File Recovery is a malicious program that will display fake alerts, claiming that several hard drive errors and computer issues were detected on your machine.
In reality, none of the reported issues are real, and are only used to scare you into purchasing File Recovery and stealing your personal financial information.
Apart from the bogus alerts and warning,this rogue software has changed your desktop background to a solid black color,has hidden your files and folders and it’s causing browser redirects.
As part of its self-defense mechanism,File Recovery has disabled the Windows system utilities, including Task Manager and Windows Registry and is block you from running certain programs that could lead to its removal.
If your computer is infected with File Recovery virus,then you are seeing this images:
We strongly advise you to follow our File Recovery virus removal guide and ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Registration codes for File Recovery
As an optional step,you can use the following license key to register File Recovery virus and stop the fake alerts.
File Recovery activation code: 56723489134092874867245789235982
Please keep in mind that entering the above registration code will NOT remove File Recovery from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.
File Recovery Removal Instructions
STEP 1 : Start your computer in Safe Mode with Networking
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
- Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows start-up logo appears.
Note: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the “F8 key”, tap the “F8 key” continuously until you get the Advanced Boot Options screen. - On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
STEP 2: Remove File Recovery malicious proxy server
File Recovery may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
- Start the Internet Explorer browser and if you are using Internet Explorer 9 ,click on the gear icon (Tools for Internet Explorer 8 users) ,then select Internet Options.
- Go to the tab Connections.At the bottom, click on LAN settings.
- Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.
If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy
STEP 3: Run RKill to terminate known malware processes associated with File Recovery.
RKill is a program that will attempt to terminate all malicious processes associated with File Recovery virus,so that we will be able to perform the next step without being interrupted by this malicious software.
Because this utility will only stop File Recovery running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
- While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.Please note that we will use a renamed version of RKILL so that File Recovery won’t block this utility from running.
RKILL DOWNLOAD LINK (This link will automatically download RKILL renamed as iExplore.exe) - Double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with File Recovery.
- RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.
IF you are having problems starting or running RKill, you can download any other renamed versions of RKill from here. - When Rkill has completed its task, it will generate a log. You can then proceed with the rest of the guide.
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.
STEP 4: Remove File Recovery malicious files with Malwarebytes Anti-Malware FREE
- Download the latest official version of Malwarebytes Anti-Malware FREE.
MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free) - Start the Malwarebytes’ Anti-Malware installation process by double clicking on mbam-setup file.
- When the installation begins, keep following the prompts in order to continue with the setup process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finish button. If Malwarebytes’ prompts you to reboot, please do not do so.
- Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
- On the Scanner tab,select Perform full scan and then click on the Scanbutton to start scanning your computer.
- Malwarebytes’ Anti-Malware will now start scanning your computer for File Recovery malicious files as shown below.
- When the scan is finished a message box will appear, click OK to continue.
- You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
- Malwarebytes’ Anti-Malware will now start removing the malicious files.After completing this task it will display a message stating that it needs to reboot,please allow this request and then let your PC boot in Normal mode.
STEP 5: Double check your system for any left over infections with HitmanPro
- This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro) - Double click on the previously downloaded fileto start the HitmanPro installation.
IF you are experiencing problems while trying to starting HitmanPro, you can use the “Force Breach” mode.To start this program in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video) - Click on Next to install HitmanPro on your system.
- The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
- HitmanPro will start scanning your system for malicious files as seen in the image below.
- Once the scan is complete,you’ll see a screen which will display all the malicious files that the program has found.Click on Next to remove this malicious files.
- Click Activate free license to start the free 30 days trial and remove the malicious files.
- HitmanPro will now start removing the infected objects.If this program will ask you to restart your computer,please allow this request.
STEP 6 : Restore your shortcuts and remove any left over malicious registry keys
File Recovery has moved your shortcuts files in the Temporary Internet folder and added some malicious registry keys to your Windows installation , to restore your files we will need to perform a scan with RogueKiller.
- Please download the latest official version of RogueKiller.
ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer) - Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Start button to perform a system scan.
- After the scan has completed, press the Delete button to remove any malicious registry keys.
- Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
STEP 7: Unhide your files and folders
File Recovery modifies your file system in such a way that all files and folders become hidden, to restore the default settings , you’ll need to run the below program.
- Download the Unhide utility, to unhide your files and folders.
UNHIDE.EXE DOWNLOAD LINK (This link will automatically download the Unhide utility on your computer) - Double-click on the Unhide.exe icon on your desktop and allow the program to run.The whole process should not take more than 10 minutes to complete,and at the end this utility will generate a report.
STEP 8: Get your desktop look back!
File Recovery changes your desktop background to a solid black color,to change it back to default one follow the below instruction.
- Windows XP : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Display icon. From this screen you can now change your Theme and desktop background.
- Windows 7 and Vista : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Appearance and Personalization category. Then select Change the Theme or Change Desktop Background to revert back to your original Theme and colors.
Hello Ronald,
Your machine is infected with the CryptXXX ransomware. You can ask for free malware removal support in the Malware Removal Assistance forum – https://malwaretips.com/forums/malware-removal-assistance.10/ . In this support forum, a trained staff member will help you clean-up your machine by using advanced tools. Never used a forum? Learn how- https://malwaretips.com/help/welcome-guide/
I went through all the steps, but there is a .crypt on all my images how do I restore my images?
Thank you so much! My laptop is back – I was so happy to see my home screen instead of the evil black screen!! You guys are genius. Thank you for guiding me through!!
Hello Grace,
If the File Recovery infection isn’t active on your computer, then you can run a scan with Malwarebytes Anti-Malware and HitmanPro to check for malware.
This is the SECOND time in 10 days that I have had to use this site to fix my husbands computer! I am still having issues with pop ups and the computer being slow(this time). I’m sure I’ll be able to fix these issues also with some more help from this site. Last time (on Aug 21st, 2013), the computer ran like new after I ran the suggested scans. I’m absolutely NOT a computer genius so if I can fix a computer, anyone can! I will absolutely be donating and subscribing to and following the blogs in this site from now on.
I BELIEVE http://WWW.GUNTRADER.COM IS THE SITE RESPONSIBLE FOR THE ALL THE COMPUTER ISSUES BOTH TIMES…..BEWARE!!
thanks so much, this guide is as good as gold!
Thanks Stelian!!
Hello Matt,
What Firewall are you using?By any chance are you using McAfee,if yes, then try to disable this firewall and then try to connect to the Internet.
Next,can you please run a scan with Combofix and Complete Internet Repair utility, and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from the below link:
COMBOFIX DOWNLOAD LINK (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with Complete Internet Repair utility
Please add the Combofix log in your next post.
Thanks for the information! I have my computer back except for connecting to the internet. I took care of the LAN settings but still no connection. Any helpful suggestions on that?
It’s hard to believe anyone would write such a good guide and offer it free. It worked, thank you. Too bad we can’t transfer some of MS ill gotten gains to you. This is the kind of site they should have.
Your instructions were spot on. Everything worked great, thanks
Great guide—I was able to completely remove the virus from my PC.
Thank you!
Thanks for the Excellent instructions!
Thanks so much! It took hours but it worked and I have my computer back!!!
Thank you so much! May my God and Yours bless you and your family.
Muchas gracias…!!! toda esta guia me fue de mucha utilidad. Gracias por su valiosa ayuda. :-)
Hello Dan,
You can use this utility to reset your file association.
If you would like to open file with a certain program instead of another one, you can right click on the program icon and Open with , then select Chose default program. A new window will open from where you can select the program you want to open this file in the future or if it’s not on the list, you can browse to it.
Stay safe!
I got all my files back and unhidden but now my file associations are all messed up…Word docs are file type word.document.8 and have the notepad icon associated to it…other files on desktop do not work or open properly…lot of new file type…how can I correct this?
Hello George,
The one thing that you shouldn’t have done is removing the temp files!!Lets try to recover your shortcuts:
Store and display recently opened programs in the start menu
Store and display recently opened items in the start menu and taskbar
This should restore back your start menu and other icons however for your Pinned items,you’ll have to re-select again those who you like and want on the task bar. Stay safe!
Thank you so very much for your generous help and knowledge in restoring my daughter’s computer to its original condition.She goes to school online and your webpage hit the nail on the head to get rid of File Restore Virus and we also found additional Trogans during the various processes. We thank you from the bottom of our hearts, you sir are a true genius. God Bless You!
Thanks for this. Unfortunately, I got here a little too late. I got the virus (grrr…) and before I arrived here, I ran Spybot Search & Destroy, and that program deleted all of my “Temp” files, which included all of my normal Windows 7 shortcuts in the Start menu (e.g. everything in Accessories, System Tools, etc.). :-(
How do I get all of this stuff back???
Hello Nettie,
Lets try to fix your computer,please run the below tools while in Normal Mode;
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Anna,
Yes,you can uninstall all the tools that we’ve used, however if you want you can keep Malwarebytes and HitmanPro and run regular scan with these products… You choice… Just stay away from malware!:P
Help! I am having trouble launching into safemode with networking. I either get a blue screen of crash dump or I get to safemode (slowly) finally, a failed to connect to a window service message appears. Everything is frozen and still seems to be controlled by malicious software. Do you have a remedy?
Thank you so much! I seriously don’t know what I would’ve done without your help! I know what I need to about computers but I knew nothing about this stuff. I tried downloading this thing where you can watch tv on your computer (because my boyfriend is obssesed with the new halo 4 game) I haven’t got to watch my shows lol Now I know never to download anything on my computer again haha I thought I lost everything & was balling my eyes out! :/ Can I delete all of these downloads or should I keep them on my computer? I don’t want to mess anything else up.
My PC was infected with this crazy virus. I followed the steps exactly as listed and after a few rounds of scans, I’m all good now!
THANK YOU!!!
Wow, great step by step instruction, so simple even I could follow it. Thank you so much!!!
I could just…you just saved me forty bucks, a serious telling off from my mom, and over 60,000 words of novel writing. I was in the air for a while their, since my laptop was acting a bit differently, but I looked at all of your suggestions for the comments Thank you thank you thank you thank you so. Much.
thank you stelian!
Hello Gert,
NO!And you should not pay any money to anyone who is using this type of techniques!
Again,DO NOT PAY FOR ANY MALWARE REMOVAL SERVICES. Just follow this guide and if you need help,you can reply to this post.
We have a strong privacy policy and I will NOT never contact you via email or give to anyone your address.
Stay safe!
Hi,
On one of our pc’s we got this virus and immediately after an offer for removal service at USD 80,00 or so. A confirmation of orderxyourorderpm.com> with exactly the codes as in your story. Does orderXyourorderpm.com> belong to you or do you know this organisation?
Thanks!
Stay safe Jan!:)
Did not need the Emsisoft. The Hitman and Rogue Killer
did the job. Thank you so much.
Hello Jan,
Go ahead and run the HitmanPro and RogueKiller scan,then follow it up with a Malwarebytes quick scan.Don’t forget to run Unhide.exe for get your files and folders back.
As an additional steps,you can run a scan with the following tools:
STEP 1: Run a scan with Emsisoft Emergency Kit.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
STEP 2: Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello Janet,
As an additional steps,you can run a scan with the following tools:
STEP 1: Run a scan with Emsisoft Emergency Kit.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
STEP 2: Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello Paige,
Never seen this rogue software doing this type of damage… Can you please try to follow the steps from this guide: http://support.microsoft.com/kb/2400124
Hi,
I used your guide to remove the File Recovery virus from my computer and was able to recover, thank you very much. Since then, however, my Office Professional 2010 has lost it’s activation and any attempts to reactivate (tried re-installing) are not sucessful. The error code 0x80070001 pops up. The microsoft registry fix doesn’t seem to help. Have you encountered this? Thanks.
