ---

    STEP 4: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Waiting for your reply to tell me how everything is running!
    Good luck…

43. Hello Carlota,
    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Additional notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next, download Windows Repair All In One and install this utility.
    Go to the Startup Repairs tab and click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.

    1. Click Unselect All
    2. Put a checkmark in the following items:
       • Repair Hosts File
       • Remove Temp Files
       • Repair Windows Firewall
       • Remove Policies Set By Infections
       • Set Window Services To Default Startup

       Note: Leave everything else unchecked

    3. Put a checkmark in Restart System When Finished
    4. Now click the Start button (bottom right)

44. Hello, I went through all your steps and they were amazing, solved my problem right away. I have however only one issue left. Internet works 10 times slower after my virus and skype doesnt work. Starts signing in and then sais it has an error and closes down. Ive trying uninstalling and installing again but it doesnt work. Any clues what might be happening?

    thanks again

45. Yup I have it to but I think my case is worse! I started gatting attacked with all these pop ups. I can get to safemode with networking however after that my screen remains black and I get the following:
    Detecting primary master: Maxtor 4g120J6
    Detecting primary slave: none
    Detecting secondary master: CR-48x97e
    detecting secondary slave: hl-dt-stdvd-rom GDR8160b
    SMART Failure Predicted on Primary Master: Maxtor 4g120J6
    Warning (this is flashing): Immediatley back up your data and replace your hard disk. A failure may be imminent

    It then Tell me to press F2 to continue, or F1 to enter set up

    F2 just reboots my computer
    F1 brings to the BIOS utility

    I do not see anything wrong in bios but I am no expert. Can you help? This is an old CPU but still have items on their I hate to loose.

46. Hello Frank,
    Can you please follow the steps from this post: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=55462#pid55462

47. Thank you very very very much.

48. Hi, Stelian,

    Many thanks a lot for your prompt reply. My labtop is using Norton360, when it was infected. I checked by Norton, I am not sure whether something is cleared, it only reminded me some malious file to fix.

    I have checked your old answers to Bernie Mack who has similar problem, indeed I found in the user->myname->Appda->local->temp->smtmp folds, there are only two folds named “1” and “4”, there is no “2” or”3″. As you advised, I copy the content of fold “4” to the right location, I recover the destkop icons. But, when I copy and paste the content of “1” fold into the right location: ProgramData->Microsoft->Windows->StartMenu, it still does NOT work (all the programs in the start menu are empty). If I copy the whole fold “1” (including the content) to the StartMenu fold, then in the start menu, I got a “1” fold, in the Program Fold in “1” fold, the programs are not empty and could be linked. I could not understand why I copy only the content under the start menu fold, it does NOT work.
    Thanks in advance really
    cheers
    frank

49. Hello Frank,
    Did you run any cleaning tools while you were infected???

50. Thanks so much for superb step by step instruction. Very easy to follow and the best thing is working 100%. Everything working and back as normal. Thanks for your help. God Bless You.

51. Thank you for good instruction.I get this virus and get rid of it without any problem.You are the man.

52. Great step-by-step information. Caveman can do it !!

53. Hello Carl,
    While in Normal Mode , can you connect to the Internet?
    IF yes,please follow this steps:
    STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:

    1. Download Malwarebytes Chameleon from here and extract it to a folder in a convenient location
    2. Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.
    3. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window Note: Do not attempt to open mbam-killer as that is not a Chameleon executable and serves a different purpose)
    4. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you
    5. Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successful
    6. Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
    7. Upon completion of the scan, if anything has been detected, click on Show Result
    8. Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
    9. After your computer restarts, open Malwarebytes Anti-Malware and perform a Full System scan to verify that there are no remaining threats

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3 Please perform a scan with HitmanPro as seen on the guide.
    If you are having problems starting this program please use the ForceBreach mode as described in the guide.

    ---

    STEP 4: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Waiting for your reply to tell me how everything is running!
    Good luck…

54. Thank you SO much…worked like a charm…

55. Like the August 5 and July 19 posts, my computer (running XP) will not connect to the internet in safe mode. I followed the suggestions (using a usb stick), but they don’t seem to work. ComboFix (renamed) starts to produce a log, then freezes. Hitman Pro immediately says it has suspended 2 files, but then continually tries to update on the internet (no matter what the settings are). Rkill also says it has suspended some files, but doesn’t seem to affect anything else. Just for completeness, I also tried Kaspersky (continuously said there was an error requiring reboot), Malwarebytes (runs with 70 day old definitions, but there’s no way to get updates using a usb), ESET (requires internet), and Emisisoft (quarantined 2 files, but no way to update on usb). All these were tried in both normal and safe modes. Links to any log files are lost on every reboot, and I would lose too much data on a reformat. What’s the next logical step?

56. Hello Mike,
    Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with RogueKiller

    1. Please download the latest official version of RogueKiller.
       RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
    2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
    3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.

    ---

    STEP 3: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next,please run HitmanPro and Malwarebytes as seen on the guide.
    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

57. I am glad I found your website. I have followed all of your steps above and, I think I have removed all of the malware but now when I boot up. My desktop starts to load but after a while it shuts down giving me the fatal error blue screen then reboots. If left alone it will do this endlessly. Can you help me out? How can I fix this?

58. One of our work computers got hit by this Data Recovery Malware and your blog was an absolute lifesaver. Thank you for your wealth of knowledge and the ease of use for getting rid of this pest.

59. Hello Will,
    Is this your personal computer or a machine from work??Please note that HitmanPro doesn’t allow removal for the corporate computers….
    Hello Hayley,
    Did you run the registryfix.reg file??
    Can you please run a scan with Combofix and ESET online scanner and post the logs here :

    STEP 1 : Run a scan with Combofix

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    ---

    STEP 2: Run a scan with ESET Online Scanner:

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push Finish

    Next,please run RogueKiller,Unhide uility and Malwarebytes as seen on the guide.
    Waiting for your reply to tell me if your machine is ok and the logs from this utilities.

60. Hi
    The Hitman Trial is not showing up. I was wondering if it was taken down? Thanks.

61. My, my, easy as pie. Thanks a stack, this really helped.

62. Thank you so much Stelian!!

63. thanks! wish i would have found this before igto so bad. thanks for your help

64. Heelo Steve,
    If you format your PC then the virus will be gone…. :)

65. Hi Stelian,
    I tried but it has now moved to constantly auto re-booting. It just loops no matter what I do. I just found the original recovery disks and my question is if the disks are able to perform the recovery, will the virus still be there or will it be removed during the recovery process?

66. Hello Steve,
    Get a USB stick and copy on it Combofix, then transfer it to the infected computer and perform the following steps:
    Please read and follow all the steps very carefully.

    Download ComboFix from one of the following locations:

    COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
    COMBOFIX DOWNLOAD LINK #2  (This link will automatically download Combofix on your computer)

    VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      ———————————————————–
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection beforeperforming a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.
        ———————————————————–
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

      ———————————————————–

     

    1. Double click on ComboFix.exe & follow the prompts.
    2. Accept the disclaimer and allow to update if it asks
    3. When finished, it shall produce a log for you.

