2 PC Geeks Computer Repair

Computer help for the masses

Hard drive failure pop-ups

A new piece of rogue malware has recently surfaced called Windows (7, Vista, XP) Recovery. I saw this for the first time a few days ago when my nephew stated he had a failed hard drive. Signs of this infection are random pop-ups advising you of a failed hard drive, out of memory messages and system failures. When you navigate your computer, you may also notice that your user folders appear to be empty. This is not really the case. The infection is just hiding your files. If you click on one of the pop-ups to do a scan, it will try to entice you to download a program to repair the errors. This, of course, is a scam that is trying to get your money for a program that will do nothing and open you to theft of your credit card information.

This piece of malware is downloaded to your computer by a Trojan, which also downloads with it a dangerous rootkit called TDSS.

If you suspect you are infected, disconnect from the Internet immediately to prevent the Trojan from downloading additional malware. Restart the computer in Safe Mode. The next step is to terminate the malware’s running processes so as not to interfere with scans. Windows Task Manager is not effective for this purpose, so you’ll want to run Process Explorer to terminate the parent and child processes. Immediately run a full scan with you antivirus product, and follow that up with a MalwareBytes scan.

This infection, like most others, is most likely downloaded when you click on a malicious link, or visit an infected website. Please make sure that you have installed the web browser plugin Web of Trust that will advise you on the known safety record of a web site. It even works on Facebook posts. Make sure that your antivirus product has not expired and that it’s definition files are up to date. Most of all, think before you click!

Post any questions in the comments section. I will do my best to assist you.

2 PC Geeks Computer Repair


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: