Friday, November 9, 2012

Surviving the File Restore Virus

My Survival of the File Restore Virus

Well yesterday I was sitting around and getting ready to update this blog but first I made a serious error and went to YouTube. Out of nowhere, a virus called File Restore appeared with dialog box after dialog box telling me I had critical hard disk errors! Essentially it tells you that you have all these critical problems and low and behold just click the Buy Button and for $85 they will fix the problems. (There really are no problems except what they created. The Virus locks down your system and hides all your files.) Nice huh?
Looks really official - doesn't it? Just trying to instill fear !  

But hey, no problem, right - this wasn't the first virus I have experienced. After all,  I had a spyware program installed on my computer. Ha Ha. No, it is never that easy. I couldn't access the program since all the files were hidden. So, first thing I did was try to download Malwarebytes Anti-Malaware which always works. Not this time! Access Denied every time I tried to install it. Then I tried pulling it in off a flash drive - No! Access Denied again. Aha, you are all thinking hey go into Safe Mode and restore your system to a prior date.  Well, if not, that is what I thought - as I said I have been through this before.
(To get into safe mode you can just press and hold the F8 key as you restart your computer. You can also press the Window key and R to access Run and then type msconfig)

Again, I was blocked - it would not restore it to a prior date. Luckily I  realized that I had a backup CD of Spyware Doctor. I always pay for the CD as a preventative measure and boy did it pay off this time.(Maybe now my husband won't laugh at me for being so cautious.) After about 3 tries, in safe mode I was able to get Spyware Doctor to identify and remove a couple of the threats. Notice I said couple! Once those threats had been removed I was able to get back into the system. I could tell I still had problems but luckily File Restore does not shut off access to the internet and I found this handy dandy thread of how to remove the File Restore Virus and I wanted to share it with you.
http://malwaretips.com/Thread-How-to-remove-File-Restore-virus.

This thread walked me through all the steps including downloading Malwarebytes' Anti-Malware (which I was able to finally download and install ) and downloading links to two of my new favorite products HitmanPro, which removed File Restore's  Rootkit, and  RogueKiller which restored my shortcuts in the temporary internet folder and removed some malicious  registry keys (don't you love the names of these programs.)
Now, at that point, everything was supposed to be fine but I re-ran Malwarebytes and it found another high-level threat. After I removed that I re-ran Spyware Doctor which found another high-level threat.
So, definitely double-check. I will be running both of these and possibly a third again - just to make sure everything is as it should be.

Malawarebytes, Rogue Killer and HitmanPro were all free. HitmanPro gives you a one time free trial, Malawarebytes offers a free and an upgrade version and RogueKiller appears to be written by an individual who asks you to donate if you wish.

So, lessons to be learned.
Have active spyware on your system to prevent a virus from getting in. I thought mine was on but apparently I was incorrect so check it periodically and remember Malwarebytes and Spydoctor in case you ever need them.  I personally plan to upgrade to the pro version of Malwareebytes and I need to donate to the RogueKiller cause.  Without these my 3 or 4 hours of frustration would have increased tenfold and possibly ended with me reformatting the drive.
Oh yes... last lesson to be learned... BACKUP your files periodically. Backing up is one thing I try to do religiously and which is what allowed me to remain relatively calm as I removed the virus!

It's Friday - Have a great day and wonderful weekend. I just had 3 deer and  big buck walking through my backyard. It's time to move away from the computer and go and enjoy the beautiful day.



No comments:

Post a Comment