    Notes:

    1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
    2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
    3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

    Next, please post the log back here and let me know how things are running.

67. Hi, i got the smart hdd and cannot even get to the internet in safe mode. everything is missing and i no longer get the messages to be able to input the the code to bypass. is there anything that can be done since i cant even connect to the internet at all?

68. YOU Rock! Thanks :)

69. Thank you, thank you, thank you!
    Only issue was not being able to boot into safe mode with with F8 on my Dell Studio running Win7.
    Instead I ran msconfig and chose it that way.
    I was a bit nervous at downloading all the software you indicated,
    Went through CNET downloads when I could and then took the leap of faith..
    And now all back to normal, what a relief!!
    Thank you soooo much.

70. Hello,
    Combofix is a very powerful tool which is always updated so you need to download a fresh copy every time you need it….. :D

71. Thanks a million billion times. Your advice is truly priceless. Last question and this is just out of curiosity. When I had a problem like this before I used ComboFix and it worked like magic. This time I panicked so hard I forgot it was already on my hard drive and didn’t try to use it. I was wondering would it have been capable or have this virus evolved beyond what ComboFix can do?

72. Hello,
    Hitman,Malwarebytes and the other tools that we’ve used are only on-demand scanners (tools that you can use to regularly scan your computer, which aren’t running real time)
    Regarding Clamwin , Avast is way better than this product so my advise would be to stick with it.

    Stay safe!

73. Thanks for the information. I followed the directions to the letter. But there were only 2 folders in that directory. # 1 and # 4. And those directories and subfolders everything was empty. I suspect the unhide program may have done the trick. So I deleted all the pinned shortcuts where they are normally stored and pinned them back manually. Considering everything you have done for me and all the other people on this site it was the least I can do. Felt like I was being a bit lazy.

    Im going to run the Kaspersky, ESET and unhide hidden files apps you recommended to be on the safe side. I already download AVAST so I should be good to go. Interestingly enough I had Clamwin Installed and it didn’t catch this virus. So I was wondering how much better will Avast be and do I need to keep all the Avast, Hitman, Malwarebytes, Kaspersky, etc running simultaneously or would Avast be good enough?
    Even with 16Gig of RAM and and 965BE I’m a stickler for resources (70 processes running at startup now!!!)

    Will let you know if the other software found some leftover after the fact

74. Thank you!!!!!!! IT WORKED GREAT!!!THANK YOU!!!!!!!!!!!!!!!!

75. Hello,
    This rogue software has moved your shorcuts in a folder in the Temporary Internet files called smtmp, so now we will need to copy them back to their original locations.

    • Windows 7 and Vista users can find the smtmp folder in C:\Users\[Your Username]\AppData\Local\Temp
    • Windows XP users can find smtmp folder the in : C:\DOCUMENTS AND SETTINGS\[Your Username]\LOCAL SETTINGS\Temp

    

    The smtmp folder will contain 4 folders and you’ll need to copy the content of this folders back to their original locations.

    • Copy the content from %Temp%\smtmp\1\ to:
      Windows XP: C:\Documents and Settings\All Users\Start Menu
      Windows Vista and Windows 7: C:\ProgramData\Microsoft\Windows\Start Menu
    • Copy the content from %Temp%\smtmp\2\ to:
      Windows XP: C:\Documents and Settings\[your username]\Application Data\Microsoft\Internet Explorer\Quick Launch\
      Windows Vista and Windows 7: C:\Users\[your username]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
    • Copy the content from %Temp%\smtmp\3\ to:
      Windows XP: It does not exist on Windows  XP.
      Windows Vista and Windows 7 C:\Users\[your username]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
    • Copy the content from %Temp%\smtmp\4\ to:
      Windows XP : C:\Documents and Settings\All Users\Desktop
      Windows Vista and Windows 7: C:\Users\Public\Desktop

    Next,please run Unhide Non System Files

76. I’m not too sure what planet your from… but wherever it is i wanna live there!!!! Your thread is EXCELLENT, clear, concise, step by step with pics with explanations and at the end of the day it works. I went into such a panic thinking i was going to loose my data and then everything looked suspicious. Thanks for helping and being very very generous with your knowledge base. As soon as I ran Unhide and the Rogue utility everything was fine.

    However, I did notice two things. (1) my desktop had a shortcut pointing to the original exe file which i deleted anyway and (2) my pinned programs never came back. Should i be concerned about the shortcut for the virus exe showing up on the desktop after everything was done? And is there a way to recall the missing pinned programs?

77. You just saved my hide…last week of the semester. Now time to set backup and restore points! Thank you!

78. Hello,
    Lets try do this another way.Please follow the below steps…

    STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
    1.Here are the direct download links for HitmanPro,
    – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
    – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
    2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
    Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
    3. Let HitmanPro scan and remove the detected infections.

    STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
    1.Download any re-named version of Rkill (direct download links bellow):
    RKILL DOWNLOAD LINK #1
    RKILL DOWNLOAD LINK #2
    RKILL DOWNLOAD LINK #3
    2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide

    ---

    STEP 3. Run a scan with ESET Online Scanner

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push List of found threats
    9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
    10. Push the back button.
    11. Push Finish

    Waiting for your reply to tell me how everything is working.. :) Good luck!

79. I have booted into the safe mode with networking and my problem is I use Verizon’s usb modem for wifi. It will not connect while in the safe mode. I tried to remove Hdd while online and it seems to have hijacked any site that has anything to do with removal. I downloaded rkill from my my desktop computer and applied it to my laptop and waited. Saw a couple of blank screens but no report came up . Is there a way to download those programs to my flash drive and using them from my flash drive to my laptop?

80. Hi…I am from India and i really scared when my system got SMART stupid issue..but thanks a lot for providing detailed steps…after following all the steps my ssystem is up and working fine nw…thanks dude

81. Tears of joy. My computer is back the way it was. Thank you so much for easy to follow instructions. What a life saver.

82. Thanks a ton, for the detailed and step by step instructions…!!!! Awesome!!!

83. I am using windows 7 and local group policy editor displays: MMC could not create the snap-in

84. Lets try this:

    Open the Start Menu and enter gpedit.msc into the Search box and hit Enter.

    

    When Local Group Policy Editor opens, navigate to User Configuration \ Administrative Templates \ Control Panel \ Personalization. Then in the right column double-click onPrevent changing desktop background.

    

    Now check the radio button next to Disable, then click OK.

