Windows XP recovery virus removal

My friend’s PC got infected with Windows XP Recovery virus and he asked my help to get rid of it. This virus is quite annoying – it hides all files, cleans desktop and program menu and offers you to buy software that will repair your PC. What a joke.

The following popup appeared:

Windows XP recovery virus

I tried downloading PC Tools, that did detect this malware, but asked me to register and buy a full version to remove this virus. No, I didn’t want to buy anything and started some searching again. After a few searches I found Malwarebytes Anti-Malware software that offers Windows XP recovery virus removal with free/trial version. You can download this software here. I tried installing it, but the installation failed. I booted up Windows in Safe mode and tried installing the software again but the same problem – there was an error message “Access denied”. I did some searching again and found Spybot freeware. Installation was easy and it was successfully installed. I ran Spybot and it found multiple malwares and viruses, including this Windows XP Recovery virus. I clicked to clean the box from viruses and Spybot did a great job. After a few minutes my friend’s Windows XP box was fully clean.

All files were still hidden and I used a Command line (Start -> Run -> cmd to change file settings/attributes (except system files).

You need to switch to c:\ disk and execute the following command line utility:

attrib -H /D /S *

It will take a hour or so, depending on how many files you got. After the command finished, I rebooted the box and the Spybot restarted scan process that took 2-3 hours. The Spybot’s database includes over 700.000 virus and malware fingerprints so it takes a while for a full scan. The desktop files and shortcuts were displayed. The only problem is that you need to restore your program file shortcuts in Start menu (empty folders does show up), but other than that it was quite easy fix thanks to Spybot freeware software!

