Computer help for the masses
A new piece of rogue malware has recently surfaced called Windows (7, Vista, XP) Recovery. I saw this for the first time a few days ago when my nephew stated he had a failed hard drive. Signs of this infection are random pop-ups advising you of a failed hard drive, out of memory messages and system failures. When you navigate your computer, you may also notice that your user folders appear to be empty. This is not really the case. The infection is just hiding your files. If you click on one of the pop-ups to do a scan, it will try to entice you to download a program to repair the errors. This, of course, is a scam that is trying to get your money for a program that will do nothing and open you to theft of your credit card information.
This piece of malware is downloaded to your computer by a Trojan, which also downloads with it a dangerous rootkit called TDSS.
If you suspect you are infected, disconnect from the Internet immediately to prevent the Trojan from downloading additional malware. Restart the computer in Safe Mode. The next step is to terminate the malware’s running processes so as not to interfere with scans. Windows Task Manager is not effective for this purpose, so you’ll want to run Process Explorer to terminate the parent and child processes. Immediately run a full scan with you antivirus product, and follow that up with a MalwareBytes scan.
This infection, like most others, is most likely downloaded when you click on a malicious link, or visit an infected website. Please make sure that you have installed the web browser plugin Web of Trust that will advise you on the known safety record of a web site. It even works on Facebook posts. Make sure that your antivirus product has not expired and that it’s definition files are up to date. Most of all, think before you click!
Post any questions in the comments section. I will do my best to assist you.