85. Have tried above, background still missing and notes left by repair windows says it failed :(

86. Stelian:
    Using to the info you have posted I was able to get back my pc!!!

    Thank you very much !
    Davide

87. Hello,
    Try this :

    Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

    1. Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com – Windows Repair folder to your desktop.
    2. Now open this folder and double-click Repair_Windows.exe.
    3. Click the Start Repairs tab on the far right.
    4. Click the Start button (bottom right)
       Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
    5. Click Unselect All
    6. Put a checkmark in the following items:

       • Reset Registry Permissions
       • Remove Policies Set By Infections

       Note: Leave everything else unchecked

    7. Put a checkmark in Restart System When Finished
    8. Now click the Start button (bottom right)

88. Hi there! I have managed to et the virus off completely except one small thing.. My background won’t change from black, I have run unhide 3 times and all my programs and icons are back but I can’t change my background! Please help! I have also done the tweaking

89. Hello Vicki,

    1. Right click on your Windows Start menu and select Properties.
       
    2. Next put a check mark on
       Store and display recently opened programs in the start menu
       Store and display recently opened items in the start menu and taskbar
       
    3. Click on Customize and click on Use default settings at the bottom
       
    4. Browse to
       Code:

       C:\ProgramData\Microsoft\Windows

       

    5. Right click on Start Menu folder and click on Restore previous versions
    6. Now select a snapshot before you were infected by the rogue,click on restore

90. Thank you so very much for you post. The smart check virus is gone. I finally have my computer back. But I still have missing icons and when I click on the windows button to open all programs my microsoft office, itunes and quick books are all empty. I ran the Roggue Killer shortcut fix. Did I do something wrong. Thank you for your help.

91. Sure am glad I found you. That did the trick.

92. Good to head that Phil,
    Can you please run this utility:

    Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

    1. Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com – Windows Repair folder to your desktop.
    2. Now open this folder and double-click Repair_Windows.exe.
    3. Click the Start Repairs tab on the far right.
    4. Click the Start button (bottom right)
       Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
    5. Click Unselect All
    6. Put a checkmark in the following items:
       • Repair Windows Firewall
       • Repair Hosts File
       • Repair Temp Files
       • Remove Policies Set By Infections
       • Set Windows Services To Default Startup

       Note: Leave everything else unchecked

    7. Put a checkmark in Restart System When Finished
    8. Now click the Start button (bottom right)

93. Wow! That seems to fix everything. You’re as lifesaver! One problem remains that I hope you can help me with. It won’t let me turn on the Windows firewall. Any ideas? Thanks.

94. okay, I actually think it’s completely gone now, thank you.

95. OK,lets make some further check-ups:
    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
    10. Click Detected threats on the left
    11. Now click the Save button, and save it as kaslog.txt to your Desktop
    12. Please copy and paste the contents of kaslog.txt in your next reply.

    ---

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push List of found threats
    9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
    10. Push the back button.
    11. Push Finish

    Waiting for your reply to tell me how everything is working.. :)Good luck!

96. OK,lets make some further check-ups:
    1.Run a scan with Kaspersky Virus Removal Tool
    Click here to download the Kaspersky Virus Removal Tool.

    1. Save it to your desktop.
    2. Double click the setup file to run it.
    3. Follow the onscreen prompts until it is installed
    4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
       • System Memory
       • Hidden startup objects
       • Disk boot sectors
       • Local Disk (C:)
       • Also any other drives (Removable that you may have)
    5. Then click on Actions on the left hand side
    6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
    7. Click on Automatic Scan
    8. Now click the Start Scanning button, to run the scan
    9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
    10. Click Detected threats on the left
    11. Now click the Save button, and save it as kaslog.txt to your Desktop
    12. Please copy and paste the contents of kaslog.txt in your next reply.

    ---

    2.Run a scan with Eset Online Scanner.

    1. Download ESET Online Scanner utility.
       ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
    2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
    3. Check Yes, I accept the Terms of Use
    4. Click the Start button.
    5. Check Scan archives
    6. Push the Start button.
    7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    8. When the scan completes, push List of found threats
    9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
    10. Push the back button.
    11. Push Finish

    Waiting for your reply to tell me how everything is working.. :) Good luck!

97. I have followed your instructions to the letter, yet the virus will not go away. I’ve followed guides from a million different websites and no matter what I do, the virus is still here. Is there anything else I can do?

98. oops, I made my comment as a reply. Let me try again. I have followed the steps through using Hitman Pro, rebooted as instructed but still have the virus. What do I do now?

99. Thanks a million! Your thorough step-by-step illustrations have saved a student’s endless hours’ assignments. You ROCK!

100. I finally got it working, I’m not sure exactly what did it but things are running fine. I can’t thank you enough for all your help, I was ready to send it in to get it reimaged but you saved me from the hassle. If you lived closer would definitely take you out to celebrate. Thanks a million!

101. Yes,if Normal Mode is very slow then yes…

102. Is it ok if I run it in safe mode?

103. Can you please remove McAfee and see if this will fix the problem?I would also suggest to replace this antivirus with Avast 7 Free.
     Try to run the “sfc /scannow” command even without the CD….

104. I don’t have the windows installation CD since this is a work laptop. I have McAfee installed.

105. Lets try to run a “scf /scannow” command – guide here: http://malwaretips.com/Thread-How-to-repair-corrupted-and-damaged-system-files-in-Windows-7-and-Vista . Make sure you insert you Windows Instalation CD before running the command.
     What antivirus protection are you using?

106. When I ran the defrag command nothing happened I got the c prompt back right away. The chkdsk came up when I restarted but also went away very quickly and I still have the same problems when I boot up in normal mode. Thanks for all your help so far. I’m wondering if I’m going to have to reformat my hard drive, nothing seems to be working, I was really hoping to avoid that.

107. Thanks for putting this info out there, I picked this virus up and these steps cleaned it all up perfectly, only thing different I did was run the tweaking.com file for the unhide files portion, the one above didn’t seem to be doing anything for me, but all is a go again, thanks!

108. Ok..lets do a check:

     Lets proceed as follows shall we…

     StartUpLite:

     Please download this small application from here.

     It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

     ---

     Hard-Drive Maintenance/Repair:

     Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

     Click on Start >> Run and type cleanmgr in the box and press OK.

     • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
     • You can choose to check other boxes if you wish but they are not required.
     • Click on OK then Yes.

     Next:

     • Click Start >> Run… then type in CMD and click on OK.
     • At the Command Prompt C:\ > type the following:
     • CD C:\ and hit the Enter/Return key.
     • Now type in DEFRAG C: -F
     • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
     • This may take some time, when completed the Command Promtp C:\ > will appear.
     • Now type in CHKDSK C: /R and hit the Enter/Return key.
     • When prompted with:

     CHKDSK cannot run because the volume is in use by another process
     Would you like to schedule this volume to be checked next time the system
     restarts (Y/N)

     • Hit the Y key then at the Command Prompt C:\ >
     • Type in EXIT and and hit the Enter/Return key.
     • Now Reboot(Restart) your computer.

     Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

     You should see a screen like this just after the Post(power on self test) screen:

     

     Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

109. I ran the Kaspersky tool and this is the log from it.

     Status: Deleted (events: 32)
     7/10/2012 10:05:49 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeSysDef.adv C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{5612F253-17AE-41DE-A00A-3A2C44C7EF17}_ENC2 High High
     I also ran the ESET utility but it didn’t find anything.
     After that I rebotted in normal mode and the same problem everything is super slow, I can’t do anything. What do I know now?

110. OK,lets make some further check-ups:
     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

111. OK,lets make some further check-ups:
     –
     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     ---

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

112. I think the problem is with the rkill, I don’t think it’s working for me, I keep getting messages saying installation failed. I tried downloading the other versions of rkill and it does the same thing. In normal mode everything is super slow, what can I run in safe mode to stop the processes.

