Total Pageviews

September 10, 2011

Virus "System Recovery" ...

I got email from my friend, no title just only link.
as shown below...

(some variation exists after last slash"/")

But do not click the link. Otherwise your computer would be infected by the Virus, "System Recovery.



To remove it, refer to the link..
LINK1 Brief procedure to remove System Recovery Virus
LINK2 Code to activate full-version of "System Recovery"
LINK3 To remove Trojan horse...


Today Trend Micro Virus-Baster (Corp10.5 and pattern 8.415.80) cannot find this as Virus.


I did the following.
1. Activate the full version of this Virus program using code in LINK2 according to LINK1.
2. Then wait till recovery. (though I wanna pause the program)
3. After activate the program, you cannot use taskmgr, view Rougue Killer web-site, or run some useful programs... I cannot stop(Quit) the Virus as shown in LINK1,  so I restart the computer. (before that, you should run "msconfig" not to start-up the Virus. The name ... I forget but easy to find because of suspicious name)
4. you can find quick start task bar the shortcut. and task menu (the virus running).
5. You can quit the program even if the program is running.
6. and run msconfig to unactivate it from start-up.
7. run Microsoft safety(downloaded, ~70MB) scanner to remove the Virus. (one detected and removed)
8. Just in case, To remove TDSS Trojan house, run TDSSkiller. (One detected and removed)
9. might run Registry recovery program but I didn't today.


Can you make it?

2 comments:

  1. On Sept 12 security patch is updated for VIrus-Baster by Trend Micro. I don't know it can be useful for this virus.

    The link cannot be reached now according to the Trend Micro. But we should take care because it would be varied.

    This kind of virus will stop the function of windows such as,
    1. task-manager (not to stop the virus application)
    2. desktop icons (not to operate easily)
    3. IE or IE link (Rouge killer site)
    Very annoying...

    ReplyDelete
  2. One more link for the way removing virus:
    using F8 key during start-up

    http://removevirushelp.com/how-to-remove-system-recovery-virus.html

    ReplyDelete