Overview
The fake System Restore falsly reports a number of system errors, prevents execution of programs, redirects internet access vi a TDSS infection and hides files and desktop.
Methods Tried
AVG Rescue CD - Failed to identify infection
Succesful Method - See Below
Removal Method
Stage 1 - Collect Virus Removal Tools on an uninfected PC and put on a USB/CD
unhide.exe - Change permissions to re-show files and desktop
Kaspersky Virus Removal Tool - Rename downloaded file as iexplore.exe
TDSKiller - You may also need to rename this as iexplore.exe after you have unzipped the file
MalWareBytes - The amazing malware bytes
Stage 2 - Start the infected PC in safe mode.
Restart the infected PC and press F8 during boot. Then choose Safe Mode with networking.
Stage 3 - Remove the TDSS infection
Without the removal of this you will not be able to proceed.
Run the renamed TDSKiller. This will scan the PC and remove the TDSS component of the virus
Once the TDSS component is identified and removed it is plain sailing.
Stage 4 - Remove all components of the virus
Run Kaspersky Virus Removal Tool. This will remove all the active components of the virus
Stage 5 - Restart PC and restore Desktop and Files
Restart the PC and start in Normal Mode. Your machine should now run but be missing the desktop and with hidden files an applications.
Run unhide.exe on the PC. This should then restore your machine to its origional state.
Just to be safe install MalWareBytes And run a full scan