113. I followed all the steps but once I booted in normal mode I could see the icons and files but things were still not working and it was super slow. So I followed your steps and ran hitmanpro in force breech and ran ikill which ran but gave me some messages saying installed failed. I tried to run it several times. Now I’m running malware scan but it taking forever, its been going for over 3 hours so I’m not sure if it’s working or if I need to do something else, please help.

114. I think I MAY have finally removed the virus, but there is still a problem! I followed this guide step by step, and at first I didn’t think anything was working at all until FINALLY HitmanPro popped up saying there was a malicious file that it found, that for some reason didn’t delete when it scanned initially. Anyway, HitmanPro deleted this malicious file and rebooted the computer, and after it rebooted, for this first time none of the Data Recovery windows popped up, nor any of its fake alert messages. After that I downloaded Unhide.exe, which worked perfectly. Then I downloaded RogueKiller which also worked and even brought my desktop background back. But now I’m worried because even though everything else seems fine- the Data Recovery shortcut is still on my desktop for some reason. Nothing from Data Recovery pops up anymore, but the fact that the icon is still on my desktop worries me. Any help or explanation for this would be greatly appreciated.

115. It should be able to detect a infected file even if it’s Normal Mode…. If you don’t scan your PC , the screen looks ok in Normal Mode?

116. Both Remove found threats and Scan archives should be checked :)

117. I’m now into running a scan with ESET online Scanner but shall both (Remove found threats and Scan archives) settings be checked or just Scan archives?

118. Hopefully, I got that right Lol The only thing is that the content of kaslog.txt is in German but I hope you don’t mind.

     Status: Desinfiziert (Ereignisse: 5)
     10.07.2012 13:34:36 Desinfiziert Trojanisches Programm Exploit.Java.CVE-2012-0507.kf C:\Documents and Settings\samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\63f34b9-665d3ea6 Hoch
     10.07.2012 13:34:36 Desinfiziert Trojanisches Programm Exploit.Java.CVE-2012-0507.kf C:\Documents and Settings\samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\63f34b9-665d3ea6/l_t_a/l_t_c.class Hoch
     10.07.2012 19:02:23 Desinfiziert Trojanisches Programm Exploit.Java.CVE-2012-0507.kf D:\SAMSUNG-PC\Backup Set 2012-01-08 190000\Backup Files 2012-07-08 190001\Backup files 2.zip Hoch
     10.07.2012 19:02:23 Desinfiziert Trojanisches Programm Exploit.Java.CVE-2012-0507.kf D:\SAMSUNG-PC\Backup Set 2012-01-08 190000\Backup Files 2012-07-08 190001\Backup files 2.zip/C\Users\samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\63f34b9-665d3ea6 Hoch
     10.07.2012 19:01:14 Desinfiziert Trojanisches Programm Exploit.Java.CVE-2012-0507.kf D:\SAMSUNG-PC\Backup Set 2012-01-08 190000\Backup Files 2012-07-08 190001\Backup files 2.zip/C\Users\samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\63f34b9-665d3ea6/l_t_a/l_t_c.class Hoch

119. Hello Stelian,

     First thanks very much for your gracious efforts here with your blog. I know you’ve saved many people quite a bit of misery. You’ve done so at great expense of your personal time. My appreciation.

     I ran everything suggested in the guide, but I ran it in safe mode. For some reason when I try to run Malwarebytes in normal mode, it causes my screen to get crazy (the screen gets jittery and unreadable. I wish I could describe it better) and the only thing I can do is a hard restart to get it back to normal (while in normal mode)
     While in safe mode, my screen is normal, and I have run all the virus checkers you mentioned. It picked up a great many things..all deleted now but for some reason while in normal mode the system will not let me adjust my screen settings back to 1024 x 768, or to a bit depth greater than 4.

     Would the virus checkers I ran in safe mode not be able to detect something that is affecting my system in normal mode?

     Thank You

120. Great writeup. All of the other sites that I tried on this virus lead me down the wrong path. Thanks for the screen shots and the links to the software that we needed. You are a true professional (and very patient).

121. RKILL is killing any process that aren’t need it in memory while we are performing the malware removal process….You don’t need to worry because this program didn’t uninstall/remove any files. :)

122. Lets try first to remove the malicious files and then we will see how we can fix the video problem…..
     Did you run the HitmanPro (in ForceBreach mode) scan? Did you run the Rkill and Malwarebytes scan?

123. Lets double check to see if everything is OK.
     1.Run a scan with Kaspersky Virus Removal Tool
     Click here to download the Kaspersky Virus Removal Tool.

     1. Save it to your desktop.
     2. Double click the setup file to run it.
     3. Follow the onscreen prompts until it is installed
     4. Click the Options button (the ‘Gear’ icon), then make sure only the following are ticked:
        • System Memory
        • Hidden startup objects
        • Disk boot sectors
        • Local Disk (C:)
        • Also any other drives (Removable that you may have)
     5. Then click on Actions on the left hand side
     6. Click Select Action, then make sure both Disinfect and Delete if disinfection fails are ticked
     7. Click on Automatic Scan
     8. Now click the Start Scanning button, to run the scan
     9. After the scan is complete, click the reports button (‘Paper icon’, next to the ‘cog’ icon) on the right hand side
     10. Click Detected threats on the left
     11. Now click the Save button, and save it as kaslog.txt to your Desktop
     12. Please copy and paste the contents of kaslog.txt in your next reply.

     2.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

124. Sorry, forgot to mention that I ran RKill before running the viruschecker and it said this:

     Processes terminated by Rkill or while it was running:
     C:\PROGRA~1\MICROS~4\rapimgr.exe

     Isn’t that just the Microsoft ActiveSync Module?

125. Thank you for the help. I can boot into safe mode and do this but I can’t do this in normal mode. My video gets all crazy after about 20 minutes and I have to reset. Also, my normal video is to corrupt and the graphics of the program you recommended cannot be accessed (the buttons are scrolling off the edge of the program..definitely not programmed for such a low resolution).

     I’m wondering if I should just download and re-install my video drivers? I managed to scan the system fully with the viruscheckers you recommended, but it was in safe mode. The video is fine in safe mode for some reason.

126. I did it! I spent the whole night long and finally did it :D Thank you! I really appreciate it.
     But I’ve still got one question, the file Data Recovery is still on my desktop just next to the Start button. I once deleted it because I thought it might be nothing good but it appeared again in a few minutes. Is that normal?

127. Hello,
     It means that you have a really infected computer!:)

     STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove all the detected threats.

     Step 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
     1.Download any re-named version of Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     2.Next,please follow the guide starting with the Malwarebytes scan.
     Let me know , how everything goes.

128. I have a problem! I followed this guide step by step but when I ran Malearebytes’ Anti Malware it caused my laptop to crash after like 20 min. What does that mean now?
     Any help you can offer would be greatly appreciated.