You are a lifesaver! I now have my files back thanks to you. The only that didn’t work for me is the RogueKiller (step 6). I was able to download it, pre-scan then scan but it will stop as soon as it gets to ‘Finding Proxy’. Windows Internet Explorer stopped working. Did this several times. Will this be an issue? All the steps worked except that. Thank you soooo much again for being so kind in helping malware/virus victims like me. :D
I ran the malwarebytes program but it did not recognize the file recovery malware. Any suggestions?
Hello Joseph,
Can you please follow the instructions from this guide: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=55462#pid55462
Hello Ganesh,
1.Can you please follow the instructions from this guide: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=55462#pid55462
2.For your peace of mind, please perform the following scans:
STEP 1: Run a scan with Emsisoft Emergency Kit.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
STEP 2: Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello Mirandann,
It always does that or ?When exactly it reboots?Did you try to load your computer in Safe Mode with Networking?
Salut Tom,
Ai grija de tine!
This is awesome!!!!!IT WORKS!!:D
Multumesc. Ai fost salvarea mea. Nota 10 pentru tine. Meriti si mai mult Nota 10 cu FELICITARI. Multumesc,esti inexplicabil. TNK :)
Hi – I got the file recovery virus removed from my computer (i think). Now my computer keeps rebooting after about 1-2 mins. Is this associated with the virus? Any suggestions on how to fix this problem now. Appreciate your help. Thanks!
Hello Daisy,
You can use any email address…. fake@email.com
Good luck!
Hello, when I enetered the activation key it did not work as I needed an email address as well! What email address do i put in?
Great results! I was glad to find this site a few days ago when this virus suddenly appeared. The virus files were successfully erased and my computer was back to normal in a couple hours (…longest time was for the file scan step).
THANK YOU for the clear explanation and wonderful advice.
Thanks for the help. My friend got the File recovery virus. The only issues we have no is that the start/programs in windows now say empty and the bookmarks are gone from his browsers, Opera, Firefox, and Internet Explorer. Do you know how to get any of these back?
Hello Rick,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs.
Hello Mike,
That should be just an left over and harmless file from this infection.Right click on it and select delete to get rid of it.
NEXT,for your peace of mind, please perform the following scans:
STEP 1: Run a scan with Emsisoft Emergency Kit.
EMSISOFT EMERGENCY KIT DOWNLOAD LINK (This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)
STEP 2: Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
It worked! Thank you!!
Okay, it seems that everything went back to normal (but I did notice that there is an icon on desktop called “File recovery”
Hello Mike,
Can you please go ahead and perform the HitmanPro and RogueKiller scan….. And then reply back with the results.. :D
I’m having same issue. When I rebooted after anti-malware (in normal mode) file recovery screen appeared again. You mentioned that it went away. I am currently running anti-malware scan a second time, will see what happens.
Thank you, very useful walktrough on how to remey to the problem, my problem is solve an everything seems to run back like it use to.
Many thanks.
As others have said, these instructions were outstanding. Slight differences in my procedure were as follows: At the end of Step 4, when I rebooted in Normal Mode, the problem was still there; so I rebooted in Safe Mode and continued the Steps from that point. Then, after completion, I got a warning that my Win 7 was no longer genuine and had to reset that.
Thank you SO very much for this helpful guide! Despite the virus being on my work laptop, my IT department was useless, telling me just to run McAfee (which said I had no viruses/problems). The only glitch I had was in using Hitman Pro, since the free trial was not available to me (corporate computer). I tried running Kaspersky, as someone else suggested, but that didn’t turn up any threats. However, ESET found it and took care of it for me. Just thought I’d share that in case anyone else has similar issues! Thank you, thank you, thank you.
You are a rock star, man. Wish I was in your area as I need my favorite laptop repaired !
hello i just want to say thank you so much I was able to fix my sisters’ computer in no time. Thank you for making my life easier .
Stelian,
You are the man! Your directions were very detailed and easy to follow. Thank you. After much angst, my computer is back in business. –Mark
Dude! You totally rock! Even a no-tech-skill flunkie like me was able to follow these instructions and kick some FRV ass! Coluldn’t have done it without you, though, so giving credit where it is due! Thank you sooooo much! Did I mention you rock? :o)
I think I’m in LOVE! Thank you … Other sites had steps 1-4 but it just wasn’t enough to do the job. I couldn’t get to any of my pictures or internet favorites until I ran this whole process. Thanks for saving me!
Absolutely true.. well said Robert.. Stelian is a hero for me..
I got two more doubts to ask Stelian though:
1. Why some of my startup shortcuts are showing “empty” when i click on “expand “option ??
2. All the icons which earlier used to come under a single up arrow button have now come spread across my bottom right hand side corner near the date & time area ?
I ran almost all softwares as you said but I’m a little worried whether these viruses/malware/trojans etc is still there in my Dell XPS 15 laptop. May be because this is my first time but sir you see I have to do internet banking and all from now on and I’m scared to proceed beacause this happend. Kindly advice. Also FYI, I use Avast 7 latest one and before this virus inflicted, this avast only blipped about some malware site, etc.. blocked etc.. Nothing more did it do to stop this stupid thing. So I also need your advice as to setting up a good software firewall against these creepy things popping up and also killing these if any still exist in my laptop.
I’m deeply thankfull to your effort here. You sir did really help me very much.
Once again unending gratitude & thankfullness with expectations of a quick & positive reply. :)
Ganesh Krishnan, Kerala, India. :)
You rule!!! Ty so much for the info, got my life back in track :D
WOW! I had a few worries along the line, but it seems everything is back in order from the infection yesterday.
After the first MalwareBytes run when I rebooted, the screen of File Recovery reappeared and seemed active, but finally stopped.
I also got an error message the there was a problem starting cleanup.dll, the module could not be found.
I ran MalwareBytes a second time and the File Recovery screen appeared again, seemed active but finally stopped.
I continued from there with your process and in the end everything seems to have worked great.
You have truly done all of us a valuable service by providing this information.
Thanks so much,
John
Thank you! File recovery could not have hit at a worse time. We have generally recovered but 2 problems remain. Web browsing is now extremely slow and the Microsoft office license/key is not being recognized and I can’t find my email with the key.
Thanks for the very thorough article and links. While I was familiar with Malwarebytes tools, you’ve gathered several good ones and following your instructions, and some others sites for specific registry keys/paths, I’ve been able to kill off this “secure file recovery” virus/malware. I believe the source of this instance of infection likely was “Playpickle dot com” or “flonga dot com” which my kids found somehow via their own grapevine and went to in search of free web-based games. (Telling myself to “Remember to configure a “USER” account without admin rights and USE it. Don’t just click download, okay, and Run blindly.”)
Thanks for the blog post and detailed replies.
Keep up the excellent work.
Thank you! Very well written document. I also used the system restore to an earlier day/time feature in Windows. For years I have struggled with getting the F8 to work at strat-up, but after a few attempts it does. One day I hope all these cyber criminals are found, prosecuted and spend a long-time in prison. This is a serious crime.
Thank YOU! These viruses are getting harder to kill and people like you are lifesavers.
This walk through was great. However, I’m not unable to remote desktop into the once infected computer.
Very Odd. Any suggestions?
Thank you so much. Took a while, but was worth it.
hi, there, very very very very, many thanks from here,, good detail explanation,
many thanks
Aron DK
Stelian,
It’s nice to know that there are still fine human beings like yourself who make positive contributions to society. Thank you many times over, Robert
Thanks for your detail explanation, thee problem has beam resolved……. Many thanks again
THANK YOU! From tears to gratitude, I appreciate that you have taken the time to post this for all of us to use. You saved my sanity and my GPA!
Hello Mark,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
Thanks a million for this fix. It’s nice to know there are people out there like you. More power to you. Your generosity has restored some of my faith in human nature. Thanks again!!
This terrible virus hit my computer the other day and I was able to find your site for help. I’m running Vista on my computer. I didn’t follow your first step and do the Registration codes for File Recovery. I went directly to the File Recorvery Removal Instructions and followed all the steps. It worked to the point that the “File Recovery” virus doesn’t show up but there still has to be something that is wrong. When I open in normal mode as soon as I try to open anything it locks up my computer and I have to stop the power to shut it down. I’m able to open and write this message through the “safe mode with networking”. At least this lets me know that everything is not lost. I tried using the Malwarebytes Chameleon as well with the same results. Is there anything else that you can suggest that may help me in my situation?
A big thank you, only lots a couple of hours when I thought it would be days.
thanks again
clive
I at first thought this was overkill and too geekish. I was wrong, many thanks for making the process easy to follow. I managed to fix my pc 30 mins before a presentation. I do make regular Acronis backups just in case.
What virus/malware program should I use to stop this happening again? Microsoft Security Essentials did not help.
Many thanks
Robert,it seems like you have a ransomware attack so this File Recovery is the least of your worries.
Try following this video and see if this will fix your problems: youtube.com/watch?v=6bVbCABjf38
Can you please post here the Combofix log? :) You’ll be able to find it in C:\Combofix.txt
My internet is still slow
Yes
Hello Zach,
Please follow this steps: http://malwaretips.com/Thread-How-to-fix-no-bootable-device-%E2%80%93-insert-boot-disk-and-press-any-key
Hello Jens,
That file is most likely just a left over file which you can delete.HitmanPro and Malwarebytes should have removed this rogue antivirus,however for your peace of mind I would suggest that you perform a scan with the following utilities:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Thank you!
Is this what you are seeing: http://www.youtube.com/watch?v=I42YnigbWDE ?
Stelian,
Her computer won’t boot normal mode either. I just tried. It is stuck on the “Page is loading, please wait. This may take up to 30 seconds” page.
Hello,
I got this virus on the computer and found this website. I did all the steps and now the computer works as before, but it seems like the File Recovery still is on the computer. I dont get these fake alerts and images anymore but I can still see the program File Recovery on the start menu and the shortcuts to it. Any help would be appreciated, thanks./ Jens
I think mine wiped out the boot sector because Windows would recognize it as a new drive when I hooked it up to another PC using an HDD Adapter.
Hello Ben,
Can you please run a scan with Combofix and Complete Internet Repairso that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with Complete Internet Repair utility
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hello Katryn,
Can you please run a scan with Combofix,Complete Internet Repair and Farbar Service Scanner so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with Complete Internet Repair utility
STEP 3: Run a scan with Farbar Service Scanner
FABAR SERVICE SCANNER (This link will automatically download Farbar Service Scanner on your computer)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hello Robert,
Lets try to fix your computer,please run the below tools while in Normal Mode;
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
WOW, that is all I can say. And, of course, a BIG THANK YOU!!!
Stelian,
I discovered this virus on my wife’s laptop last week and didn’t get a chance to attempt to remove it. While I was away on business, she rebooted it and attempted to use it. Now I can’t get it to boot in safe mode. All it does is stay idle on the page loading screen. Help!! Her system is Dell Vostro w/Windows 7. Thanks in advance, Robert
Hi,
I’m so glad I found this site, as I just got this virus and it is a nightmare! I’m sure this will all work perfectly but unfortunately I can’t get started as the virus won’t let me connect to the internet so I can’t download any of this stuff. I tried using the activation code as you advised someone else but it just said it wasn’t valid. I also downloaded the various programmes on another computer, put them on a disc and tried to get them on my laptop. But the virus has hidden everything, so when I click on start I can’t go to the ‘my computer’ bit and find the disc I’ve got the programmes on. I have taken steps to ‘unhide’ files, and a lot of my desktop icons came back, but unfortunately nothing in the start tab came back (apart from ‘paint’ which isn’t very helpful!). Could you give me some advice on what to do, as I just don’t know how I can get rid of it if I can’t go on the internet directly and can’t find the disc… sorry if this is a silly question, I don’t know much about computers. any help would be HUGELY appreciated! Thanks,
Kathryn
There’s another way to do this without using any software..
