I spent 5 hours earlier today battling the new Windows Recovery malware and I want to share the solution. The worst part is that I am running the full McAfee Security Center and it DID NOT block this malware. It did try to remove a few of the files after they had been installed, but it wasn't complete and I couldn't correct the problem nor could I run Windows Restore. My computer was virtually useless and my files inaccessible.
"Windows Recovery" first appears as a series of pop up warnings with messages like "Critical Error", "the system has detected a problem with . . .", "Hard drive failure", and others. These are all scary warnings that look very real. Here's a link to some examples of what it looks like when it takes over your computer:
http://forums.malwarebytes.org/index.php?showtopic=79287 If you click on any of those windows -- to close them, minimize or even move them -- they install further malware on your computer and completely take it over.
In my case, the malware eventually shut down and restarted my computer and virtually all my desktop icons disappeared. When I went to the start menu, all my programs had disappeared from the folders. When I tried Control-Alt-Delete -- it told me I was not authorized to access the Windows Task Manager. Only 3 icons remained on my desktop: Internet Explorer , My Computer and (in my case) AOL. When I opened My Computer, all the icons and folders were grayed out and were listed as "read only" files.
If this sounds like the problem you're having, follow these simple steps which worked for me and you'll save a lot of heartache:
1) download the free Malwarebytes from Download.com: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;1 or directly here:
http://www.malwarebytes.org/ 2) allow it to update the definitions then run the scan
3) after it finds the malware, instruct it to delete the malware files and restart your computer
4) when you computer restarts don't be dismayed to find that your files and desktop are still missing. That's because this Windows Recovery malware "hides" your original files as part of its nastiness.
5) now go and download Trojan-Killer's free "unhider" here:
http://trojan-killer.net/how-to-restore-missing-files-and-folders-after-virus-attack/#more-2706 or directly here:
http://trojan-killer.net/download/unhider.exe 6) double-click the downloaded file to run it and wait as it "unhides" all your files and folders on your computer. It takes about 10 minutes to complete (with no progress indicator), but you'll see your desktop icons slowly reappear, though your original desktop background image will probably still be missing and some files still may not be accessible.
7) you've now removed the Windows Recovery malware and "unhided" the files, folders and links
Now to need to Restore your system to a point prior to the malware attack. You will now see that most of your programs have been restored to your start menu. Follow this method to restore your system: on Windows XP (may be similar for Vista or 7?), click Start >> All Programs >> accessories >> System Tools >> System Restore. From there you can restore you computer to a time before the malware attack.
9) Once System Restore completes, your computer will be restarted and will be restored to it's prior operating norms. Note that it could take a long while for your computer to fully restart and there may be a window or two which will need your attention throughout the process. In my case, it took nearly 1/2 hour to fully restore my files and operating system to their prior format.
I hope this brief tutorial helps you avoid the headaches I experienced and extra hours I spent earlier today.
Good luck!