file recovery virus - can't get rid of short cut

J

Jessikah

New Member
Thread author
Oct 6, 2012
1
Last night while I was watching a movie is when the "file recovery" virus started, had about ten things pop up at once talking about my harddrive and this thing that looked like a scanner (but I knew it wasn't so I immediately shut my computer down). Before then I didn't have any problems with my computer, it wasn't acting slow or anything of the sort. When I started it up It acted like it was going to work but then went to a black screen with a blinking cursor.. so I of course googled it and came across your page. I went through the entire process of having it removed, followed the step by step instructions that are listed on this website twice. I've ran the rkill twice, malware bytes program three times, and even the hitman pro and rogue killer twice as well. But still had the short cut for this supposed "file recovery", it's even in my list of all programs on my windows startup menu. Both times I ran the rogue killer it detected something called "root.mbr", so I then downloaded tdsskiller to double check and it didn't detect anything. After all of that I started reading comments to see if anyone had the same issue as me and I saw that someone did so I followed the instructions you gave her and I downloaded combofix and eset online scanner... combofix deleted a bunch of stuff but eset didn't detect anything. All of the programs I have used say that nothing is detected and I'm clean.... but why is the shortcut still there and the program still on my start up menu? Is there anything else I can do? Everything is working properly, my computer isn't slow and nothing seems to be wrong with it.. but I just want to make sure the evil little thing isn't hiding somewhere on my computer waiting to jump out and attack it again. Any suggestions would be great, I've been going at this for nearly four hours. Thanks!

EDIT - Ran malware bytes again and it detected 3 more "trojans", deleted them and rebooted.. file recovery shortcut is still there and now firefox will not work. Keeps saying that I have another window open and cannot use until it is closed out. I even right clicked on the file and scanned it through malwarebytes and it says it doesn't detect any malicious software.
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Please run the following utility so that I can get a log of your system...
STEP 1: Run a aswMBR scan:
  1. Download aswmbr.exe from the below link:
    aswMBR DOWNLOAD LINK <em>(This link will automatically download aswMBR on your computer)</em>
  2. Double click the aswMBR.exe to run it.
  3. Click the [Scan] button to start scan
    avast-mbr-1.png
  4. On completion of the scan click [Save log], save it to your desktop and post in your next reply.
    avast-mbr-2.png
<hr />
STEP 2: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>
<hr />
What's next?
Add the following logs to your next post (You can find here details on how to use the Attachment System):
1.aswMBR log
2.OTL logs
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>
 
Last edited:

Similar threads

B
  • Locked
A malware extension that I have been trying to get rid of for weeks.
Replies
1
Views
444
Windows Malware Removal Help & Support
nasdaq
nasdaq
mcmissouri
    • Love
  • Locked
pejhfhcoekcajgokallhmklcjkkeemgj I can't get rid of this f****** extension on chrome. I see you guys are the masters of your trade. Can one of yo
Replies
9
Views
629
Windows Malware Removal Help & Support
oldschool
oldschool
L
  • Locked
Unsupported Legacy Version Not Allowing Installation of Current Version of Malwarebytes
Replies
2
Views
412
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top