Just Run MSCONFIG on your PC
Choose Selective Startup
Click on the ‘Startup’ tab
Uncheck all programs
Click OK and Restart
Now your PC will start without the annoying File Recovery thing
Locate the File Recovery Shortcut on the desktop and Go to properties
Check its target file
(On my PC it was- C:\Documents and Settings\All Users\Application Data\ttffgdhsjj.exe)
Go to that location and delete the file(s) with that name
Go to the Desktop and Delete the File Recovery Shortcut
Empty you recycle bin
Nw you can get your original startup setting with MSCONFIG again
Ta-da!
My PC worked fine after that..
Hope this helps :- )
Just a Thank You for this post. Tryed restore point befor finding your post. Wish i had found this blog first. I am all set. Thanks again Matt
Help I got rid of the stuff and got my files and desktop pic back but I’ve been stuck with one problem….. my internet is going as slow as molasses before the recovery file virus it was fast but now its slow please help!!!!!
Thanks so much for your help!!!
I did have some problems trying to load some of the software to my PC, but was able to load them on to my laptop with no problem and then transferred the files to my PC with a thumb drive. All worked as you stated.
Thanks again!! Ken :)
Hello Daniel,
Lets try to fix your computer,please run the below tools while in Normal Mode;
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Brian,
Can you please run a scan with Combofix,Complete Internet Repair and Farbar Service Scanner so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with Complete Internet Repair utility
STEP 3: Run a scan with Farbar Service Scanner
FABAR SERVICE SCANNER (This link will automatically download Farbar Service Scanner on your computer)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hello K,
Just follow the guide…..it’s the easiest way to get rid of this infection :)
T.J. – I can’t find the process you listed in my task manager. Anything else I can look for. I did download the recommended tools to a flash drive. I have a wireless connection and I turned that off (external switch) prior to starting computer in safemode. Flash drive will install, but I can’t see a way to open it and launch programs. Thank you for help.
And HitmanPro won’t work when transferred over, because I have no Internet connection. That seems to be the root of my issues. Is there any other way to get around this malware to connect to the Internet? Step 2 is not working for me. The proxy server for LAN box never has a check beside it. So there’s nothing for me to un-check.
I transferred RKill to the infected computer and ran it in safe mode. It took 14 seconds to complete the log and found nothing. Does this sound normal? Having trouble with this one, and I normally don’t have issues with killing off malware. Thanks.
Do you mean I should transfer RKill to the computer via a USB stick and run it that way? If so, I will look for an RKill link that doesn’t auto-run the files – so they can be saved and transferred.
OH… and PS… YOU ROCK!
OM Friggin’ G!
That was crazy! But I am almost as good as new. Just have to replace my wall paper and my side bar (clock and various other news and stocks), did not fully load up. Not sure if I just need to reset everything. Sort of PO’d that my virus checker (Trend Micro Titanium) didn’t catch this for the price I pay for it. Sheesh!
Thank you Thank you THANK YOU.
So, trying to boot to safe mode with networking in order to download the needed programs, but WinXP is yelling about activation. I know it was activated a few years ago when I built the PC. HELP!
Thank you Thank you Thank you… easy to follow step-by-step instructions. Laptop running good as new with file access restored. Cleanup and restoration took about 2 hours, but worth every minute. You rock!
Hey guys I just had to clear this up for one of my users, and well done on getting the correct tools to help. One tip I can leave for everyone is this virus relies on the internet to get its live updates so disconnect your network cable (make sure you download and save the tools to a jump drive on a different computer first) and open ‘Task Manager’ the process is R627O85S7KwoPp9.exe find it and END the task. This will allow you to continue on with the tools provided by this site and prevent the pest to manifest…….if you do this correctly you can skip straight to MalwareBytes.
I have an HP laptop and everything was pretty successful until after the HitmanPro reboot and now I am getting the error “No Bootable Device”.
Have you seen this before?
Hello Ben,
Yes of course,you can try to do the Malwarebytes scan if this product installed on your machine!
Hi,
Rkill won’t run. It says that Rkill has terminated. Can I jump in the Malwarebytes Anti-Malware (trial) Full system scan? Please, need reply thank you.
Thank you SO much! Our computer is ESSENTIAL to our business and these steps were SO clear, concise, and easy to follow! THANK YOU!!!!
Ohhh my gosh that was horrible! Thank you soooo very much!!!
Hello Brian,
Can you please try to use the license key provided in the article to see if this infection will let you connect to the Internet.
If no,then we will need to transfer some files via an USB stick to the infected computer.
Waiting for your reply.
Stay safe Anton!:D
This morning, I could not even boot my computer. After following the instruction, all my issues were fixed. The instructions were very helpful and easy to follow! Thanks for saving us from the “black”days!
Dude, You Rock !!!!!!
I lost everything…nearly…lol
Tried this and it worked wonders. I am at stage * and I have all my desktop Icons back.
Only thing that caused me some head ache was installing mallwarebytes. The Virus kept on killing the installaion just as it completed downloading. I noticed that the Malware Icon became visible as the error message came up and I took a chance in trying to run it as the error apeared. This worked and I updated and ran Malewarebytes while the error screen was still on.
Thanks again Buddy, you saved my arse.
Hello Jodi,
No,just move on to the next step.Good luck!
I can’t get past Step 2. I am unable to reestablish Internet connections necessary to proceed. When I go into the Internet Tools Options, the LAN use proxy box is already un-checked. Is there something else I’m missing or another way around this?
THanks
Question: I already had malwarebytes on my computer. I did an update and ran a scan but it did not detect anything. Should I have uninstalled it and downloaded it again? or just move on to the next step?
Hi,
I decided to trust you on the false positives and carried on. My PC is now back.
Fantastic. Thank you so much. You are amazing.
However, the standard ID I use does not have a complete start menu list. Now, I have all standard user accounts on the D drive, separate to the admin ID on the C drive. I looked in smtmp and found folders called 1 which contained empty folders and 4 which is completely empty.
Could the incomplete start menu be due to the users being on the D drive?
I am not complaining, good grief no.
My pc is back working and I cannot thank you enough.
Thank goodness I found you.
Keep up the good work.
Best regards,
Joseph
Amazing I followed the instructions and it worked thanks alot its heaven sent had this problem for months legendary I didnt think it would work but it did now i can veiw by pictures from my smart phone on my p.c tuers!!!!!!!!!!
Hello Lucio,
HitmanPro and Malwarebytes should have removed this rogue antivirus,however for your peace of mind I would suggest that you perform a scan with the following utilities:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
As far as the left over shorcuts,you can just delete them ,as I’m sure that if you press them,nothing will load. Stay safe.
Hello Joseph,
You can ignore the warning from McAfee as it’s only a false possitive.However,if you don’t want to do that ,you can use this two alternative tools:
1.ESET Online Scanner is similar to RogueKiller.Here are the instructions on how to perform a scan:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Unhide Non System Files is similar to Unhide.exe.You can download this tool from here ,and just run it.
Good luck!
McAfee says the websites for roguekiller and unhide are dodgy when I try them.
Can you advise please?
I was doing ok up to that point.
Thanks
Everything worked great except File Recovery still shows up in my “All Programs” list with an uninstall option. What should I do?
Thanks for all your time & efforts!!!
Thank you!!! My computer is alive and the programs work. Bless your heart for sharing this.
Thank you so much! You saved my computer!!!!!!
Hello Alex,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
I tried all of the above steps, and File Recovery is still there. Do you have any tips I can try to get it off?
Thank you so much. Worked perfectly. I am concerned my anti virus did not pick it up though.
Hello Kerry,
While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro and RogueKiller as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to see how everything is running…. Good luck!
Hello PS,
While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro and RogueKiller as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to see how everything is running…. Good luck!
Hello Kris,
Lets try to fix your computer,please run the below tools while in Normal Mode(this is the regular mode in which usually windows is!!DO NOT LOGIN into safe mode with networking!);
First try to run Mawlarebytes in Chameleon mode,if you experience any problems,try to run RogueKiller and then re-try the malwarebytes scan!
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Paul,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
Hello,
Lets try to fix your computer,please run the below tools while in Normal Mode;
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
I still was unable to remove the file recovery program. Also the Hitman Pro software did not offer a free activation selection
I got this virus on my PC today and try to cleanup using your instruction.
I finished 1st step.
While I’m running Malwarebytes software system is going to sleep mode(monitor is going off) and can’t see anything so restarting the machine and running Malwarbytes again….can’t finish scanning……keep restarting….
please help me on this….
I feel silly – but I can’t seem to get past the very first steps. I restarted in Safe Mode with Networking, but I don’t see Internet Explorer…Can you help, please?
Hey thanks buddy. I got my Desktop back. :)
Oh DudE u r my rock star ! love u !!!! MAY u live long and happy happy !
u saved my pc’s life !!
WOW I can only say great tutorial, I’ve been a computer Technician now for like 7 years and now understand that restoring back to factory settings is not a solution oooohhh yeeesss!
Hello-
I was finally able to download chameleon, and I actually got the DOS screen. It just stops working when the black screen says “killing known malicious processes”… :( I am getting more stressed by the minute becuase absolutely nothing is working!
If there was a prize for the best help website, you should get it!
Thank you very much. You made my day. You’re the best!!!!
Greetings from Germany;
Jack
The process works but I’ve managed to shorten it quite a bit by using system restore. If the infected computer creates regular restore points.
1 – Run Rkill to kill the process.
2- Open a command prompt and navigate to c:\windows\system32
3 – Run systempropertiesprotection.exe – This opens up system restore and from there you can select a recent restore point. Restore and everything should be as it was. I’ve fixed 2 computers with this method and it takes maybe 15 minutes.
hello,
I can’t open firefox as it says it is already running in the background. Can you help me fix that so I can remove the file recovery?
Thank you!
probando
Thanks a million… I was worried, but thanks to you it all turned out right!
I am asking anyone who reads this and has been saved by this web page to like it, g+1 it ; tweet it… Thats how we all can fight back!
AWESOME!!! You guys just saved my data!!! Thank you so much!!
THANK YOU FOR THIS ARTICLE! Thought my computer was dead. Malwaretips rocks!
Thank you very much!! Everything is almost back except desktop functions and
shortcuts. Any idea?
Hello Kayleen,
It really loks like the dispay driver got corrupted by this infection.Can you please uninstall it,restart and then reinstall it back in.
NEXT,can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
This is a pre-thank you while I’m waiting for your software suggestions to remove this horrible virus. Thank you!!! This virus ruined my night, but you saved my expensive machine and work files (I’m hoping). Thank God I stumbled across your site. Again, thank you for this awesome step by step guide and information!
Thank you Man, you’re the best!
Another fan….many thanks!
Used Kaspersky Virus Removal Tool and it worked. Thanks for all the information.
Thank you so much…, worried sick, just bought a new $3,000 laptop and this happens??? Gave me the shock of my life. To the Russian who made this virus… GO GET A REAL JOB!!!, instead of annoying everyone else.
TY
Thank you SO much for these instructions. My Dad’s computer got this virus, I followed your instructions to the tee, and it worked perfectly. Thank God there are people like you out there to help us out; otherwise, it would have cost us many hours of aggravation and a whole lot of money. Keep up the good work.
Thanks Alot broh Thanks alot this WORDS…. really you guys are the best that u saved my time and my harddisk from being again formatted. Thanks to the site :)))))) m sooo happy
When I execute the HITMANPRO does not have the option for the free trial. I loaded the latest version 361 for 64 bit. Is there an option I am missing. I have one file left to remove after Malwarebytes and iit will not remove it. Thanks.
