Last night I clicked on a video on some site I ended up on. The AVG came up with a window that a virus had been stopped and suggested I quarantined it or whatever. I clicked as I have in the past OK for it to go ahead and handle the threat and was about to click "back" in the browser, when the PC started to shut down and restart. It had never done that before when AVG antivirus stops a virus. As it starts up the screen is black and just a few of the icons appear and in the wrong place. Then I get a pop up that looks like a windows utility for scanning for problems. I clicked scan and a whole list of all kinds of disastorous faults appear (memory, hard disc, programs, etc. all with gorss faults). When the "scan" is completed a "pay now" button appeared. First now did I realize what had happend, so I pulled the plug on the router (too late of course). That "Utility window" remained on the desktop and nothing could remove it. If I restarted the same thing happend again. In start menue all the Right hand stuff like Computer or Documents were gone. I ran a scan in AVG but nothing came up. So I started the PC in safe mode and did a System Restore a few day back. When I started it up again the malware seemed to be gone and the PC back to normal. It was now late and I went to bed. Today I just noticed that most files are gone from both harddiscs in the PC. I have got music and some other format files, but all pictures, all documents, videos etc seems to be gone.
I have a backup but it is some weeks old and I did a revamp of my website and have written a few documents that I rather not lose. Is there a way to recover the files this malware most likely locked up until I pay the ransom?
Any advice for someone that is not a computer genius?
The files haven't gone they are just hidden hidden by this malware, it puts most or files on the PC with the hidden attribute. You need to know the name of the ransom-ware though to remove it.
This sounds like something that happened to my computer after one of the cherubs (honest) clicked on something. Firstly, don't panic, your stuff isn't gone, it's just hidden. Next have a look at the link below and see if that is the rogue 'utility programme' that you have. then follow the instructions on the link. All safe, comes from the 'Bleepingcomputer' site.
I also discovered that those that were unfortunately misguided enough to pay for the 'solution' are sent a key which actually does sort the problem out.
If you are suffering from the virus/malware in my link above the key, which is the same for everybody is 1203978628012489708290478989147.
Once entered your PC will look as it did before and it will be easier to get in and remove the rougue.
I guess I have to undo the last Restore to find out who this was. I do not remember that there was a name, and it had the appearance of a Microsoft window. The Malwarebytes scan came up clean. So I guess I have to now undo the restore and deal with it from there. It did not look as fancy as the "Windows Recovery" but pretty much said and did the same thing. So it might be another version.
Any better idea that does not involve undoing the restore, as it was next to impossible to do anything with the PC in that state.
I would advise don't undo the restore. Concentrate on the unhiding.
The name doen't matter if it's mostly gone.
Yipeee!! Unhide.exe did the job! Thank you so much for your help.
Lots of Love
This thread is now locked and can not be replied to.