Lucky you! This happened to a friend of mine recently. She was minding her own business, surfing the web. A little box popped up, and it looked just like a Windows dialog box that said something about Microsoft Security Something-or-Other.
So, of course, she clicked the button. After all, it looked genuine enough!
Not long after that, a program that looks like the following image came up:
It began to give her all kinds of warning messages. Her GPU was overheating, her processor was overheating, she was out of RAM, and her hard drive was corrupted! Then it made 25 “Error Reading File” windows pop up.
If you are seeing this problem, there is a very simple process to follow to rid yourself of the malware without reinstalling Windows and starting from scratch!
First of all, this one is nasty. In addition to all of the above, you can’t actually exit the above “program”. But you can kill it.
And don’t worry – all your files and folders haven’t been deleted. They’re just hidden and/or moved into the Windows %Temp% directory so that you can’t see them.
But of course, all you really want to know is how to get everything back to normal. Without further ado:
- Click Start
- Right-click on “cmd.exe” and choose “Run as administrator”
- In the command prompt window, type:
- Look through the list, and you should see 2 entries like “rxKdhs2nfs.exe” and “MFsj2smbFs2.exe”
- This is the fun part. Those two strangely-named files are the evil malware (see image above). Problem is, you have to kill them in the correct order. When I killed the “MFs…” one first, my friend’s laptop automatically rebooted. So, I killed the “rxK…” one first, and then the “MFs…” one second. The filenames may be different on your infected computer, but they’ll probably be a jumble of letters and numbers like the above examples. So, kill them one at a time, by typing:
- Ta-da! The malware is no longer annoying you, and the program in the above image should be gone now. Moving on…
- Go to http://malwarebytes.org. Download the program, and install it on your infected computer. You may want to use a USB stick and transfer the downloaded file from another puter onto the infected computer. Then format the USB stick, just in case. The reason is that your browser will probably download files into your Downloads directory, which of course is hidden so you can’t see it.
- Run MalwareBytes and do a FULL scan. Just let it run. Let it delete any infected stuff that it finds.
- Okay, now you’ll want to restore your files, folders, Desktop icons, etc. To do that, download this file:
Unhide.exe (you can also download it here: Unhide.exe alternate)
- Put Unhide.exe on the infected computer, and run it. It will automagically unhide everything.
- Reboot your computer
Wasn’t that easy?
Well, not really, but it sure beats freaking out, reinstalling Windows and all your programs, and so on.
Note that sometimes, your taskbar icons may still be missing, but don’t worry – you can just pin your favorite programs to the taskbar again by finding them in the Start menu (they should be back now).
One final tip: If your Start Menu is still not quite complete after rebooting (i.e. missing Control Panel, Devices and Printers, etc.) then just do this:
- Click Start
- Right-click the blank area on the right of the Start Menu and select Properties
- Click the “Customize” button
- Click the “Use Default Settings” button
- Click OK
Oh, and for future reference, the notices about the “overheating processor and GPU” are pretty ridiculous. Computers generally have overheat protection built in. If they overheat, they shut down automatically. Otherwise, by the time you figured out what was happening, the dang thing would be smoking!
My daughter accidentlly downloaded this dang thing and I’m so glad I found your post. Hopefully this will get rid of it permanently. Thank you.
Thanks, the unhide.exe was exactly what I needed, I downloaded a malware/virus removal, but all of my files were still missing. I’ve searched and searched the web and finally came across this…Yeah, all of my missing files, pictures, etc. are all back. Thanks again.