Hello Shaw,
Lets try to fix your computer,please run the below tools while in Normal Mode;
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
rkill isnt working this is the second time ive got file recovery
rkill just says….
Ok so I rebooted again, but this time pressed F8 and had it boot up in safe mode with networking. Then I was able to complete your last three steps including step 8. As I rebooted again to “set” my background settings, I let it reboot with the normal setting. Once again it reboots normally until the screen where I put in my windows password to access my computer. I can type in my password very quickly but within about two seconds the screen distorts again to those horizontal lines with the windows login screen coloration and the computer is frozen again.
Actually I’ve only completed through step 5. When I hard reboot which is the only thing I can do, it boots up fine up until the final screen where I would normally put in my windows password to unlock my computer. It flashes this screen for just a second then the screen distorts with horizontal lines with the same coloration as the windows password screen. At this point my computer is completely frozen. Mouse won’t work. Can’t soft reboot. Only thing I can do is to hard reboot with the same result.
Thank you very much, Stelian! Cannot thank you enough for the step-by-step, easy to understand and effective solutions for the removal of Recovery File Virus. My computer is back to normal. Your page should always top Google search results for this virus removal.
Doing great through step 6. When I rebooted after running Hitman, my computer came up frozen with the screen distorted at my Windows log in screen. Have hard rebooted twice and am getting the same frozen screen. Can you advise?
Thanks!!!!
Hello Demian,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs.
Hello Demian,
You most likely have other infections on your computer.Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hello Thor,
This virus was created by some rusian cyber criminals and a lot of people got infected with it.
There are a lot of entries points starting with a Java exploit or a malicious email attachment….
Stay safe!
Hello Mikael,
Right click on the folders and select Delete…this should remove those entries…
HitmanPro and Malwarebytes should have removed this rogue antivirus,however for your peace of mind I would suggest that you perform a scan with the following utilities:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
ps – I’m bookmarking this page. You got skills, d00d!
Thank you so much, Stelian. Your instructions were clear and concise, and are greatly appreciated. Keep up the good work!
Geek in Alaska,
mrshaggs
Thank you soooo much!! You were truely a life saver for me. I had thought my computer had just crashed and finally given out on me because I had been having some problems with it for a while. I started researching to buy a new laptop which I really didn’t want to do right now. I thought the whole “file recovery” thing was legit until I decided to google it, found your site, and realized it was a virus. I followed all of your steps exactly and now my computer is almost as good as the day I bought it!! Thanks!!!!
Thanks for the support removing File recovery!
But I found a map named “File recovery” with two icons, one “File recovery” and “Uninstall file recovery” under “Start” and “All programs” and on the desktop a short cut with the same name. How do I remover these? I couldn’t find them on the C drive or any map where you can find all the other program maps.
You’re my hero, you rescued my laptop! Thank you very much
Greetings from Germany
Thanks for the info.
Have the virus right now. Had some DNS problems a few weeks ago so those are set to Google’s DNS servers. Will have to try the steps to remove this weekend.
Any idea where this comes from? I was looking a Unitarian church sites when it first started affecting my computer.
Also, I posted a nasty threat in their customer support screen. Any idea where they a located physically? If they are US citizens, I could be in trouble.
Great guide, but wish I could get past first step. I used activation code, worked great. Booted PC in safe mode, checked ”no proxy” in Firefox. Still can’t connect to internet to download RKill. Already had Malwarebytes installed, ran a scan. Found virus, clicked ”remove”. No prompt to restart. When I restarted manually some icons reappeared but was still infected — and still can’t connect to internet to download RKill or any of the other software mentioned. All was done in safe mode. Any advice would be appreciated.
Thank you, Thank you, Thank you!!! I have never had anything like that on my computer. I am so glad you step by step instructions were out there. You are AWESOME!!!
thank you for helping me in solving the problem, I was shocked after the attack of the file recovery virus, as I thought that I have lost all my data. Once again Thankyou very much.
Thank you for the guide, but having trouble getting started. Activation code worked great, in safe mode changed Firefox setting to ” no proxy ” but still can’t connect to download RKill. I already have Malwarebytes installed, I used it, found infection, but no prompt to reboot. Upon manual reboot, full scan shows no infection, but virus is still there. I assume I need RKill to halt processes before removal, but how can this happen when no connection to internet can be made. Please help !!!!
Hey, did it in safe mode. I did it with full scan cause it did not work the 1 st time. make sure you deactivate all firewall when you run Hitman. Thanks a zillion! JP
Stelian, thank you from the bottom of my heart: you definitely helped me GREAT TIME to restore my computer after a File Recovery attack!!
I’m so happy that there are such great guys on the internet!
THANK YOU!
Hello Liam,
We can manually remove this files however let’s see if we can get rid of some of them using the below software:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please re-run a scan with HitmanPro and post the log or a screenshot here and I’ll give you instructions on how to remove the left over files.
Good luck!
Good, understandable guide. It’s great that you are are doing this in your free time, so: Thank you alot!
Thanks!!
Hi,
I do not have the option to activate a free 1 time lisence for Hitman Pro 3.6.1
I also have a flashing caution triangle in RogueKiller with “Root.mbr” beside it.
Can anyone help?
Hello,
Yes,you also run this scan while in Normal mode.
Good lucK!:D
Possibly a new twist, Vista Machine SP2 infected 9/9/2012 … in Safe Mode with Networking there was no proxy setting … however … there was something running in the background changing any attempts to connect to the internet specifically something was changing the TCPIP IP value … regardless of the addresses set, the moment the Network dialog is closed the IP address reverts to 192.168.210.152 … so … I went in to Regedit and searched for this IP address and removed all Gateway, and other related keys for this IP address … I then unistalled the Wireless Driver (device manager) then allowed the manager to reinstall the device drivers … this appears to have broken the hold on whatever was taking over the TCPIP IP settings … I am currently running Malwarebytes
Note: I had removed this drive and installed as a slave drive on another machine … it took over 5 hours to scan 190GB on an Esata port using Malwarebytes but this procedure didn’t touch this virus??? It only found 4 unrelated issues … now in safe mode after 30 minutes Malwarebytes has found another 26 issues and still running.
I suspect Malwarebytes may have issues with “MS” file Security when a drive is mounted as a slave … most of the vista files have permissions which won’t match the host machine.
Thanks a lot! Your instructions are awesome, clear and working. So glad that yours is the first in the search result of “file recovery virus”.
All I can say is a BIG: THANK YOU!!
You saved my laptop!
I am running in normal mode now, where the kill worked and I reinstalled Malwarebytes. I updated it and it is scanning now. Is it safe for me to scan in normal mode now that I have internet? Or no???
Actually, it is the File Recovery Virus. They disabled my adaptor for my LAN. I now just undisabled it. Should I reinstall Malwarebytes?
Hello doubleu,
You can always follow this steps..
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
replies like that don’t help. for other people experiencing this same issue, what did you do to fix it Eric L?
Hello Aaron Z,
We can manually remove this files however let’s see if we can get rid of some of them using the below software:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please re-run a scan with HitmanPro and post the log or a screenshot here and I’ll give you instructions on how to remove the left over files.
Good luck!
Hello Oly,
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Jason,
We can manually remove this files however let’s see if we can get rid of some of them using the below software:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please re-run a scan with HitmanPro and post the log or a screenshot here and I’ll give you instructions on how to remove the left over files.
Good luck!
Hello Mike,
Please go ahead with the scan recommended in the guide,then reply back and tell me how everything is working.
Hello SMuse,
How is your machine running right now?
Can you please run a scan with Kaspersky Virus Removal Tool:
Click here to download the Kaspersky Virus Removal Tool.
Hello Sherrie,
You should contact your bank as soon as possible!Also you should do a scan with the above utilities because this virus is still on your computer even after you have purchased the rogue antivirus.
Hello Mike,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hello Brian,
It seems like you also have a ZeroAccess rootkit on your machine.Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on:
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,please run a scan with HitmanPro and RogueKiller
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.
Every time I use Rkill the program automatically reboots. What do I do.
Worked like a charm! Thanks so much!
Thanks for the help, I got everything back to usual. But then 3 hours later, the same thing comes back up even after I quarantined it. This time, the process name was different but it was under the same description in task manager “AAW.” Did I do something wrong, or is this forever reoccurring?
Thank-you very much for this guide. I’m a novice and your instructions were dummy proof.
Too little too late. I purchased this software and my computer crashed shortly thereafter. I will contact my credit card provider on this information. Much appreciated
Hello,
Thanks for your tips.
I had the smae problem and here’s the log:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\iHbG8O6dS4kC1u
c:\programdata\iHbG8O6dS4kC1u.exe
c:\programdata\KRvLBPIruJNA.exe
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
Q:\AUTORUN.INF
Why is it that when I ran RKill, it didn’t actually find anything to terminate. I clearly had the file recovery virus.
OMG YOU ARE FANTASTIC n A GODSEND….TYVM for this!!!!! WOW U ARE GREAT!!!
I got this thing on my work laptop while working at home over the weekend. I can’t get the hitmanpro free 30 day license because it detected my computer as a commercial domain. Do you recommned an alternative?
I’m getting and error when I try to run Malwarebytes in both the safe mode and normal modes with XP. I have run as administrator, but get gui “setup” “Access is denied” click OK and then get “ERROR” gui “setup was not completed…..”Please correct the problem and run Setup again” . I’ve tried several times as different Admins, Safe mode, etc. can’t get by this Access denied… ?
I got all the way to the hitmanpro part but the program says that it is not activated. I can’t find the 30 day free trail and it only gives me the option of purchasing. Did they change that recently? Now they want $19.95 for 1 year. Is there another program that I can usej for free?
Thank you very much for your complete step by step instruction to restore my computer to the normal state. I will try to find a way to help others FREE just like you are doing. God Bless You!
Excellent article. Worked a treat. Easy to follow.
Great article, thanks!!!!!!!!
Actually, got it. Virus had disabled it, just a matter of going into device manager. Phew! Thanks again, very well written tutorial!
Thanks, this is a great thread. I think I got rid of the virus, but it seems to have disabled my internet. I have a TP Link wireless USB, and it no longer even acknowedges it is attached (when I plug/unplug the USB connection, the activity light on the unit does turn on). Can this virus “destroy” hardware? Or is there just some setting I need to reconfigure?
Thanks!
I’ve removed the Windows Recovery virus from quite a few computers using the ‘old and true malware tools’. But, your procedure and very good description of how to do it is one of the best I’ve seen. I found your site by ‘googling’ the virus, and want to say that it’s ‘one hell of a good site’. everything is readable, usable and very clear. The virus is gone and thanks to you it was real easy,, thanks again ,
Bob Smith
Robert Smith Consulting
Fort Bragg, California
Hello Nathan,
What antivirus/firewall do you have installed on this machine? Can you please try to disable the firewall and then connect to the Internet.
Hello sanddunesaddict,
Can you please run a scan with Combofix and ESET online scanner and post the logs here so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
I followed the instructions and File reovery is still on my computer…
My catalyst control center keeps popping up with errors.
This virus seems to have disabled all internet on the infected computer. I am unable to get any connection in explorer, either in safe mode w/ networking or in regular mode. Also checked to remove any proxy, but none was showing as being used in explorer. I’ve used the registration key to get it out of the way, but still have no internet for downloading the removal programs, any recommendations?
using Win 7, Professional
Hello Thy Le,
Did you use any clean-up tool while your computer was infected with this rogue program?