129. Hello,
     Please follow the below steps:
     1.Run a scan with Eset Online Scanner.

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push Finish

     2.Download Windows Repair by Tweaking.com to your desktop.  Use the direct download link for the Portable version of Windows Repair by Tweaking.com

     1. Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com – Windows Repair folder to your desktop.
     2. Now open this folder and double-click Repair_Windows.exe.
     3. Click the Start Repairs tab on the far right.
     4. Click the Start button (bottom right)
        Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
     5. Click Unselect All
     6. Put a checkmark in the following items:
        • Repair Windows Firewall
        • Repair Hosts File
        • Repair Temp Files
        • Remove Policies Set By Infections
        • Set Windows Services To Default Startup

        Note: Leave everything else unchecked

     7. Put a checkmark in Restart System When Finished
     8. Now click the Start button (bottom right)

130. Instructions worked great!

131. Forgot to mention changing the display settings via control panel doesn’t work.

132. Hello, I followed this guide but my display is stuck on 640 x 480, in 4 bit color…help!

133. Thank you!! This helped me so much and I was struggling for hours! =)

134. multumesc foarte mult !

135. You are a lifesaver!!! Followed instructions and my laptop is back to normal. The only issue is the Data Recovery icon is still in my quick start menu. Thanks!

136. It depends … you can read this article to have an answer to your question: http://malwaretips.com/blogs/from-where-did-my-pc-got-infected/

137. How Does Smat Repair Virus removal Get into the computer in the first place?

138. Shawn, have you resolved the problem? Because I’m in the same case..

139. Hello,
     Can you please re-scan with Malwarebytes?
     Next,scan with Emsisoft Anti-Malware.

     1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
     2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

140. Mr Pilici, please help! I have followed this blog to the letter , step by step, and the virus wont go away. I removed infected items in malwarebytes, then. In hitmanpro, and upon resetting when it asks me too during the scanning process, it resets with the virus still in place doing the same thing. I also read in your comments to try eset online scanner and that didnt work either! What am i doing wrong? Youve helped out many people alrdy and hopefully you can do the same for me… thank you in advance!

141. Thank you!! Thank you!! THANK YOU!!! My laptop was infected slightly more than 36 hours ago, and I’ve been fighting the malware for the same number of hours. I’ve read other tutorials, watched countless youtube videos, and nothing worked, until I FOLLOWED YOUR INSTRUCTIONS. You are a lifesaver. And I would like to add that I’m running on Windows Vista, so for anyone who has the same malware attack to their Windows Vista, please follow these instructions closely, because they really work. Don’t waste time looking at youtube videos, especially when you’re very iffy about working on safe mode. I’m so, so thankful that I found your site. Thank you so much, once again!

142. Did you run the HitmanPro scan?
     Please Please run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. Push Finish when the scan has completed.

143. Bedankt,

     Je bent goed bezig, ga zo door. Kost een paar uur werk en een fles wijn maar alles werkt weer.

     Thanks,

     Continu with what you are doing. It cost some time and a bottle of wine but everything works again. Greetings from the Netherlands.

144. WhenI ran Rkill i got a log saying that it terminated nothing i ran it multiple times with the same results i then ran malwarebytes and it didnt detect any malicious software how do i go about getting rid of this smart recovery virus when it cant find it?

145. this solved all my problems. YOUR AWESOME!!!!!!!!!

146. Salut,
     Ai grija in viitor!;D

147. Salut Stelian,

     Ca si ceilalti care au comentat aici, as vrea sa iti multumesc foarte mult pentru frumosul mod de a eradica acest urat virus. Aseara mi-a paralizat tot si ma gandeam cum o sa lucrez astazi, avand in vedere ca 90 % din jobul meu este pe PC.

     Efectiv m-ai salvat.

     Sper sa ti se intoarca inzecit acest gest.

     Multumesc inca o data. Toate cele bune,

     C.

148. thank you so much, this has got rid the virus – you clever thing!!

149. Did remove all the infected objects by the recommended software?
     Please run a scan with ESET Online Scanner

     1. Download ESET Online Scanner utility.
        ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
     2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
     3. Check Yes, I accept the Terms of Use
     4. Click the Start button.
     5. Check Scan archives
     6. Push the Start button.
     7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
     8. When the scan completes, push List of found threats
     9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Note – when ESET doesn’t find any threats, no report will be created.
     10. Push the back button.
     11. Push Finish

     Next,please run Unhide.exe again!

150. OPTION 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove all the detected threats.
     VERY IMPORTANT!: When HitmanPro will detect the infections, make sure that they aren’t false possitive or compromised critical system files before removing them!I’m saying this because usually when you can’t connect to the internet while in Safe Mode with Networking could mean that you have other infections besides this Smart HDD Rogue.
     4.Run Rkill and then a scan with Malwarebytes.

     OPTION 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes.!
     1.Download any re-named version of Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     2.Next,please perform a scan with Malwarebytes as seen on the guide and then a scan with HitmanPro.

     Let me know , how everything goes

151. Thank you!! God bless u

152. Hi, my laptop freezes in safe mode after mup.sys so I cannot continue with your procedure. Help,

153. I tried to run the unhide program, and as it was running it highjacked my desktop, which now reads “Rocky2 Jackman Rev. 003” How did this come about from your link? I need help, because instead of unhiding anything, it seems I have lost everything! Thanks for anything you can do

154. OPTION 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. Let HitmanPro scan and remove all the detected threats.
     VERY IMPORTANT!: When HitmanPro will detect the infections, make sure that they aren’t false possitive or compromised critical system files before removing them!I’m saying this because usually when you can’t connect to the internet while in Safe Mode with Networking could mean that you have other infections besides this Smart HDD Rogue.
     4.Run Rkill and then a scan with Malwarebytes.

     OPTION 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes.
     1.Download any re-named version of Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     2.Next,please perform a scan with Malwarebytes as seen on the guide and then a scan with HitmanPro.

     Let me know , how everything goes!

155. Hello,
     You are a lifesaver! i thought that i had lost everything, and then found this!
     The screenshots from the virus are identical to what i have and now i need some additional help, PLEASE!~
     i am running windows 7 and when i start up, hitting F8 does nothing. i can F12 or F2 to enter Setup Utilitiy, however i do not see anything about a safe mode. I saw one post that suggested the same issue and they were able to disable something however, i do not even see that! (i cannot remember exactly what it was, boot something~ it was many posts ago)
     What do i do, or can i do from the setup utility to get started on your suggested process?
     Also, i am accesing this via my ipod, not the infected lattop, so actual links to things wont work for me… :(
     Thanks a million in advance~

156. Thank you so much you have saved me a lot of money literally haha! Absolutely genius thanks a billion!!

157. Stelian, Sir- you are an absolute life-saver! Thank you SO much for having this series of steps available. Granted, when this nightmare occurred at about 9:45pm est yesterday I was skeptical of my skills and computer knowledge in executing this “fix”- but you made it pretty painless. I will say that I too, was unable to reboot in safe mode (f8), but when I hit (f2) at start-up and “disabled” the “quickboot” mode, I was able to boot in “safe-mode” but then I was unable to gain internet access. I also noticed that with each subsequent “reboot”/ gimme “f8” safe-mode dang it, the Virus “hid” more items, making it nearly impossible to do anything- I could no longer even search for “internet explorer” under the start menu search and open it from there. (I write all of this hoping it may help anyone else with these little “nuance” issues.) Luckily, If it weren’t for the fact that I knew one program under my control panel (Revo Uninstaller) trial has expired and automatically opens a web browser to purchase– I don’t think I would have been able to fix it– as this became the new procedure by which I opened a web-browser each time to access and download from this website. But thank you so much again!!

