This is my first posting here. I'd posted my dilemma on another forum and Zep and another member suggested I post here.
Not sure what, but something got on my computer (Dell Inspiron, Vista, IE7). It downloaded and installed something "Vista Recovery" on my desktop (the icon was there). I didn't have a clue what to do, so just waited for my son to check it out. He did and got whatever was on it off...but in the process I lost almost all the Folders on my desktop,all the folders in my Favorites and my email address. I was more hacked about the folders in my favorites and the folders on my desktop than anything. I started trying to remember and set up the folders in my favorites again. I had folders named Forums, Health, Humor, Etc.! Can't do that, because it tells me the Folder already exist! :sos:
Here's a link to my original post w/ a screen shot of what I get when I try to make a new folder.
http://ths.gardenweb.com/forums/load/comphelp/msg0613115629216.html?6
Hi, TFAWIUTB. Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
Also, do NOT make any other changes to your computer. Your files should be unhidden again at the end of the steps. Just follow all the steps in order please.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
Please download RKill from here: RKill Download Link (http://www.bleepingcomputer.com/download/anti-virus/rkill). Select the button labeled
iExplore.exe download link and save it on your desktop.
If you have Windows XP, double-click RKill to run. With Windows Vista or Windows 7, users right-click and choose Run as Admin.
http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
Please download the
TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) by Kaspersky... save it to your Desktop.
<-Important!!!- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
- Click the Start Scan button. Do not use the computer during the scan!
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
Please download
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware and
Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, be sure Quick scan is selected, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253) - Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click
OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Now to restore your files. Please download Unhide.exe (http://download.bleepingcomputer.com/grinler/unhide.exe) to your desktop. Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
If the infection changed your desktop background to a solid black color, let me know and I will provide the steps to correct.
Please provide a copy of the TDSS and MBAM logs with your reply.
Thanks! I'm gonna have to wait until tomorrow to do all that...it's about my bedtime right now! :D
Also..I'm not sure what all my son did to get rid of it, but I think he said something about System Restore. Is that going to make any difference to the directions you're posted?
Hi, TFAWIUTB.
There are times when System Restore will solve a problem. However, it is also possible to restore to a point where the computer was already infected. At this point, just proceed with the instructions I provided.