Can you please follow the steps from this post: http://malwaretips.com/Thread-Files-still-hidden-after-smart-hdd-removal-and-unhide-exe?pid=58410#pid58410
Hello brittany,
Can you perform a scan with the following utilities:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
As far as your browser goes,you should really start using Firefox Or Chrome as they are more secure and often updated when compared with Internet Explorer…..Also I advise you to review your rel-time protection and maybe change your antivirus.Below you can find some quick suggestions:
Free – Avast 7 Free version or COMODO Internet Security
Paid : Norton Internet Security 2012,Avast Internet Security 7,G-DATA Internet Security 2012 or ESET Smart Security 5.
Anyway ,you should really start a thread in our Security Configuration forum as you need to build a layered security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow it,then we’ll never meet again in this conditions:)
Hello Nathan,
HitmanPro and Malwarebytes should have removed this rogue antivirus,however for your peace of mind I would suggest that you perform a scan with the following utilities:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hey, it worked I believe. Is there a way to double check wether it was fully removed ?
I think it’s great you put this info on the web for people to use thank you.
After the malwarebytes scan.. it doesn’t prompt me to reboot. A notpad summary pops up If I restart the CPU on my own the virus is still present
Hello PackerFan,
This cyber criminals might have collected your personal data,when you have paid for this fake produc and they might try in the future to use your data.The best thing to do here is to inform your bank,that you are the victim of a cyber attack,they should know what’s the next step!
As an additional step I suggest that you do a scan with ESET ONLINE SCANNER
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Stay safe!
Not thing to say only a Big Thank You to You!!!!
I am going through the steps detailed above. Question is, if I bought into the scam how can I minimize damage (in addition to completing the steps above). Is there anything I can do about the time in which this was active on my computer becuase I was not smart enough to avoid it?
using the registration number *brilliant* what are they going to do sue me for that lol ……thanks
Wow,, I was just about to rip all the hair outta my head, kick my boyfriend and have an anxiety attack, until I found you!!! You are friggin GENIUS.. Thank you and my boyfriend thanks YOU! Problem fixed…
As long as you saved just some images and movies than you are ok!
I suggest that you perform another check…mostly for your peace of mind:
1.Run a scan with Kaspersky Virus Removal Tool
Click here to download the Kaspersky Virus Removal Tool.
2.Run a scan with Eset Online Scanner.
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Hello Josh,
Lets try another way around this
While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro,RogueKiller and Unhide.exe as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
If it still doesn’t want to work, please try the above steps while in Safe Mode with Networking.
Waiting for your reply to see how everything is running…. Good luck!
Hello,
Lets try another way around this
While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro,RogueKiller and Unhide.exe as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
If it still doesn’t want to work, please try the above steps while in Safe Mode with Networking.
Waiting for your reply to see how everything is running…. Good luck!
Thank you so muth!! Works perfect!! :) You rock!
Before I saw your instructions I was going to reset my whole system. When I was in safe mode I put over some files I didn’t wana lose to an external disk. The files I put over was just some word documents, movie and images. Is it possibly that may external hard disk now is infected (and will infect my computer the plugging it) or should it be safe because I was in safe mode when doing it?
Hi! I’ve fixed all the problems. Got all the icons on desktop back. However, when I click on any of the folders, there are some folders inside showing no size. And when I click on those folders, all of my photos, documents, and music are gone. In other word, those folders are now empty. I’ve tried the unhide.exe but still did not get them back. Please reply this as soon as possible. (would be great if you email me the answer: tle9794@gmail.com or, the email above). Thank you so much for your time. I wish you all the best things.
I believe the virus has made my internet explorer inaccessible. I have no icon in normal or safe mode and cannot find in all programs either. Is this typical? Any suggestions?
Everything worked well. I appreciate the time and effort put into this.
Patrick
I cant get the first step done, when I enter safe my firefox says already running and wont run and my internet explorer has completely disappeared. Also i tried the activation code twice with no luck.
most well written guide on the Internet!!
You absolutely ROCK!!!!!!!! This worked perfectly. Thanks for being so helpful and sharing this info.
You are so awesome!!!!! I’ve spent a whole night of last night until 4 AM trying to fix this by a different way from another website. However, my laptop got frozen on the startup screen and the safe mode didnt work either this morning. Wish I was about to find this earlier. Thank you so much. I think there is still some missing files on the desktop like some word files, picture, and music. But that’s totally fine. Thank you for being so specific. Thank you and thank you
Hello eperson,
Run a scan with Malwarebytes,HitmanPro and ESET Online Scanner.. if they all came up clean then you’re good to go…
+1 for doing Image back-ups!:)
Stay safe!
Thanks for this guide, I am impressed with the detail.
I have a machine with this infection. I have daily image backups of this machine going back two weeks. If I restore an image, what’s the best way to determine if it’s clean?
Thanks in advance.
Thank you, thank you, thank you! This made it so easy to get my computer up and running again. You are the best!
Hello Caleb,
Go ahead with the Malwarebytes scan… don’t worry about RKILL… If you will have any problems please reply back.
Hi, thank you for providing these instructions for removing the file recovery virus,
I am however having trouble running the Rkill programme even with it being renamed.
It comes up with:
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
Is this normal? as it says it hasn’t found any malware processes to kill etc. and I am certain I have this virus. Will this stop the other stages… malwarebytes onwards from working?
Thank you in advance.
Hello Jack,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download.ComboFix must be renamed before you download to your Desktop
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
It’s so nice when people like you take the time to give clear, detailed, accurate and intensive directions on how to remove something as disgusting as this malware! Thank you so much!!!!
Hi, Thanks a lot for this great guide! After finishing all the steps, most of my computer settings were restored. However, on my desktop there’s was a shortcut called File_Recovery. I try to right click it and it just freezes on the mouse “loading” image. I searched it on the start menu and there’s an option called “Uninstall File Recovery”. What should I do? I’m scared to click on any of the files.
Thanks for all the help!
Hello Brandon,
You are infected with a very nasty bootkit.
We will need to run Kaspersky TDSSKiller (follow this instructions – http://malwaretips.com/Thread-Live-security-platnium-virus?pid=69292#pid69292)
Can you please run the RogueKiller scan and see if this will fix it….
Waiting for you reply.
when I run hitman pro there are always two items that need to be replaced:
master boot record(sector 0)
c:smbr
bootkit
and
volume boot record(sector 488368128)
c:svbr_488368128
rootkit
Hello john,
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
After doing this several times and in different orders I finally got close to being back to normal, but my internet explorer does not work. It works in safe mode, but not normal mode. I tried updating to IE9 while in safe mode, but didn’t help in normal mode. I installed Chrome in Safe mode and that does not work in normal mode, but works in safe mode. When I click on IE in normal mode an application error pops up saying “The application was unable to start correctly (0xc0000005). Click OK to close the application.” Thanks for all your help so far.
Hello Bill
Can you please run a scan with Combofix, ESET online scanner and post the logs here so that I can get an idea on what’s going on :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,
1. Click the Start buton
2. Type “cmd” in the Search Box and then press Enter
3. Right-click “cmd.exe” and select “Run as administrator”
4. Click “Continue” on the “User Account Control” Window
5. In the command prompt type the following command
sc create BITS binpath= “c:\windows\system32\svchost.exe -k netsvcs” start= delayed-auto
6.Restart your computer and check if the problem is solved.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
I have followed each of the steps outlined, which removed the virus, restored my shortcuts, desktop, etc, however, like Randy Haben below, I cannot run Windows Update and cannot turn on Windows Defender firewall. I tried the Windows Update Troubleshooter, but it was unable to fix update.
Any suggestions?
Thank you very much Stelian! Wonderful instructions, easy to understand and follow. I was able to follow all your steps easily enough but I encountered a problem after using RKILL. I could not stop it from rebooting for some reason so I just ended up installing Malwarebytes after it rebooted and it seems to have worked fine without a hitch. My computer is back to normal albeit some programs like by printer control server is not working and needs a re install. If anyone has a step they are having trouble with you can always adjust the steps like I did. It’s probably better to follow it to the T but sometimes its not always exactly like the author’s instructions. Follow these instructions! They aren’t trying to sell you anything, ok maybe the full versions of the programs , they are just sincerely trying to help! There are still good people out there and I thank you again for that! A+
@Kansas,
I agree completely..God fearing or not his post was a blessing to those needing the help…and for free..!! Wow thank you again to the author!!
This was a great help! I’m really glad I stumbled across this. It’s pretty annoying to get Malware, but I’ve learned to fix so many of the tough ones I knew right away I needed to shut down and restart in safe mode with networking as soon as my desktop went dark. I also already had Malware Bytes on my computer, so it was pretty easy for me to run the unhide app and hitman. Thank you!
Follow-up: Turns out I was not done. BITS and Windows Update services had been corrupted. I was able to get Windows Update working (sort of) with the Fix-It tool from Microsoft. But it could not fix BITS, which is necessary or Windows Updates to actually install the updates. After many hours of painstaking searching, I finally found a registry fix for BITS in a Microsoft answers article: http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/bits-service-is-missing-error-code-80246008/08cadf89-5ac5-4e15-8795-6c5ff798847c. After rebooting, BITS started normally but I still don’t see any progress in downloading. In any case, it seems like progress.
Life Saver! Thank you so much for creating this for us non techies. Followed the steps and all my files were recoved. You guys ROCK!!!!!!
Worked great – cool tools.. thank you for the help!
Like many others, I found this blog post enormously helpful. It has taken many hours over a couple of weeks to recover from this attack. I got stuck at the Hitman Pro step. When running it I noticed it flagged the MBR (Master Boot Record). That worried me a little and when I rebooted, I got a “disk read error”. I could not find any articles to deal with that other than re-installing Windows. One problem with that is that I cannot have my original disks. However, I do have another laptop with Windows 7 and created a repair disk from that. Booting from the repair disk dvd, I discovered I could get to the command prompt and could see my hard drive and could run CHKDSK, which came back with no errors. I ran the various boot fixes and still could not get past the disk read error on startup. Then it occurred to me that maybe the partition had been deactivated. I got back to the command prompt on the repair disk and used DISKPART to set the partition (in this case partition 2 because DELL has other uses for partition 1) to active. Bingo! Now the computer boots and fine and I have been able to continue with the remaining steps. RogueKiller identified the ZeroAccess rootkit and apparently neutralized it. MalwareBytes and HitmanPro now run clean.
Thanks again for this really useful post.
OMG! You are a lifesaver! The instructions were easily laid out and made following easy! THANK YOU!
Hello Richard,
Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Your information on this site is excelent the best thing about it is that is free with no gimmics . I realy appreciate this site .Got rid of that anoying (file Recovery virus) Thanks a lot for your help.
Thank you for the help so far. I have spent 4 hours already researching how to fix this Live Security Platinum spyware with 2 other websites that lure you into a payment plan for protection, and following the discovery of your personal help have managed to reach step 4, but cannot find this mbam-setup icon either on the desktop or in the list of programs to run. Following advice to another in this predicament, I have jumped to Step 6 and returned to step 4 to no avail. Please can you advise? I have MS Windows XP.
My wife said she was looking at a cooking website when we got the file recovery virus… I thought we lost everything and she was so bummed when I didn’t think I could get our photos back! Your site saved the day and made me look like a hero!
I praise God for the gift He has given you to help me and so many others!
Thank you! Thank You! Thank You!
Hello Davey,
Can you please run RogueKiller as seen on Step 6 and then try to run the Malwarebytes scan. Next run the HitmanPro scan and then run the Unhide utility.
If it doesn’t work,please reply back and I’ll help you with additional instructions!
Hi, I’ve gone through the first three steps, but once I get to the scan with malwarebyte. The program seems to freeze at the point everytime. I’ve tried uninstalling and reinstalling but nothing seem to be working. any ideas?
