cancel
Showing results for 
Search instead for 
Did you mean: 

System Recovery trojan

Denzil
Grafter
Posts: 1,733
Registered: 31-07-2007

System Recovery trojan

My neighbours managed to get their laptop infected with this, and I spent some hours trying to get rid of it for them. It seeds itself all over the place and is clever enough to stop most security software from removing it. If you delete it, it reinstates itself from hidden copies when you reboot. I had to use a combination of manual registry hacking, downloading a specialist tool to kill the active trojan processes, then running a deep scan with Malwarebytes, then running another tool to undo the changes it had made.
Read more here. I had to do the registry hacking at the bottom of the page before the rest of it would work, though.
Symptoms: the desktop background turns black, desktop icons disappear, and the contents of My Documents disappear. It generates a constant stream of serious-looking but fake error messages. The icons and file don't actually disappear, the trojan just sets them all to hidden. An official-looking window keeps appearing exhorting you to buy the full version of the software to solve the problems.
Don't let this happen to you! It starts as a pop-up from a website which tells you there is something critically wrong with your computer and to run a scan. There is also a button which says "not now" or something to that effect. If you press either button it installs the malware. Don't click on anything inside the window, close the whole window instead. If in doubt, close the browser and start again.