A friend of mine recently came to me asking for help; she didn't want to shell out tons of money to Geek Squad or similar, and i don't blame her. The other day she "cough" the Windows Vista Recovery malware, and didn't know what to do; nor did she know what had happened. So in a bit of a panic she emailed me (while at work). I told here that I'd help out, and not charge.
I booted her laptop and noticed right away the Windows Vista Recovery malware stating that her Hard drive had errors, AWESOME. Quick reboot and into safe mode I went.
After a quick Google I decided to be lazier than normal and try a tool to remove the issue. I tried Malwarebytes (www.malwarebytes.org). The install was windows simple; the scan took forever, not surprising. And in the end seemed to remove the problem. Sadly it didn't get every remnant, bits were left. I search the system for a few things because I was not familiar with the product. And I found most of the folders left behind, as well as some crippled .exe's; "Shift-del" you are my friend. And no this doesn't make my happy. I was trying to be lazy for once; looks like it bit me, and quickly might I add.
I poked around the system a little to see if there was anything else odd. Sure enough there was. So I grabbed SpyBot S&D (www.safer-networking.org); as well as the latest definitions for it and Windows defender. Ran SpyBot after updating it. And removed a small (read ~30) number of problems. The usual tracking cookie, and a few other items. I notice this as the default IE home page: http://home.mywebsearch.com again a quick Google confirms the site is associated with spy/adware. I noticed that spybot doesn't remove "home pages"; granted I didn't remember doing so.
I rebooted the system, this time starting normally. Again I noticed a few thing that were off. No documents, no pictures... Hummmm. Looked around and didn't see C:\Users\
I also decided to dig through the Event viewer; many unique events listed. Sadly looking through 2+ years of logs is a pain. But I did notice that she may be having some issues with the hard drive after all, that and Windows Defender has warned her multiple time regarding adware/spyware...
Except there were a few borked installs of many programs. Kaspersky, iTunes, and some other things. I didn't have many of the disks. Seems that here install of Kaspersky is gone; she says it was installed and running, as she recently paid for continued support. However there seems to no trace of it on the system. So I decided to install Norton. Our employer provides us with a free copy for home use. iTunes was easy, Windows' "Repair" function fixed it's problems. But now I've noticed that iTunes cannot find any of her music. No big, there is only 7,000+ songs to locate. Ubuntu & ntfsundelete(8) almost to the rescue. Only found 50 or so files; shit. SystemRescueCd(http://www.sysresccd.org) is not helpful, nothing new for file recovery. It seams that I'm not having any luck finding any of her music files. Sadly I've ran out of ideas on how to get her music back. I've tried all the tools I know of that were free.
Good news: No more malware.
Bad news: I can't seem to recover her music.
If anyone knows of a way to recover files let me know (free is best for me).