Thank you soooooooo much! I was at wit’s end trying to deal with this and then I found this guide. What a relief I don’t have to wipe my hard drive.
This is amazing. You are a god
Easy to follow and worked like a charm…. Thanks so much!!!
So is your computer OK? :D
My mistake, follwed all steps except for Hitman Pro which did not complete. It loaded and catorgarized but did not ever complete a scan (froze)
Hi guys. so I followed all the steps outlined above but am still having problems. File recovery virus appears to be gone. However, I cannot get any anitvirus program to work: norton, AVG, Microsft essentials etc. The system restore will not work either “unable to restore” . Where do I go from here? Thanks in advance.
Hello MDS,
Here http://www.bleepingcomputer.com/combofix/how-to-use-combofix ,you can find more details on Combofix.
Waiting for your log.
omg!thankyou very much for posing this thread. It really fixed my pc. I thought I was gonna lose my temper from that b****.
hope you have more threads for removing viruses THANKYOU!
Hi Stefan,
Thanks for your response. Could you tell me a little bit more about what Combo-fix is and how it works?
Right now, I think (!!) I’m clean wrt this virus, but the only residual issue I have is with the shortcuts in the startup window.
On a related note, I managed to complete a full scan using Kaspersky’s free scanner (it took about 28 hours – it doesn’t run well when the computer is idle), and it indicated that the RKill executable file was malicious. Do I need to be worried about this?
Thanks.
Thank you very much for a method that really worked and instructions easy to follow.
Also, I would like to add in case someone else had the same problem.
After the MalwareBytes step when we boot into normal mode, I could not start Firefox because it kept telling me a Firefox process was already running and to close it first.
In bringing up Windows task manager ( ctrl + alt + del ) I saw no Firefox process or any or process that looked unfamiliar.
I also could not run IE as when I tried going to this website it gave me error messages saying files were missing.
Luckily I remembered I still had Chrome on my system and in Windows task manager ran Chrome.exe in start new process tab; so that I could come back to this site and download/run remaining programs for the next steps.
I guess otherwise one would have to download the programs in safe-mode, start in normal run those programs from Windows task manager although I don’t know if this is possible since Chrome was a registered program installed, and not only was I prevented from running Firefox, File Recovery did not let me access “My Computer”.
Before I had problems with File Recovery today I had lots of misdirecting going on from links in google searching…I tried removing some files with HiJackThis which helped reduce the problem…but in the process may have removed some files that were causing me some problem in following the steps on this site. Again, just writing in case someone gets the same problems I did.
Hello Kaprico,
Lets work in Normal mode and remove this infection:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
NEXT,run the Unhide utility as seen on the guide.
Waiting for your reply to tell me how everything is running!
Good luck…
Can you please run a scan with Combofix the log here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
Waiting for your reply to tell me if your machine is ok and the logs from Combofix.
Correction – in the 3rd paragraph of the previous post, it should say RogueKiller instead of RKill.
Hi Stefan,
Thanks for your response. Here is what I’ve done:
In the msconfig start-up window, I don’t get any menu to delete the shortcuts when I right click. Also, when I go to the directory path the shortcuts point to, I don’t see the files in question, so I’m not sure how to remove them from the msconfig startup.
The RKill run came out clean. I was unable to successfully run the ESET scanner. The first time, it locked up my computer (I had left it running and had gone to work, when I came back, it had hung). I rebooted and relaunched ESET, and it ran for over 7 hours (nothing else was running to slow it down and I have an i7 chip with 8GB of RAM so it’s a pretty fast computer) and then suddenly rebooted my computer, so I’m not sure if it completed or not. Do you know where there may be a log or report stored that I can look at? Also, in the ESET Quarantine directory, I see a few files (from the first run) with extensions .NDF, .NQF, and .NQI. What are these, and should I delete them?
I additionally ran a full scan using MalwareBytes, HitmanPro, Avira, and freeAVG, and they all came out clean. I also plan to run a full scan using the free version of Kaspersky later today.
Let me know what next steps I should take. Thanks once again for all your guidance.
Unfortunately, when I tried to implement the recovery strategy, a blue screen “page_fault_in_nonpaged_area” appeared shortly after I selected SAFE MODE WITH NETWORKING. I therefore couldn’t get access to start the process. Thoughts?
Thank you very much Stelian!
I just conclude your guide like this:
You are the God!
Thank you very much.
It only downloaded when I went back into safemode, I completed your instructions and as of this morning all is working fine! Thank you so much. not sure why i was unable to download from your link or from their web address direct and from another source off of google, all failed until I went back to safemode and then no problems.
I cant thank you enough!! Just used the instructions and my computer is up and running again. Most simple and easy instructions I have followed on virus removal! AWESOME!
Hello Ken
You can use any email adress with the activation code (123@fake.com for instance.. )
Next,lets work in NORMAL MODE and remove this infection..
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello MDS,
Those shortcuts are just leftover files which you can delete…… Right click on them and select ;Delete;
Next,lets make sure your computer is really clean :
STEP 1: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Stay safe!
Hello,
Can you please try now to download RogueKiller, here are is the download link : http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
If it still doesn’t want to work , please reply to this post!
Buna Olivia,
Este indicat sa folosesti si RogueKiller.. In mod normal nu ar trebui sa fie nici o problema daca utilizezi acest program….
In legatura cu proxy-ul , in majoritatea cazurilor, nici macar nu exista…..asa ca cel mai probabil nu ai nici un fel de proxy server instalat …….
Urmeaza pasii de mai sus si daca ai probleme , o sa te ajut eu! :)
Succes!
You’re step by step instructions cleared the virus & restored my computer.
Thank you.
Hey Stelian,
Just got this nasty bugger cleaned off thanks to your help.
Thanks a MILLION for this awesome step-by-step post!
~Brett
M-am gandit eu ca esti roman :) Laptopul meu s-a pricopsit cu virusul File recovery si am tot cautat instructiuni care sa ma ajute sa elimin virusul. Desi disparusera fisierele (erau ascunse), acum le-am facut vizibile (in urma altor instructiuni de pe net). Am mai gasit un tutorial destul de util care recomanda printre altele si Rogue Killer; teama este ca eu sa nu sterg ceva util functionarii pc-ului (ceva din sistem). Este vreo problema sa urmez instructiunile postate de tine avand fisierele vizibile? De cand am capatat virsului, am mai deschis laptopul de vreo doua ori cu Safe mode cu internet; din ce am citit, este important sa inlatur acel proxy? Multumesc mult! Sper sa reusesc, maine vreau sa rezolv.
got hit with this virus yesterday, following your instructions all going well until RogueKiller, from your link or elsewhere, it hangs up, unable to download. I use task manager to halt it. No what do I do? Making me nervous as I’m not a techie and don’t want to cause more problems.
Hi,
My PC was infected with this virus and I was able to follow the steps above to restore it to its previous functionality [THANK YOU !!]. However, I still see the malicious programs in my start-up list (though they are disabled so don’t affect anything). I do not see these programs in the Add/Remove programs under the Control Panel, so I’m not sure how to remove them permanently. I’ve run various anti-virus/malware tools (Kaspersky, MalwareBytes, HitmanPro, Windows Defender) and none are able to identify the residual files.
Any advice you can provide would be greatly appreciated.
Thanks.
Hey when i am entering activation code at first step he is also asking me the email id. And although i started it in safe mode with networking my internet is not working, how i am supposed to download the anti malware. Please reply asap. Thank you very much
I have been repairing PC for over ten years and this was one of the best explained virus removal and done exactly what it said on the tin. Thanks
Hello Kristian,
Did you let the download complete?? I’m asking because it shouldn’t end in .php ….
Please follow this steps:
STEP 1: Run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3 Please perform a scan with HitmanPro as seen on the guide.
If you are having problems starting this program please use the ForceBreach mode as described in the guide.
STEP 4: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Hello Amanda,
Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
I’ve been fixing computers for 25 years. This is the best set of instuction for removing a threat I think I’ve ever seen.
And best of all, It WORKED.
Thanks.
Thanks SO much for your easy-to-follow instructions! I didn’t have to uncheck ‘use proxy server’ and I’m not sure why. Also, I couldn’t get RogueKiller to run. Kept giving me an error message telling me it isn’t a valid win32 application. Is there a way I can fix that, or another program I can use instead? All the other programs worked and everything seems back to normal.
Hi, and thanks alot for this helpfull guide, but i do have a problem. I cant get malwarebytes to install, i downloaded the free version and when i try to install i says:
Cant open this file:
File: mbam-download-exe.php
Hello PHOENIX,
Most likely your Windows Firewall is blocking HitmanPro to connect to the Internet……
Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Hey there,
Thank you very much for the help, I just have one question.
Everything was going absolutely fine until I finished my HitmanPro scan. After clicking ‘Activate Free Trial’, I receive an error message telling me that my Windows Firewall is not allowing the program to run. I can’t figure out how to allow it through the Firewall, as HitmanPro isn’t on the list of programs and won’t show up when I search my computer for it.
Any help would be sincerely appreciated!
Thank you so much for your detailed instructions! It worked!! My computer is up and running!! You are awesome! God Bless!
Hello Lee,
Can you please run a scan with Combofix,RogueKiller and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with RogueKiller
RogueKiller Download Link (This link will automatically download RogueKiller on your computer)
STEP 3: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run HitmanPro and Malwarebytes as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utiliti
Thank you so much for your informative guide to fixing this malware issue! I am not really computer literate, but your step by step instructions were great!!! Thank you again!!
Hello Laurel,
You should really start a thread in our Security Configuration forum as you need to build a layerd security config: http://malwaretips.com/Forum-Security-Configuration-Wizard
Also it would very good if you took the time and read this article that I’ve wrote: http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/ .. If you follow this tips,then we’ll never meet again in this conditions.
Stay safe!
I SO appreciate your helpful webpage!! I followed each of your steps in order, and my computer appears to be fully cured. Like others, I wonder how I got infected in the first place (had McAfee installed). If you have any recommendations on how to avoid future infections, I would be most grateful (you may contact me by email). God bless you and thank you very much for taking the time to post this. Go FCB (my son is also a huge fan)! Aloha!
I can only say thank you for the data you saved me! Nice work!
Thank you!!!
Thanks for the concise instructions! It took a few times, but everything is good now!
My friend, you are a force for good in the world. A thousand thanks!
Thank You So Very Much…I Can’t Afford It, But I Owe You Big Time! Bless You…I Got EVERYTHING Back, I Don’t Understand Virus Protection If They Don’t PROTECT! We Need More Defenders Like You Out There…Thanks Again For Walking Me Through This Sickness! :-)
Hi all,
My laptop showed the file recovery symptoms a few minutes ago. Before finding this site I did a system restore and the PC booted up “just OK”.
I still did everything this guide says but noted that RKill didn’t find any file-recovery related processes but the log said that a fake hdd app used to be on my system. Some registry key were fixed by Rkill.
Malwarebytes is still scanning so I’ll report back when everything is finished.
thank you so much!!!!
i just successfully repaired my computer by following your guideline!
really appreciate about the content you share! it is easy to understand!
thank you!!
What a mess this virus causes, and what a wonderful service you have provided to those affected by the virus. So many tools that had to be researched in advance and sequenced so as to produce a full restoration! Your instructions were crisp and clear and everything worked perfectly for us. We are so thankful to have our computer back and operating properly again! We are also happy to know about these many excellent products and intend to do business with them! Thank you a thousand times!
Everything worked well except for unhiding the menu items. I was able to unhide the menu items for the administrator account on Windows 7, log out, and back in and they are still there. However, for my standard user account, I can unhide and see the menu items, but when I log out and back in, they are gone again. Any ideas?
