Recently I’ve noticed a marked increase in virus alerts from visiting websites that have been hacked. Just this morning I was happily browsing and suddenly a virus alert followed by error messages popping up all over the screen. Feeling smug that my free version of AVG had identified a potential threat, I thought I was safe. However, moments later an “official-looking” alert window popped up to tell me that my hard drive was in immediate danger of going into melt-down and there were serious issues I needed to address. If you see something like this, do not follow it’s instructions as it is most likely a virus. There is genuine software that looks like this but it will not install itself without your permission.
Important Disclaimer: This article is intended to give guidelines on how to recover from a data recovery virus attack. I am not able to offer help to individuals and I cannot verify the ongoing validity or safety of the links in this article. If you are not confident in following the instructions, please call your IT support person. Manual spyware removal is recommended for experienced users only as you will need to edit files that can render your computer unusable if you mess it up!
What is the Data Recovery Virus?
The S.M.A.R.T Repair version of the Data Recovery virus is a fake defragmenter that has carried out attacks on computers worldwide. It displays a fake warning message that your hard drive is failing, to scare you into “registering” the software to repair your computer. As it performs no real scans at all, registering is simply going to hand your credit card details to the scammers.
What does the Data Recovery virus do?
The first thing you may notice is a security alert from your anti-virus software. After that, programs on your screen will shut down and you will see shortcuts to your files being “deleted” from your desktop. Try to stem the rising tide of panic, as the files are not actually being deleted, just hidden (at least in the version that attacked me). After this a window will pop up (see image above) and appear to do a scan and identify hard drive errors. It seems genuine, uses proper logos and you think it may be some sort of Windows software you’ve never seen before. It’s not. What it is doing is fooling you into thinking your computer is about to lose all your important documents so you will register the software and hand over your credit card details.
- It has installed itself on your PC
- Put up fake warnings to get credit card details
- Blocked access to the Task Manager so you can’t check what programs are running
- Hidden a huge number of files
- Deleted your Start Menu shortcuts
The current version of the virus only appears to be seeking for credit card details. However, if it remains installed it could be doing any number of other things;
- It may spread via Trojans
- It may install additional spyware to your computer
- It may repair its files, spread or update by itself
- It violates your privacy and compromises your security
How can I remove the Data Recovery virus?
I found that AVG Free can remove the virus but the contents of my hard drive is so considerable, that I had already removed it manually before AVG had even found it. Again, only attempt manual removal if you are confident in following these instructions. It’s probably a good idea to disconnect the computer that is infected from the internet until you’ve disabled and removed the virus so it can’t update itself or send out any information.
After removing the virus, it’s important you take certain steps to reduce the risk of the virus reinfecting your device. There are a few ways to do this, including but not limited to:
- Avoiding strange links or websites which look fraudulent or sketchy.
- Installing a VPN to encrypt your network, keeping prying eyes away when visiting websites.
- Install a firewall and malware protection on your network to keep out viruses and other harmful software.
Software for un-hiding files the S.M.A.R.T. Data Recovery Virus has hidden
How to restore missing files manually