158. Right click on the Folder/Icon and select Delete….And you’re done!

159. Thanks ! U r a great life saver. I did follow your steps and fixed the problem.But when I check the start-program- I still can c the “Data recevery”. then I select to Uninstall them , the Smartchek window came back… how to clean that next ( in the start -program..).?

160. my computer was rendered useless this week with the SMART Virus and not being a technical type person I thought everything was lost. Fortunately I found this blog when searching for SMART CHECK before doing anything else. These instructions were easy to follow and completely guided me through fixing the mess the malware created. I can’t thank you all enough!

161. Thanks, this guide helped me fix things much faster than I normally would have!

162. It’s not related to the Smart virus…. I would suggest that you reset Internet Explorer to its default settings > http://support.microsoft.com/kb/923737

163. After having the SMART virus a few days ago and believing I had fixed it I am left with a problem…

     I am hearing random audio ads (only audio – no images on screen) when in internet explorer and even when running Windows XP alone with no windows open.

     Is this a remnant of the SMART virus or something else?

     Any help would be appreciated.

164. You’ll need to use an Administrator account when logging into Safe Mode and performing the scans/removing the infections….
     Next,perform a system scan with Emsisoft Anti-Malware:

     1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
     2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

165. Hi,

     I have gone through all the steps and all programs work fine, but neither Rkill nor Malwarebytes detects anything. So nothing is removed. But when i restart my computer, the SMART check is performed again (although this time it indicates that all files are fine…). So the Malware is still there.
     How can i get rid of it?
     Thanks.

166. Follow the steps from this thread: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=55462#pid55462
     If they don’t work,please reply to this comment and I’ll help you restore the files… :)

167. The Rkill step is used just to stop the malicious process , if you manage to complete the guide without using it …it’s ok!:D
     When the computer was infected it was using a limited account or administrator?
     Stay safe!

168. Thank you for the detailed removal instructions, my laptop is now fully functioning and back to normal (I followed your instructions for Normal start up as internet was unavailable in safe mode) ! Just one odd thing though- when I ran RKill it shut down the whole system process and caused my laptop to crash instead of just stopping any virus processes. I followed the other steps without using RKill after restarting.
     Also I didn’t have the administrator password so I did it all on my user profile. Will this effect the removal success of the S.M.A.R.T. virus?

     Many Thanks,
     Carmen

169. Perfect. The system tools are back in it. The only things left are the extra programs like Microsoft Office, Skype, etc. I guess those will have to be reinstalled. I appreciate the help. Back when I found the smtmp folder, I copied everything in it back to the Start Menu folder but it didn’t fix anything. Since I was not the first person to try and fix this computer, I can only assume that the majority of the shortcuts were somehow deleted.

170. This is a manual fix for XP users:

     1. Copy the entire content of this folder:
     C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
     and paste it to this folder:
     C:\Documents and Settings\All Users\Start Menu

     2. Copy the entire content of this folder:
     C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
     and paste it to this folder:
     C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

     3. Copy the entire content of this folder:
     C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
     and paste it to this folder:
     C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

     4. Copy the entire content of this folder:
     C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
     and paste it to this folder:
     C:\Documents and Settings\All Users\Desktop

     ---

     If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:

     • Restore Accessories Program Files Menu with accrestore.zip for XP
       • Extract (unzip) the tool, double-click on it to run and ensure that the following check boxes are checked (as shown below):
       • Then click on the Restore button.
       • Restore Admin Tools Program Files Menu with admintools.zip for XP
       • Extract (unzip) the tool, double-click on it to run and click on Restore Administrative Tools Items (as shown below):
       • Then click on the Restore button.

       For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.

171. No still nothing. Service Pack 3 is up but nothing has changed. I think the submenus are gone for good. Unless you have yet another solution (I wouldn’t be surprised if you did) I am going to need to backup the documents and then reinstall the OS. It will be a pain since this is a company computer.

172. I don’t see a previous versions Tab unfortunately. Just these: General, Sharing and Customize.
     Could it be that this is wasn’t added until Service Pack 3? The owner runs Service Pack 2 and is a firm believer in the “if its not broken, don’t fix it” policy. I can update their system to Service Pack 3 but if I have a feeling that while this may give me the previous versions option, it will not give me any options to choose from since it was just updated. I will try anyway and get back to you.

173. Is this infection blocking your Internet connection when you are using Google Chrome?If no, then go ahead and download/run Rkill and then follow the other steps……
     If you really want to check for proxies,you can use this steps: http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-proxy-settings.html

174. For Windows XP,you can try this fix:
     1)Go to the Startup icon
     2)then put cursor over “All Programs” and right click and click on “Open”
     3) Select the “Programs” folder and right click and select “Properties”
     4) Then select the “previous version” tab, await the previous versions to show up and select the folder that existed prior to your problems and hit restore and follow through with prompts.

175. I have google chrome instead of internet explorer. What do I do?

176. In Windows XP the Program Data folder doesn’t exist. Going by the screenshots, these fixes seem to be for Windows 7.
     In XP I can get to that Start Menu Folder in Documents and Settings but the menu doesn’t have a “restore previous versions” option. I was hoping a System Restore might bring all the submenus back but every checkpoint I try returns a Restoration Incomplete message. Just to get the System Restore running required me to run (%systemroot%\system32\restore\rstrui.exe) since the System Tools submenu under Accessories is empty. I have already tried the Tweaking fixes that were supposed to bring all the Shortcuts and Start Menu items back but have had no more luck than the first. I am rapidly running out of options. At this rate, ghosting the hard drive and reinstalling the OS might be my only option. I’m hoping you know of an easier solution

177. Hello Chris,

     1. Right click on your Windows Start menu and select Properties.
        
     2. Next put a check mark on
        Store and display recently opened programs in the start menu
        Store and display recently opened items in the start menu and taskbar
        
     3. Click on Customize and click on Use default settings at the bottom
        
     4. Browse to
        Code:

        C:\ProgramData\Microsoft\Windows

        

     5. Right click on Start Menu folder and click on Restore previous versions
     6. Now select a snapshot before you were infected by the rogue,click on restore

178. Hello,
     Ok,try to do this…
     STEP 1 : While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. If it start ,let it scan and remove all the detected threats.

     STEP 2: Download/Run Rkill and then run a scan with Malwarebytes.
     1.Download a different named Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     2.And then follow the guide starting with the Malwarebytes scan.

     STEP3 : Perform a system scan with Emsisoft Anti-Malware:

     1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
     2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Malware-Removal-Assistance

179. Hey, I am currently in safe mode, but no Internet is available to download rkill. I do have Internet in normal mode though, any ideas??

180. You are a lifesaver!!! Your website has gone straight to my favourites list. Everything worked (although I had to take a few detours) and HitmanPro had no free trial. But thankyou soooooo much.