Hi there…I cannot get my internet to work even when I uncheck the proxy.
Any tips???
Thanx !!
This really saved my day and everything on my computer.
Great work Guys !!!
OMG!!! You are AMAZING! I appreciate you sooo much for sharing your knowledge and time. Thank you, thank you THANK YOU!! I thought I lost my kids pictures and video footage. Then I found your site and became refreshed, empowered and unafraid. Thanks again :-)
Started out for five minutes this morning great, then the computer went crazy. Something told me this file recovery was not for real. I start at 9 am and now it 6 p.m. Your instructions were great and concise and easy to follow. Just in the process of restoring the hidden icons and files. I almost had a cow this morning until I found your site. This happened on my PC and thank goodness my laptop was not acting up and was able access your site. One question , this may happen again, hope not but does system restore do the same thing as the rogue killer that restores all the hidden icons and files or do you have a chance to restore the system with the virus in it? Anyway I just want to send a BIG thank you, everything seems to be restore back to normal. Your my hero!!! :)
Thanks a lot. I got the PC going again.
The only problem was hitmanpro did not have a 30 day activation and it indicated I had a “Volume boot Record” rootkit.
Thank you!!! I was totally freaked and thought I was going to lose my photos! What a lifesaver!
thanks……!!!!:)
I dont know to express my gratitude. Thank you.
well written answer.
easy to understand.
worked fantastic.
I was frantic, I think we all were. and you were here for us with this answer that even someone loseing their mind could follow.
In the name of all things holy……thank you……thank you.
Thanks so much – followed the instructions and it worked! Really clear guidance provided – thanks again!
Stelian, It’s working! Thank you very much.
Awesome. Thanks for this page, made life a lot simpler. Just wanted to get access to all documents to back them up before doing a full format to make sure this is gone. This has been a great help, thanks
Hello Joy,
So your computer is OK now right?Or you need assistance?
Hello Jeff,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Next,please run RoguerKiller,HitmanPro and Unhide.exe as seen on the guide.
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Multumesc Florin!!
Ai grija de tine.Salut de la Bucuresti!
Multumesc. Nu ti-am descris problema, insa indicatiile tale au fost excelente.
Totul merge OK acum.
Este extraordinar ce faci tu. Foarte putini oameni mai ofera ajutor asa deschis.
Daca nu gresesc cred ca esti roman, si daca este asa, pentru asta sunt mandru si eu(fara ca eu sa am vreun merit, toata stima pentru tine)
Hitman Pro will not install, there is an automatic update it tries first and while updating there will be an error, and it won’t let me click on next. Force Breach mode did not work either. Any suggestions?
Attempted multiple runs of the Malwarebytes Chameleon to find one that works as your earlier response to Eric suggested. None ever opened the program as typical, stayed in DOS command, each one remainig with that same notice. I was never able to get RogueKiller to load. Downloaded UnHide and after Hitman, RKill, and Unhide, everything appeared to be back to normal. Ran Malwarebytes this am and it seems good. Thank you.
Just keep your computer malware free and have an awesome life!!:D
Stay safe!
A thousand thanks…. How can I repay the favor?
Hello Donnie,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
What antivirus are you using?
Hello Monica,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
No,it’s not normal…Please run another re-named version of Malwarebytes Chameleon.. It should not take more than 5 minutes to kill the malicious process….
Waiting for your reply to tell me how is everything working…
No,it’s not normal… Please run another re-named version of Malwarebytes Chameleon.. It should not take more than 5 minutes to kill the malicious process….
Waiting for your reply to tell me how is everything working…
Hello,
Can you please run a scan with Combofix and ESET online scanner and post the logs here :
STEP 1 : Run a scan with Combofix
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
VERY IMPORTANT !!! Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop
———————————————————–
———————————————————–
———————————————————–
Notes:
STEP 2: Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me if your machine is ok and the logs from this utilities.
Me and my dad tried to use hitmanpro however when it tried to look for remenants, it crashed on us TWICE. Can you help?
THANK YOU SO MUCH! I was horrified that my SSD was fried but thank goodness it was a virus! I had a look around and THANK YOU for your excellent tutorial/links to programs to solve the problem. It’s now back in the pink! You guys are awesome!
forgot, run Hitman, then RKill, now stuck at Malware
I’ve had to go at this piecemeal. Run Hitman successfully, then updated Malwarebytes. Didn’t open auto, went through files, now on DOS prompt that reads – Killing known malicious processes, please wait. Been here over an hour. is this normal?
On my son’s computer, it has been on here awhile apparently.
I’ve had to go at this piecemeal. I’ve run Hitman successfully, then updated Malware. Malware didn’t open automatically. DOS prompt reads – Killing known malicious processes, please wait. Been here for over an hour. Is this normal?
I used these steps a few weeks ago and THOUGHT I had success. The same trojans appeared again last night. When trying to download the mbam-setup file in step 4 all I was able to download was a php file. This didn’t happen the first time I had to go through this process.
I’m hoping this round works. It’s very frustrating, especially since I’m not sure HOW I got the trojans as I don’t click on any unknown links, etc.
THANK YOU!! Totally saved my laptop :) Respect to you! :)
Thank you very much, you have saved my life big time. Everything worked just fine!
Thank you again!
Stelian – you rock dude!
Thanks for the detailed instructions…they worked great!
You are great – God bless you!
thanks a million! fixed everything perfectly
Thank you very much.
worked great!
Hello Erika,
If you have an infected MBR then you need to replace it, that is your only option… It most cases it won’t cause any problems so you don’t really need to worry! :)
If you don’t then you’ll have browser redirect to malicious webpages and other unwanted behavior…
Oh sorry I just got it fix. Thank you so much for your help!
Dear Stelian, I got another problem right now. After I done every steps, my background still change to a black back ground every one or two hours. I ran roguekiller each time, and the program detect a key type call WallPP every time I scan it. And then I delete it but one or two hours later, it happens again. Do you have any idea why is it?
You are a life saver!!! Thank you so much!!
Hi, thanks so much for giving this info. HitmanPro founda Bootkit in the Master Boot Record (which it wanted to replace) and a Bad Configuration in the Boot Configuration Data (which it wanted to delete). I noticed that Javier had a similar issue that resulted in the language changing to Spanish so I did not allow HitmanPro to fix these to things. Do you think it is safe to run the program again and allow these changes?
thank you
omg i actually love you. thanks so much!
Hello,
Lets work in Normal mode to get around this:
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro,RogueKiller and Unhide utility as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is running!
Good luck…
Glad to see everything is ok now!Yes you can remove that folder if you don’t need it… :)
Thank you so much! I think my computer is back in normal and I will definitely go to dispute that damn payment. A small question here, after I ran the unhindered utility folders and files shows up, and there is a folder called administrator on my desktop, is this folder originally being there? Can I hide it or remove it?
Hi Thanks for all tips , although its not working for me at the moment :(
I do STEP 3: Run RKill , but as soon as I do it it come s up with a message.
“This system is shutting down. Please save all work in porgress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM
Time before shutdown 00.00.59
This then counts down to zero and reboots , and Im back to square one.
Also below this is says
The system process
C:\\WINDOWS\system32\lsass.exe terminated unexpectedly with status code 0. The system will shut down and restart.
HELP , its doing my head in :(
THANK YOU, THANK YOU, THANK YOU…….easy to follow and WORKED! You guys are AWESOME!
Hello Eric,
You should contact your bank and dispute the charge stating that the program is a scam and a computer virus.they should know what to do from there.
NEXT,you still need to remove this virus…so please follow this steps:
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro,RogueKiller and Unhide utility as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Im sorry I mean step 3
Hi, it’s after I paid this damn virus then I found this website. So since I already paid for this virus so do I start from step 2 to clean it up? (another weird thing here, on their website they offer full refund on your payment, I did that anyways after my computer got normal again, and if I don’t get it back I will go see my credit card company.)
OK so I Got this comp working now but no antivirus will work,or windows update. what now
Do you know any fixes for this? I’ve going crazy over this for the last two days!
Wow thank you! Your step by step instructions worked perfectly. I’m not a pro by any means but your procedure and the powerful programs downloaded really nailed it. Amazing. Thank you so much!
Thanks Stelian – great instructions and tools.
Hello Javier,
You have a Master Boot Record infection which HitmanPro fixed.. this is the reason why your computer is now booting into the English version.
-Thanks a million – worked like a charm. I just wished I knew how this nasty malware entered my system.
Kudos – Russ
Lot of thanks. You are The BEST!!
Wow.. Thank you so much!!! Easy to follow instructions you are a life saver very greatfull :-)
I need help!! After running Hitman Pro, I restarted my computer (HP Paviliom dm1) and it booted into Win7 Home Premium (i use Home Basic), in english (my PC is in spanish) and with no apparent way to return to the previous partition. Do you have any solutions? It doesn’t even show me the options to select a user account, it’s like its a completely different computer. Please, help!
I LOVE YOU! (Don’t tell my wife…)
Thanks for this – you saved our day. Superman wears pajamas with YOUR picture on it.
Thank You very much! Appreciate you time and effort explaining in detail and step-by-step. It worked and successfully removed the nasty virus….Keep up the good work.
Thank u man very useful guide…ui saved us :)
Tnx, this save my day!
Great guide that really worked.
Thanks one more time.
THANK YOU VERY MUCH!!!! YOU ARE A GENIUS!!! YOU SAVED ME!!!!!
Hello ,
Lets work in NORMAL MODE to see if we can get around this :
Please run a scan with Malwarebytes Anti-Malware in Chameleon Mode in Norman mode:
2.Please perform a scan with HitmanPro as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
This virus is popping up when I’m in safe mode too. It wont let me run anything.
Hello,
Lets try another way around this
1While in Normal Mode,please try to download and run Malwarebytes Chameleon:
iexplore.exe http://downloads.malwarebytes.org/file/chameleon
2.Please perform a scan with HitmanPro,RogueKiller and Unhide.exe as seen on the guide.
3.Run a scan with ESET Online Scanner:
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
THANK YOU! THANK YOU! THANK YOU !
Hi! Great writeup, but I’m having trouble using it. I have gone to safemode with networking on my infected laptop but IE is completely hidden and can’t be searched. FireFox is visible but when I try to open it it says FireFox is busy and another application is already open. There are no programs running anywhere, and I can’t browse to follow your tutorial. Help please.
Thanks a LOT for your time spend putting this instruction up!
This “File Recovery” is really a nasty thing. But thanks to you, and the wonderful tools, my PC is back and rocking again :-)
Visca el Barca!
great work
Thank you SOO much for putting the time into this page, it’s the ONLY site that I know of that completely removes the File Recovery virus and restores everything back to normal on my system.
Thank you!!! Thank you!! That was a nightmare of a day before I googled that nasty virus from my phone and found your website. I did it step by step and my computer is better than it was before the virus. Thank you!!!
Thanks a million for taking the considerable time and effort it took to post this comprehensive solution. I was hours trying to sort it out on my own without success. Lucky there are people like you out there who will help.
Many Thanks Again
Absolutely Brilliant! Thank you so much for posting this. Worked like a dream. And as a bonus, the process found and scrubbed other malware tht had really been slowing my computer down. It is fresh out of the box fast now.
Again – many thanks.
Thanks bro, i really apreciate your help in circunstances like this… i was so desperate before your post. Gracias hermano
Hello,
There are several ways this virus spreads…. via email attachments or via an infected executable from a compromised website…. :)
I had the File Recovery virus on my PC when I got home last night. I am thinking that it was a time-bomb virus. My non-updated two year old version of Malwarebytes’ wouldn’t detect it. After running RKILL, I downloaded the new version of Malwarebytes’ Pro, but I had to run it as iExplore.exe, same as RKILL, to get it to install. Then I ran the Unhide utility. It’s great to be able to see the contents of my desktop, documents, music, pictures and my hard drives again, and to be confident that I am once again virus-free. Thanks for this excellent help page.
