Hello everyone,

I got a computer today that was infected with the nasty Windows Recovery virus (Windows Recovery makes your files and folders disappear so that you think they have been totally wiped out). I usually make “short work” of these types of rogue programs but this one was really nasty. Here is what I did:

1) I had to remove the Hard Drive from the infected computer and attach it to my clean bench computer via a USB 2.0 to IDE or SATA Drive Adapter.

2) I then scanned the infected drive with an updated Malwarebytes (free) and removed all infections.

3) I put the drive back into the original computer and scanned it once again with GrindinSoft Trojan Killer (trialware: free and fully functioning for 15 days) and removed all infections.

4) It seemed that the virus was gone but I couldn’t see any of my start up items, desktop icons, and many files and folders were still invisible. The computers file system was still all messed up (hidden actually) so I restored it with a program called Unhider – great stuff and free (you will not see the results of  Unhider until you reboot the machine).

5) My start menu reappeared and I could see almost all of my files and folders but still no desktop icons! I downloaded, installed and ran the great Combofix (also free).

6) All folders, files, and desktop icons reappeared and the computer was back to normal. Bye, bye Windows Recovery!

Professor Randy says: These phony rogue viruses are a pain in the behind but their “bark is greater than their bite”. Root out these unscrupulous programs by using the above method and the above great free software. Your clients will love you for it!