Thursday, 18 April 2013 01:00

Fake System Restore Virus

I have had a number of instances of having to remove the virus Fake System Restore ( and viruses like it). Here are my notes on removing it.

Overview

The fake System Restore falsly reports a number of system errors, prevents execution of programs, redirects internet access vi a TDSS infection and hides files and desktop.

Methods Tried

AVG Rescue CD - Failed to identify infection

Succesful Method - See Below

Removal Method

Stage 1 - Collect Virus Removal Tools on an uninfected PC and put on a USB/CD

unhide.exe - Change permissions to re-show files and desktop

Kaspersky Virus Removal Tool - Rename downloaded file as iexplore.exe

TDSKiller - You may also need to rename this as iexplore.exe after you have unzipped the file

MalWareBytes - The amazing malware bytes

Stage 2 - Start the infected PC in safe mode.

Restart the infected PC and press F8 during boot. Then choose Safe Mode with networking.

Stage 3 - Remove the TDSS infection

Without the removal of this you will not be able to proceed.

Run the renamed TDSKiller. This will scan the PC and remove the TDSS component of the virus

alt

Once the TDSS component is identified and removed it is plain sailing.

Stage 4 - Remove all components of the virus

Run Kaspersky Virus Removal Tool. This will remove all the active components of the virus

Stage 5 - Restart PC and restore Desktop and Files

Restart the PC and start in Normal Mode. Your machine should now run but be missing the desktop and with hidden files an applications.

Run unhide.exe on the PC. This should then restore your machine to its origional state.

Just to be safe install MalWareBytes  And run a full scan

Read 4764 times Last modified on Monday, 27 October 2014 01:01