Stelian,
Thanks for this excellent guide! Do you have any idea where this came from or how it gets onto one’s machine? Just curious, as I am usually very careful with what I browse, open, download or install and this was a complete shocker.
thanks so much, awesome advise. really easy to understand.
thanks again
A very big thank you!!!! Keep up the great work!
Hello,
While in Normal Mode,can you access the Internet?If yes,please follow this steps:
STEP 1. While in NORMAL MODE,download HitmanPro and then start this program in ForceBreach Mode
1.Here are the direct download links for HitmanPro,
– http://dl.surfright.nl/HitmanPro36.exe (For 32bit)
– http://dl.surfright.nl/HitmanPro36_x64.exe (For 64bit)
2.Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including this rogue malicious process
Here is a video that explains with graphic details how to do this : http://www.youtube.com/watch?v=m6eRWTv2STk
3. Let HitmanPro scan and remove the detected infections.
STEP 2: While in NORMAL MODE,download/Run Rkill and then run a scan with Malwarebytes
1.Download any re-named version of Rkill (direct download links bellow):
RKILL DOWNLOAD LINK #1
RKILL DOWNLOAD LINK #2
RKILL DOWNLOAD LINK #3
2.Next,please perform a scan with Malwarebytes and then do a RogueKiller and Unhide.exe scan as seen on the guide
STEP 3. Run a scan with ESET Online Scanner
ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
Waiting for your reply to tell me how everything is working.. :) Good luck!
Help! I am trying to follow instructions, but my computer is attached to the Internet via wifi- and I can’t get internet acess with safe mode plus networking, it seems.
Also, the LAN settings do not show A proxy server connection at all
Superb step by step instructions, many thanks.
Stelian Pilici…people like you are there so systems are safe…many thanks to you, i F***’d this virus to death.
Wow!! Your help saved me! I was so freaked out! Thanks for the step by step, clear instructions and minimizing the “techie talk” that is way out of my league!!
Thanks again! I really appreciate it!
Thank you, but, I notice that it is the same person all the time. They only have one support person!!!!
I can not thank you enough!!! I had no idea what I was going to do!
Thank you so very much!!! :)
thanks!!
Thank you so much! Without this, I wouldn’t know how to return my computer back to normal. I can’t thank you enough!! :)
Thanks for your help. Much appreciated. Thought I would have to reinstall Windows 7. Probably saved my marriage too!!!
in the 1st step when you enter the activation code, it comes up the a read me note some crap about “thanking you” and theres a “customer support” number. I HIGHLY recommend giving them a call or a few calls or enough calls to annoy them just as much as you are annoyed of their adware. haha ya the whole time i was working on getting rid of this i called over and over and over and over and over and over cussing the crap out of them for their lovely adware. so manytimes they wont answer me anymore:(
in case you didn’t get the number its 1(888)880-6899. use google mail to make free phone calls. that way the number can’t be traced or called back
Thank you SO MUCH for posting this! It was a real life (and money) saver!!!Fixed my computer while reading your instructions on my phone! You ROCK! THANKS AGAIN!!!
Awesome! My system has been restored. Thank you very much!
A gazillion thanks for taking the time to put this together for us! You are a total life saver and you are so very much appreciated!
Great stuff, somehow this nasty crept its way onto my Win 7 Pro machine and these instructions look to have pretty much cleaned it off. Just a few leftovers/comments:
1. Hitman Pro didn’t give me a 30-day trial option to do the cleaning, so I just bought the 1 year subscription
2. The Unhide utility will also unhide files/folders that were originally hidden, so you might see new folders that you haven’t seen before
3. File Recovery files / shortcuts got left on the desktop and in the Start menu, so just nuke those manually. A few in C:\ProgramData also (random-characters.exe).
Keep up the great work mate!
God Bless You!
Thank you for this tutorial. It worked for the most part. Really appreciate it.
You are my hero!!
Thank you so, so much for posting the instructions to resolve this matter; the solution provided worked perfectly.
Salut si ai grija!!:)
Multumesc, foarte mult!
It took a little while but i ve gotten rid of the beast, thank you so much
2nd time I have needed your help & both sucessful! thank you!!
THANK YOU SO MUCH! You magnificent Malware Fixing Warlock you. Instructions were straight forward and easy. Though a little lengthy, I appreciate how thorough this is, and saved me at least a day of re-formats and re-installs.
I Would love to figure out how on earth I got this Virus/Malware in the first place, I had Avira Free installed at the time, but regardless, thank you. If I ever find out how I got this, I’ll post again =)
OMG!
Thank you so much! BIG HUG.
Barbara
Thank you for providing these instructions – they were clear, simple, easy to follow and worked!
Tus consejos me fueron de gran utilidad,
muchas gracias.
Suerte!
Stelian, you’re a legend mate! Thanks for the comprehensive, easy to understand guide. It saved me from rebuilding my pc unnecessarily. You will reap many rewards from your generosity. Cheers, Glen
Thanks! this guide really helped me a lot!
I’m just wondering though, will all this steps ensure the total removal of the virus or could it be still lurking around?
Having helped a friend get rid of this nasty, I echo the gratitude in the previous responses. I suggest that a donate box be available on
this page so that the painstaking effort neede to combat these abberations of humanity can be rewarded.
Brilliant, many thanks from down under!
Soooo happy! After the virus attack, I was nervous and skeptical of every download, but my faith that there are good people in the world has been restored! Followed each step and am completely back to normal. Phew! You rock!!!
Thank you very much for this very good explanation.
I found it easier to download all programs on another computer on an usb stick and then start with the cleaning as the browser could not be started on the infected computer.
Hi, I’m a brazilian girl, with the same problem, and so happy because you help me!!! Thanks so much!!!
Outstanding tutorial both in level of detail and completeness. You saved me a massive headache…thanks a ton!
Thank you! This has been a huge help. The only thing I will add is that the version that I got shut down my internet. I checked another site and was able to use the RogueKiller to get it working again by using FixProxy, FixHost, and FixDNS. I wasn’t able to use the HitmanPro without the internet, and HitmanPro was essential to removing the virus (for me at least). Thought I would share incase anyone else is having that problem!
You have no idea how much trouble you saved me, the only changes are that I went ahead and bought hitman pro. The only thing missing was how to restore the paths on the start menu. After cleaning up everything I still couldn’t see anything on my menu. The virus had put all the start up menu paths in a temporary folder, the steps listed by you were perfect and in addition to the steps below I was good as new
The location of lost shortcuts / icons are:
Windows XP – “C:\Documents and Settings\%username%\Local Settings\Temp\SMTMP”
Windows Vista/7 – “C:\Users\%username%\AppData\Local\Temp\SMTMP”
Inside that folder there are 3 folders named 1, 2 and 4.
Folder “1″ has all the Program icons.
Folder “2″ has all the Quick Launch Icons.
Folder “4″ has all the Desktop icons.
Restore the content in folder 1 to:
Windows XP: C:\Documents and Settings\All Users\Start Menu
Windows Vista and Windows 7: C:\ProgramData\Microsoft\Windows\Start Menu
Restore the content in folder 2 to:
Windows XP: C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\
Windows Vista and Windows 7: C:\Users\\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Restore the content of folder 4 to:
Windows XP: C:\Documents and Settings\All Users\Desktop
Windows Vista and Windows 7: C:\Users\Public\Desktop
You are a livesaver!! Amazing tutorial. Just fixed my computer. Thanks so much!
Shoutout from Singapore:
Amazing tutorial, every single step extremely clear and easy to execute. Considering that I am clueless with computers, you are a lifesaver.
Two weeks ago I got the SMART virus then yesterday the ‘File Recovery’ virus. Both times the advice given here fixed my computer.
Thank you soooo much. GREAT site.
You are a genius – and a Godsend. Thank you so much for your detailed and simple to follow instructions. I spent all day yesterday dealing with this virus. My computer guru was busy on another project so we were left to fix this ourselves. If not for your guide, we would have been up the proverbial creek. Much appreciated! (You are now my Go-To guide for any computer issue. I will tell everyone that I know to visit this site.)
Wow! What a life saver! Took a minute to clear things up, but your advice was right on the money…thanks would have been dead in the water without you.
this shit happened to me and it also deleted (or appeared to do so from all files are currently missing). anyone know the company name that supports this virus so i know who to hunt down and remove the limbs? erm i mean sue.
Fixed my problem! Thank God you’re the #1 result on Google!
thank you so much!
I just helped a friend recover her PC from this virus. Worked very well. Thanks!
Thanks a ton! This is a particularly nasty one but your easy instructions enabled me to slay it!
Stay safe Devin!:)
I was hit with this ridiculus virus this morning, it took a while but your instructions and software suggestions brought back my computer.
THANK YOU x 1000!
Whew! It took a couple of days but I think I’m fixed now. I will probably still do an orderly system reinstallation soon but I did not want to do the data migration earlier, in case I just spread the infection.
I had a whole soup of problems in addition to File Recovery, including a boot kit and a root kit, my internet searches redirected, anti malware products blocked, icons disappearing from the task bar, some menu items hidden, slow PC, unable to do an orderly shutdown, problems with USB sticks, and the list just goes on and on. The only thing I did not have is the black desktop. Yippee!
To Stelian’s credit, this is the most comprehensive guide I’ve found to date, to zap File Recovery and all the other crap and bring the system back to as it was before, as much as possible. I must have trawled through 100 pages in search of a fix and downloaded software after software. More time was spent on doing background checks before I downloaded something to poke around my Registry, MBR etc.
I think all the scans and manual operations did enough to get things going. An important step was to run ‘attrib -h /s /d’ on C:\ after which I could install/run all the programs in the article above, without trouble. It’s worth running all of them because they all picked up on things the previous tool missed or was not designed to look for.
In the end I’m now so happy I either bought a license or made a donation for the most effective tools.
…and yes, somebody should wring the neck of whoever designed “File Recovery” and it’s ilk.
Thanks again Stelian and Malwaretips!! You saved my sanity. :-)
Thanks… You saved my computer!
Very good, detailed instructions and a lot of work must have gone into preparing them!!
I had the bad luck of somehow getting this fake “file recovery” tool, despite having on-access protection turned on, in Avira. :-( It’s not even clear how it all happened. I suspect internet browsing but how??
Unfortunately, I may have got a more malicious version or had multiple infections because when I tried to run the suggested tools, either the installation was thwarted or the operation was tempered with (“access is denied”), so I did not get anywhere with them. Even websites that contain relevant information were redirected on the infected PC. After spending a whole weekend reading security forums and downloading and trying various tools, checking things like the host file, I had some partial success but my system is now totally untrustworthy and I will have to reinstall everything, starting with reformatting the HD.
The sad thing is that “file recovery” being ransomware, expecting a payment, it would be possible to follow the money trail it’s just that the relevant agencies and government organizations are incompetent, corrupt, could not give a hoot and unwilling to cooperate with other countries.
I appreciate all the work the security companies are doing but by definition, they are always a step behind and shall I say they have a bit of conflict of interest. If they do too good a job, they reduce their own business.
thanks!You are 100% Awesome!
A very comprehensive and easy to follow process to remove the File_Recovery virus from your computer. You folks are AWESOME! Thank you so very much. It took a few hours, but now everything on my computer is back to the way it was before this malicious attack.
I was ready to format my computer then I found this website… I can only say :THANK YOU!
You guys are the BEST!!!