Expert: Carolyn Meinel - 7/17/2011

Question
Hi, Carolyn; It appears that we have been hit with the "Windows Recovery Virus." Is there anything that I can do to restore my Emachines notebook (Windows 7 Home Premium.) myself? I have AVG Free, and SuperAntiSpyware.. All of my photos, and documents are "hidden." I'd be very grateful for any suggestions. Sincerely; Dave

Answer
Congratulations on not caving in to those extortionists who infected your computer with the notorious "scareware" of "Windows Recovery Virus." With any luck, the long arm of international law will finally nab those guys, with any luck most of their victims will have done as you did and refused to send them money and as a result their lawyers won't be able to save their sorry rear ends!

Next, let's look at possible ways to save your photos and documents without going to a computer repair shop. I can't promise anything listed below will work because those crooks keep on improving their scareware. So before we try anything at all, please do consider going to a repair shop that advertises "data recovery." If you go to any old repair shop, they might erase all your documents and photos! A place specializing in data recovery will give you the best possible chance of getting your data back. What they will do is physically remove you hard drive from your computer, mount it on a repair computer, copy your data for you and clean out the bad stuff as best as they can. Your safest possible solution will be for them to simply erase everything -- after saving your data! -- and rebuild your system.

One way you might rescue your system yourself is to log into your computer with a different account, if you have set up more than one account. This has worked for some people. If you can find your docs and photos, copy them to some sort of removable media -- CDs, DVDs, etc. Check that the copying worked properly and make copies on two removable media of each just in case, as we don't know what your version of this scareware might do.

Also, since we don't know what else those crooks are up to lately, be sure to alert the holders of any of your financial accounts you might have used online -- credit cards, bank, etc.

Whether you got your data saved or not, the next step -- which should be totally safe -- is to go to the Windows tech support site at http://www.microsoft.com/security/pc-security/antivirus-rogue.aspx They have lots of very talented people working the scareware problem so with any luck their recommendations will solve your problem without destroying your data.

If this doesn't work, next you could try this -- again, something that should be totally safe.

1) Download either Kapersky Internet Security, which offers a free 30 day trial at http://kapersky.com or F-Secure's Complete Internet security suite, which offers a free thirty day trial: https://store.f-secure.com/cgi-bin/dlreg/ml=EN?ID=FSISTB&desid=TRIAL

2) Disconnect from the Internet.

3) Uninstall your current antivirus. This is absolutely essential because otherwise it and F-Secure or Kapersky will fight each other and might crash your computer. It isn't good enough to just turn off your old antivirus because it probably has been crippled by your virus infection.

4) Install one of these Internet Security products. Scan your system and follow any instructions it might give you.

5) Connect to the Internet and download any updates available.

6) Run another complete scan of your computer. Follow any instructions it might give you.

7) Reboot.

If this works, you can either keep your new Internet Security product or uninstall it and reinstall free AVG. I strongly recommend against free AVG. Most of the people who ask me for help have been running free AVG, just like you. The problem with this product is that it does not protect against spyware, adware or spyware, and it does not include a firewall.