181. I am trying to repair someone’s computer that had this virus. Thanks to this handy guide, I was able to get rid of the virus and bring back all the desktop icons that were hidden. However, in the Start Menu, many of the boxes in the submenus say “Empty” I have repeatedly followed the final instructions that SHOULD have brought them back but have since been unsuccessful.

182. This is the worst case I was worried about for the last 15 years.
     And it happened inspite always updating my browsers, OS, AV-software and plugins – just a few moments before finishing an important work. Instead I
     had a thrilling night session.
     Most puzzling was to figure out which sources throughout the web are reliable and which ones are free-riders or even part of the original fraud. Too many – commercial- offers seemed suspicious. But thanks to this great guide, I got my machine working again and met the deadline next morning.
     Unfortunately one symptom I supposed to be part of the infection appeared once again in the morning: a vertical striped freezed monitor.
     So I run the whole procedure a second time. Now – a few days later – the system appears stable.
     One question is left: What was the infection path of the trojan? Just drive-by?

     Thanks a lot!

183. Sounds more like a hardware problem than a side effect….. Try to disconnect – reconnect the cable….

184. Your directions were magnificent!!! Thank u sooooo much!!! I do have one question…my mouse pad on my laptop is not working properly…I can tap to select n scroll the right button works but the left doesnt. Could this b from the virus?

185. Thanks a lot Stelian, everything is fine now!

186. Hello Francine;
     1.Plese run Unhide.exe

     1. Download  >> Unhide.exe. < <<
     2. Double-click on the Unhide.exe icon on your desktop and allow the program to run.When it has completed its task it will generate a report.

     2.Restore your Start menu to a previous date

     1. Right click on your Windows Start menu and select Properties.
        
     2. Next put a check mark on
        Store and display recently opened programs in the start menu
        Store and display recently opened items in the start menu and taskbar
        
     3. Click on Customize and click on Use default settings at the bottom
        
     4. Browse to
        Code:

        C:\ProgramData\Microsoft\Windows

        

     5. Right click on Start Menu folder and click on Restore previous versions
     6. Now select a snapshot before you were infected by the rogue,click on restore

187. Follow the fix from this site for your Windows Firewall error : http://aiscer.wordpress.com/2011/07/19/windows-7-firewall-error-0x8007042c/

     :)

188. Hi everything worked fine BUT I still have not a single icon on my desktop and cannot access to the xontrol panel and some of my programs have that ufly “empty” box next to it.
     Help!

189. Thank you very much. I followed all the steps to remove the SMART virus and it worked just fine.
     I do have a problem yet but i do not know if it is from the SMART virus or not.
     I am using Windows 7 and Trend Micro anti virus.
     I can not turn on the Windows Security Center. Error says it can not be started. Also I can not start the Windows firewall service. I get error code 1068. When I try to start the firewall I get error code 0x8007042c.
     Thank You

190. Fantastic!!! I freaked out when my desktop turned black and all my files and folders had disappeared! Quite frankly I didn’t know what to do and was about to make the damn purchase the virus was prompting me to but it looked suspicious so I decided to google S.M.A.R.T and this awesome link came up!! I read through and realised that I wasn’t alone?

     Followed every step in the link and bang! All my folders and files came back!

     You are indeed a STAR! God Bless you big time!!!

191. 1.Plese run Unhide.exe

     1. Download Unhide.exe.
     2. Double-click on the Unhide.exe icon on your desktop and allow the program to run.When it has completed its task it will generate a report.

     2.Restore your Start menu to a previous date

     1. Right click on your Windows Start menu and select Properties.
        
     2. Next put a check mark on
        Store and display recently opened programs in the start menu
        Store and display recently opened items in the start menu and taskbar
        
     3. Click on Customize and click on Use default settings at the bottom
        
     4. Browse to
        Code:

        C:\ProgramData\Microsoft\Windows

        

     5. Right click on Start Menu folder and click on Restore previous versions
     6. Now select a snapshot before you were infected by the rogue,click on restore

     3.This malicious software has changed your homepage in Internet Explorer…..You can go into the Internet option and chose ‘Use blank’ or add your own… OR you can just reset IE options.

     Reset Internet Explorer options

     To reset Internet Explorer options….. Go here : http://malwaretips.com/blogs/remove-whitesmoke-translator/ : and check step 3 to see how to reset IE to its default settings..

192. Thank you for this website. I have followed all the steps listed above, and the popups have stopped, my files are no longer hidden, and the system is allowing me access to my programs now.

     But I still have a couple issues. I am running Windows XP, and when I click on Start, then All Programs, it lists the installed programs, but when I try to click on a program, it gives me a little box that says (Empty). I can access the programs through desktop icons or by going into Explorer program files. Secondly, although all the subsequent scans I have run using all the programs listed above as well as two paid anti-virus programs all show my system to be clean. But Internet Explorer (which I don’t use – I use Firefox) keeps opening on its own to websites I’ve never heard of.

     Any insight you can offer on these problems would be greatly appreciated.

193. Hello Burninchilli.
     Your antivirus didn’t have signatures for this particular threat and because it doesn’t have any other powerful layers of protection it didn’t have any way to stop it.
     You should really change your antivirus to one that has additionl layers of protection besides the antivirus component!
     Here is one of the reasons why Avast is better than Microsoft Security Essentials: https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/
     Quick tips:
     Free – Avast 7 Free version or COMODO Internet Security
     Paid : Norton Internet Security 2012 or Avast Internet Security 7
     Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard

194. Hello Linda,
     The RKILL scan should not take more than 5 minutes or so. Lets try another thing:

     Option 1 : Try to download a different named Rkill (direct download links bellow):
     http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
     http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
     http://download.bleepingcomputer.com/grinler/rkill.scr
     And then follow the guide starting with the Malwarebytes scan.

     ---

     If that doesn’t work please try to do this:
     Option 2: Download HitmanPro and then start this program in ForceBreach Mode
     1.Here are the direct download links for HitmanPro,
     – http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
     – http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
     2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
     Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
     3. If it start ,let it scan and remove all the detected threats , then perform a scan with Malwarebytes.

     Next , perform a system scan with Emsisoft Anti-Malware:

     1. Please download the latest official version of Emsisoft Emergency Kit : http://www.emsisoft.de/en/software/eek/
     2. After the download process will finish , you’ll need to unpack EmsisoftEmergencyKit.zip
        
     3. Open the Emsisoft Emergency Kit Folder and double click EmergencyKitScanner.bat
        
     4. A pop-up will prompt you to update Emsisoft Emergency Kit , please click the “Yes” button.

        

        

     5. After the Update process has completed , put the mouse cursor over the “Menu” tab on the left and click-on “Scan PC”.

        

     6. Select “Smart scan” and click-on the below “SCAN” button.

        

     7. Emsisoft Emergency Kit will now start scanning your computer for malicious files as shown below.

        

     8. When the scan will be completed , you will be presented with a screen showing you the malware infections that Emsisoft Emergency Kit has detected.Please note that the infections found may be different than what is shown in the image.
        Make sure that everything is Checked (ticked) and click on the ‘Quarantine selected objects’ button.
        
