Many people seem to have been afflicted by this nasty malware. Essentially what it does is hide all of the files on your desktop and start menu to simulate disk corruption. For more detailed information read this article
. Steps to remove
- Open the rogue program and click on the Help and Support button (or wherever you enter the registration key, if you can't find it, look for something with the word activate, then enter a fake e-mail and the code). Enter: 8475082234984902023718742058948. It is critical that you do this to make the malware easier to remove. It will automatically unhide all the files. If it asks to restart the computer, restart the computer.
- Try going to Add/Remove programs and uninstall Windows Recovery (if listed). If not listed there, try clicking in to your Start Menu and look for the Windows Recovery folder. If there is an Uninstall Windows Recovery file there, try uninstalling. Regardless of what happens, continue on with the steps.
- Download the free version of Malwarebytes Anti-Malware.
- Install and update the program. Be sure to do this (the updating)!
- Run a Complete System Scan. Please note, this will take an hour or so, so you may want to go away for a while.
- Remove everything Malwarebytes' finds. If there is anything still hidden, download Unhide.exe from Bleepingcomputer.com and run it. Your files should now be unhidden.
- To see if you are lucky/unlucky enough to have the rootkit that sometimes comes with this malware, run TDSSKiller.
Note: I've seen several cases of this malware not removing well even after registering. If you are having problems with your files disappearing DO NOT CLEAR YOUR TEMP FILES, instead read the below comment on how to restore the files. If the link is removed at some point, the location is: %UserProfile%\AppData\Local\Temp\smtmp
If the program is already removed and you haven't cleared your temp files, you might try reading the following article
. If that article doesn't help, try doing a System Restore to before the attack happened (after the system is clean, be sure to backup your files in case something bad happens though).