     9. Emsisoft Emergency Kit will now start removing the malicious files.
        If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.

     If you are still experiencing problems , start a thread in our Malware Removal Support forum : http://malwaretips.com/Forum-Help-my-PC-is-infected

195. how long does it normally take for the RKill program to generate a log? I got the black screen but it disappeared after a couple of seconds….I have been waiting about 45 minutes now but nothing has happened, so not sure if it’s working or not

196. You are a * (star!). I think I got SMARTED from E-bay (if this is possible) looking at bikes. Followed the instructions on this site and I got my life back. I assess students and have about 100 hours of work that I thought had gone for good. Thank you so, so much. My concern is that my firewall was on, Microsoft security essentials wes running in real time and my explorer is patched and up to date. So how does it by-pass my security Stelian? Is there more I should be doing to protect my computer?

197. thank so much. thought i had lost everything on my laptop, & thought that I would need a new one. thanks to you I now have my stuff back!!!!

198. awesome….you deserve a lot more than a medal..worked perfectly..

199. Friggin awesome….you deserve a lot more than a medal..worked perfectly..

200. Hello Ruth,
     Yes, if you follow this step by step guide , you’re folders,icons and files should be back!
     If you have any problems please post back here, and I’ll help you!!
     Stay safe!

201. I have tried Malwarebytes when I saw the smart hdd message but the problem is my C drive shows with nothing in it and also I do not have icons on the taskbar and desktop and all the programs are gone. Please I will like to know if the instruction will bring back my C drive and my icons and programs. I am able to log in now. This is a work computer.

202. Brilliant. Complete documented set of instructions that worked perfectly.

     Thank you, you deserve a medal.

203. I had tried a couple others before this so I was fairly skeptical of it working. But it worked great and the user is happy. Awesome documentation. Thanx very much

204. Great job and excellent documentation. Worked great!

205. You’re Awesome! Thank you.

206. How to Unhide Files and Folders
     To avoid manual execution of programs and files, Smart HDD will hide files and folders on the infected computer. Most victims think that files and folders are deleted, but it is not. The malware simply changed the attributes to hide the data. Follow this guide to show all hidden files and folders if it remains hidden after activating Smart HDD.

     1. Open My Computer or Windows Explorer.
     2. On top menu of upper left corner, click on Organize, then choose Folder and Search Options.

     3. Folder Options dialog box will appear. Select the View tab.
     4. On Advance Settings, mark “Show hidden files, folders and drives.”

     5. Click OK to save the settings. You can now view the folders and files, though, they are still concealed because Smart HDD sets the attributes to hidden.
     6. While still on Windows Explorer, click on the drive (C: or D:). On right pane, mouse over on the folder or file you wanted to unhide. To select all folder, you may use the keyboard shortcut Ctrl+A. Right-click, then select Properties .

     7. On the Attributes area, remove the check mark on Hidden . This will change the attributes of affected files and folders. Click OK to save the settings.

207. You may have to use “msconfig” to load safe mode as this new strain of virus would not allow me to use F8 on bootup to get into safemode. Also in my case I had to use the cmd window to run “tasklist” to see the running processes and “taskkill /f /pid ####” where #### is the task pid you need to kill. It has a wierd name (random characters) so you’ll proably know which one to kill. Once you run taskkill type msconfig and choose safemode and then restart and follow the remaining directions.

208. I thought this was a disaster on multi levels. Thanks for the help…

209. Thank you SO much for these instructions. They were WAY more helpful than Microsoft’s forum entry regarding removal of this humongously annoying malware. You are indeed a life saver!

210. I have two computers, a tower, which is my primary, and a laptop, which is my backup/highrisk use pc. Not sure where I picked up this particularly nasty piece of Malware from but I suspect Uploading.com or another file site when I was cruising for some vids. Normally I’m savvy enough that I can solve most problems on my own but with this little bathturd I needed some outside help. Praise be to Google which led me to this fantastic article, and thank you very much kind sir for making it and explaining things step by step so well.

211. Thought I would have to haul my computer to the shop but I followed your step by step instructions and they worked! Thank you so much!!!!

212. Thank you so much for your info. I got the smart virus two days ago and I followed these steps. Took me about an hour but the computer is back to normal. The only issue I still have is I cant see anything on my external harddrive. I can click on the J drive but I cant see anything in it. Should I run these steps again with the external drive plugged in?

     Thanks for your help

213. WOWOWOW – The steps worked! Thank you Stelian Pilici!

214. You guys are GREAT!!!! Never thought i could get pc back to normal!!!! This worked wonderful!!!!

215. THANK YOU SO MUCH!! I thought all was lost. I’m right in the middle of finishing the last touches of my dissertation (luckily I had just emailed a copy to my professor, but lost all my research articles). You have NO IDEA how much you just saved me.

216. Tried a lot of different websites that didn’t help me a lot further, but thanks to you I finally got rid of Data Recovery. Thank you so much, I thought I’d lose everything on this computer.

217. I would suggest that you try Avast 7 Free… It’s way better than AVG FREE. :)

218. My 30 day trial of Norton ran out on my new laptop, then I got this virus. This website solved my problem fast and free. Next step for me is to install AVG free virus scan.

219. Amazing.. Thank you very much.. I thought Ilost all my data….

220. Thanks a lot for the guided support. I was so scared I lost all my data which was around 300GB.. Thanks to you I am saved now.
     This blog has helped many by now and in future also. Great

221. Thank you so much! I was so worried I had lost everything until I found this site. Thank you!!

222. Awsome! You bailed me out!!! Thanks so much!

223. Hi, I just got infected by this annoying virus, and thanks to you i’ve been able to get back in place! Great guide!! thanks

224. Nice work, Great guide and screenshots

225. Thank you for your help.
     You are providing a great service to all!

226. great work.
     thank you

227. How can I thank you, I did in fact donate to your support.
     I believe I am back straight now, I will for ever be a little worried now about just what is happening when I am going to a website.
     The only thing not mentioned above is that the RogueKiller took me to the RogueKiller website and I am not certain if I need to be doing anything further. I have convinced myself it takes me there just in case I want to leave a comment or such.
     THANK YOU Sir!

228. Is there not a download available to create a USB rescue drive that will rid ones computer of this SMART HDD malware rather than have to download and run all these programs?

229. Fantastic guide. Thanks so much :)

230. A++++++++++++++. Excellent instructions, well thought out and easy to follow. An exemplary job. You sir are amazing. Thank you. Now I don’t need to reformat my computer. :)

231. Your the man!!! I love when it when you can follow simple directions and they work.

232. I can not thank you enough… i thought i had lost all my business stuff!

233. Thanks so much for a thorough recipe for undoing the problems that the S.M.A.R.T. malware. I used the instructions on another site but they only got me part way there. I can now access QuickBooks and write invoices. In other words I am back in business. Thanks for your help.

     Ken

234. Thank you! Excellent instructions and easy to follow. You are fantastic. Thank you!

235. Thank you!!

236. omg… thanks.. very very thanks
     i almost change my HDD, but i visited your site and fixed all